www.classicsdujour.com Open in urlscan Pro
216.97.224.230 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://bit.ly/2kZoJ8o
Effective URL:
https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/
Submission: On June 08 via manual (June 8th 2018, 10:26:49 pm UTC) from CA

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 3 domains to perform 13 HTTP transactions. The main IP is 216.97.224.230, located in Anaheim, United States and belongs to ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages, US. The main domain is www.classicsdujour.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 8th 2018. Valid for: 3 months.

This is the only time www.classicsdujour.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DocuSign (Online)

Domain & IP information

	IP Address	AS Autonomous System
2 2	67.199.248.11 67.199.248.11	395224 (BITLY-AS) (BITLY-AS - Bitly Inc)
1	108.167.181.19 108.167.181.19	20013 (CYRUSONE) (CYRUSONE - CyrusOne LLC)
4 16	216.97.224.230 216.97.224.230	15244 (ADDD2NET-...) (ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages)
13	2

2 67.199.248.11 (United States) 2 redirects

ASN395224 (BITLY-AS - Bitly Inc, US)

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.167.181.19 (Houston, United States)

ASN20013 (CYRUSONE - CyrusOne LLC, US)

authenticcurry.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 216.97.224.230 (Anaheim, United States) 4 redirects

ASN15244 (ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages, US)
PTR: disco.esolutions.net

www.classicsdujour.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	classicsdujour.com 4 redirects www.classicsdujour.com	63 KB
2	bit.ly 2 redirects bit.ly	822 B
1	authenticcurry.co.uk authenticcurry.co.uk	304 B
13	3

	Domain	Requested by
16	www.classicsdujour.com	4 redirects authenticcurry.co.uk www.classicsdujour.com
2	bit.ly	2 redirects
1	authenticcurry.co.uk
13	3

This site contains no links.

Subject Issuer	Validity	Valid
classicsdujour.com cPanel, Inc. Certification Authority	`2018-05-08` - `2018-08-06`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/
Frame ID: 4319C15B4E5C0A83535C47616BF66396
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://bit.ly/2kZoJ8o HTTP 301
http://authenticcurry.co.uk/augustusneville8/PDF/review.php Page URL
https://bit.ly/2HwpoHy?email= HTTP 301
https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/index.php HTTP 302
https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx HTTP 301
https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/ HTTP 302
https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read HTTP 301
https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

13
Requests

92 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

63 kB
Transfer

60 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://bit.ly/2kZoJ8o HTTP 301
http://authenticcurry.co.uk/augustusneville8/PDF/review.php Page URL
https://bit.ly/2HwpoHy?email= HTTP 301
https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/index.php HTTP 302
https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx HTTP 301
https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/ HTTP 302
https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read HTTP 301
https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://bit.ly/2kZoJ8o HTTP 301
http://authenticcurry.co.uk/augustusneville8/PDF/review.php

