www.inspiredbybalkans.com
Open in
urlscan Pro
162.159.134.42
Malicious Activity!
Public Scan
Effective URL: https://www.inspiredbybalkans.com//wp-admin/js/app/?auth&apitoken=3tdzxjg51kstenu
Submission: On October 09 via manual from US — Scanned from IT
Summary
TLS certificate: Issued by WE1 on August 13th 2024. Valid for: 3 months.
This is the only time www.inspiredbybalkans.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 197.230.9.162 197.230.9.162 | 36925 (ASMedi) (ASMedi) | |
7 | 162.159.134.42 162.159.134.42 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 104.17.24.14 104.17.24.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
10 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
inspiredbybalkans.com
www.inspiredbybalkans.com |
644 KB |
3 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 220 |
92 KB |
2 |
alyousr.ma
2 redirects
crm.alyousr.ma |
1 KB |
10 | 3 |
Domain | Requested by | |
---|---|---|
7 | www.inspiredbybalkans.com |
www.inspiredbybalkans.com
|
3 | cdnjs.cloudflare.com |
www.inspiredbybalkans.com
cdnjs.cloudflare.com |
2 | crm.alyousr.ma | 2 redirects |
10 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
inspiredbybalkans.com WE1 |
2024-08-13 - 2024-11-11 |
3 months | crt.sh |
cdnjs.cloudflare.com WE1 |
2024-09-28 - 2024-12-27 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.inspiredbybalkans.com//wp-admin/js/app/?auth&apitoken=3tdzxjg51kstenu
Frame ID: DE5EE932873FD6ECBE5D43FD42146868
Requests: 10 HTTP requests in this frame
Screenshot
Page Title
Sign inPage URL History Show full URLs
-
http://crm.alyousr.ma/r/c4e1dda7a0c8b9dbaf91d2b7c
HTTP 307
https://crm.alyousr.ma/r/c4e1dda7a0c8b9dbaf91d2b7c HTTP 307
http://crm.alyousr.ma/r/c4e1dda7a0c8b9dbaf91d2b7c HTTP 301
https://crm.alyousr.ma/r/c4e1dda7a0c8b9dbaf91d2b7c HTTP 302
https://www.inspiredbybalkans.com//wp-admin/js/app/?link= Page URL
- https://www.inspiredbybalkans.com//wp-admin/js/app/?auth&apitoken=3tdzxjg51kstenu Page URL
Detected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Modernizr (JavaScript Libraries) Expand
Detected patterns
- ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://crm.alyousr.ma/r/c4e1dda7a0c8b9dbaf91d2b7c
HTTP 307
https://crm.alyousr.ma/r/c4e1dda7a0c8b9dbaf91d2b7c HTTP 307
http://crm.alyousr.ma/r/c4e1dda7a0c8b9dbaf91d2b7c HTTP 301
https://crm.alyousr.ma/r/c4e1dda7a0c8b9dbaf91d2b7c HTTP 302
https://www.inspiredbybalkans.com//wp-admin/js/app/?link= Page URL
- https://www.inspiredbybalkans.com//wp-admin/js/app/?auth&apitoken=3tdzxjg51kstenu Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://crm.alyousr.ma/r/c4e1dda7a0c8b9dbaf91d2b7c HTTP 307
- https://crm.alyousr.ma/r/c4e1dda7a0c8b9dbaf91d2b7c HTTP 307
- http://crm.alyousr.ma/r/c4e1dda7a0c8b9dbaf91d2b7c HTTP 301
- https://crm.alyousr.ma/r/c4e1dda7a0c8b9dbaf91d2b7c HTTP 302
- https://www.inspiredbybalkans.com//wp-admin/js/app/?link=
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
www.inspiredbybalkans.com//wp-admin/js/app/ Redirect Chain
|
404 B 898 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
www.inspiredbybalkans.com//wp-admin/js/app/ |
17 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.inspiredbybalkans.com//wp-admin/js/app/ |
11 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modernizr.min.js
cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/ |
11 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/ |
58 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.inspiredbybalkans.com//wp-admin/js/app/ |
85 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.inspiredbybalkans.com//wp-admin/js/app/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.inspiredbybalkans.com//wp-admin/js/app/ |
599 KB 600 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/ |
76 KB 77 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.inspiredbybalkans.com//wp-admin/js/app/ |
9 KB 3 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| html5 object| Modernizr function| $ function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.inspiredbybalkans.com/ | Name: PHPSESSID Value: 0a8665826ef80d6008f9869a996a4bce |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
crm.alyousr.ma
www.inspiredbybalkans.com
104.17.24.14
162.159.134.42
197.230.9.162
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
189eda263ca3ccfbef3f1cc5aa4f92d3d39a72f289b1ca0c128a975023fad949
3e4af3f39885c55017c51ee4c68ab87c4ecb6af0d9a54417eee33d9db13b036e
582d5e9c3ddd892046e3cd160f3906590c7d5a5825bd9873e34c41cf2ca2df4b
6780d0b2bc67397895ef7b8845261eee7b9b22610b026835362128942da5fb7c
9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537
99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e
d2b82e612d2a812e8be2a57300dab8923c4f2edbe7a799e7da70791b595646fe
d3ee0c954f26a12702c2ad4ca5fc14fa14198eadd59113a5baef17e0c1240ebe