13 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	review.php authenticcurry.co.uk/augustusneville8/PDF/ Redirect Chain https://bit.ly/2kZoJ8o http://authenticcurry.co.uk/augustusneville8/PDF/review.php	91 B 304 B	310ms 168ms	Document text/html	108.167.181.19 CyrusOne LLC
General Check archive.org Show headers Download Go to Full URL http://authenticcurry.co.uk/augustusneville8/PDF/review.php Protocol HTTP/1.1 Server 108.167.181.19 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US), Reverse DNS Software nginx/1.12.2 / Resource Hash Request headers Host authenticcurry.co.uk Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id 4319C15B4E5C0A83535C47616BF66396 Response headers Server nginx/1.12.2 Date Fri, 08 Jun 2018 22:26:37 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive Content-Encoding gzip Redirect headers Server nginx Date Fri, 08 Jun 2018 22:26:36 GMT Content-Type text/html; charset=utf-8 Content-Length 146 Connection keep-alive Cache-Control private, max-age=90 Content-Security-Policy referrer always; Location http://authenticcurry.co.uk/augustusneville8/PDF/review.php Referrer-Policy unsafe-url Set-Cookie _bit=i58mqA-4ff672a66bffc5d15b-00P; Domain=bit.ly; Expires=Wed, 05 Dec 2018 22:26:36 GMT
GET H/1.1	200 OK	Primary Request / Show response www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ Redirect Chain https://bit.ly/2HwpoHy?email= https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/index.php https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/ https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/	2 KB 3 KB	231ms 230ms	Document text/html	216.97.224.230 Lunar Pages
General Check archive.org Show headers Download Go to Full URL https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ Requested by Host: authenticcurry.co.uk URL: http://authenticcurry.co.uk/augustusneville8/PDF/review.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 216.97.224.230 Anaheim, United States, ASN15244 (ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages, US), Reverse DNS disco.esolutions.net Software Apache / Resource Hash `f41ef759d8b4d41f8f1db198209a017d4d7539f04b46d6d592e109003ee54e05` Request headers Host www.classicsdujour.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer http://authenticcurry.co.uk/augustusneville8/PDF/review.php Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id 4319C15B4E5C0A83535C47616BF66396 Referer http://authenticcurry.co.uk/augustusneville8/PDF/review.php Response headers Date Fri, 08 Jun 2018 22:26:35 GMT Server Apache Keep-Alive timeout=5, max=99 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Redirect headers Date Fri, 08 Jun 2018 22:26:35 GMT Server Apache Location https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ Content-Length 286 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	homestyle.css www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/css/	1 KB 1 KB	179ms 176ms	Stylesheet text/css	216.97.224.230 Lunar Pages
General Check archive.org Show headers Download Go to Full URL https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/css/homestyle.css Requested by Host: www.classicsdujour.com URL: https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 216.97.224.230 Anaheim, United States, ASN15244 (ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages, US), Reverse DNS disco.esolutions.net Software Apache / Resource Hash `5f5449d9ed84cbf14829f79716fd4f0811223499c2b570c6fdfdd212a2a3dbbd` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.classicsdujour.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Accept text/css,/;q=0.1 Referer https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ Connection keep-alive Cache-Control no-cache Referer https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Date Fri, 08 Jun 2018 22:26:36 GMT Last-Modified Fri, 08 Jun 2018 22:26:35 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 1070
GET H/1.1	200 OK	dsgn.png www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/media/	7 KB 8 KB	180ms 178ms	Image image/png	216.97.224.230 Lunar Pages
General Check archive.org Show headers Download Go to Show image Full URL https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/media/dsgn.png Requested by Host: www.classicsdujour.com URL: https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 216.97.224.230 Anaheim, United States, ASN15244 (ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages, US), Reverse DNS disco.esolutions.net Software Apache / Resource Hash `fa2776137cbda7fb85aaa56be710f14e5d3d18e231756cfbe283a2938e7d6620` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.classicsdujour.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ Connection keep-alive Cache-Control no-cache Referer https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Date Fri, 08 Jun 2018 22:26:36 GMT Last-Modified Fri, 08 Jun 2018 22:26:35 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 7635
GET H/1.1	200 OK	ht_img8-3-022.png www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/media/	3 KB 3 KB	171ms 170ms	Image image/png	216.97.224.230 Lunar Pages
General Check archive.org Show headers Download Go to Show image Full URL https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/media/ht_img8-3-022.png Requested by Host: www.classicsdujour.com URL: https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 216.97.224.230 Anaheim, United States, ASN15244 (ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages, US), Reverse DNS disco.esolutions.net Software Apache / Resource Hash `e7735cc5f64c32d03ecb6a946b18035ce7c35b46aad38331952f2dd30e3199b1` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.classicsdujour.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ Connection keep-alive Cache-Control no-cache Referer https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Date Fri, 08 Jun 2018 22:26:36 GMT Last-Modified Fri, 08 Jun 2018 22:26:35 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 3160
GET H/1.1	200 OK	3-60img-4bfe02.png www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/media/	3 KB 3 KB	171ms 169ms	Image image/png	216.97.224.230 Lunar Pages
General Check archive.org Show headers Download Go to Show image Full URL https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/media/3-60img-4bfe02.png Requested by Host: www.classicsdujour.com URL: https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 216.97.224.230 Anaheim, United States, ASN15244 (ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages, US), Reverse DNS disco.esolutions.net Software Apache / Resource Hash `692b3cd3b84ee67299522b6d95cd3b5f41023c870d957649ea5367b3f0fdce7c` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.classicsdujour.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ Connection keep-alive Cache-Control no-cache Referer https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Date Fri, 08 Jun 2018 22:26:36 GMT Last-Modified Fri, 08 Jun 2018 22:26:35 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 3232
GET H/1.1	200 OK	a_o_l_img6-64-040.png www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/media/	6 KB 6 KB	494ms 172ms	Image image/png	216.97.224.230 Lunar Pages
General Check archive.org Show headers Download Go to Show image Full URL https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/media/a_o_l_img6-64-040.png Requested by Host: www.classicsdujour.com URL: https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 216.97.224.230 Anaheim, United States, ASN15244 (ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages, US), Reverse DNS disco.esolutions.net Software Apache / Resource Hash `e7d6b5b5cce82e57508520546e49700807cf2fca9d156812ecce00043e3ea16b` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.classicsdujour.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ Connection keep-alive Cache-Control no-cache Referer https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Date Fri, 08 Jun 2018 22:26:36 GMT Last-Modified Fri, 08 Jun 2018 22:26:35 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 5712
GET H/1.1	200 OK	y_m_img4-40.png www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/media/	4 KB 4 KB	490ms 168ms	Image image/png	216.97.224.230 Lunar Pages
General Check archive.org Show headers Download Go to Show image Full URL https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/media/y_m_img4-40.png Requested by Host: www.classicsdujour.com URL: https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 216.97.224.230 Anaheim, United States, ASN15244 (ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages, US), Reverse DNS disco.esolutions.net Software Apache / Resource Hash `2c60027314a9e66bd1537406fc0e5b1cbb9fcbef9f052da2974396008631f952` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.classicsdujour.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ Connection keep-alive Cache-Control no-cache Referer https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Date Fri, 08 Jun 2018 22:26:36 GMT Last-Modified Fri, 08 Jun 2018 22:26:35 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 4143
GET H/1.1	200 OK	goimg-4-30s.png www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/media/	5 KB 6 KB	494ms 172ms	Image image/png	216.97.224.230 Lunar Pages
General Check archive.org Show headers Download Go to Show image Full URL https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/media/goimg-4-30s.png Requested by Host: www.classicsdujour.com URL: https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 216.97.224.230 Anaheim, United States, ASN15244 (ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages, US), Reverse DNS disco.esolutions.net Software Apache / Resource Hash `11c253307fc90e21cb94842fd24250ad04da6566800a9e6bfbdeb94176de2082` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.classicsdujour.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ Connection keep-alive Cache-Control no-cache Referer https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Date Fri, 08 Jun 2018 22:26:36 GMT Last-Modified Fri, 08 Jun 2018 22:26:35 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 5535
GET H/1.1	200 OK	gg-img378-2fu-29b92.png www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/media/	4 KB 4 KB	507ms 168ms	Image image/png	216.97.224.230 Lunar Pages
General Check archive.org Show headers Download Go to Show image Full URL https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/media/gg-img378-2fu-29b92.png Requested by Host: www.classicsdujour.com URL: https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 216.97.224.230 Anaheim, United States, ASN15244 (ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages, US), Reverse DNS disco.esolutions.net Software Apache / Resource Hash `7217cca120376dadfd41a1e270de62d3975d8bae3d4862ef05716b73a4182d02` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.classicsdujour.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ Connection keep-alive Cache-Control no-cache Referer https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Date Fri, 08 Jun 2018 22:26:36 GMT Last-Modified Fri, 08 Jun 2018 22:26:35 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=94 Content-Length 4135
GET H/1.1	200 OK	imgoth-22.png www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/media/	4 KB 4 KB	492ms 173ms	Image image/png	216.97.224.230 Lunar Pages
General Check archive.org Show headers Download Go to Show image Full URL https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/media/imgoth-22.png Requested by Host: www.classicsdujour.com URL: https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 216.97.224.230 Anaheim, United States, ASN15244 (ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages, US), Reverse DNS disco.esolutions.net Software Apache / Resource Hash `21702e2e92184aa65341b0adde84d983d9252edd8d8d11dc97dd6518d3efb4c1` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.classicsdujour.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ Connection keep-alive Cache-Control no-cache Referer https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Date Fri, 08 Jun 2018 22:26:36 GMT Last-Modified Fri, 08 Jun 2018 22:26:35 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 4249
GET H/1.1	200 OK	ff.png www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/media/	5 KB 5 KB	336ms 168ms	Image image/png	216.97.224.230 Lunar Pages
General Check archive.org Show headers Download Go to Show image Full URL https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/media/ff.png Requested by Host: www.classicsdujour.com URL: https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 216.97.224.230 Anaheim, United States, ASN15244 (ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages, US), Reverse DNS disco.esolutions.net Software Apache / Resource Hash `25647a7e8215a861b2b3a35f782020f677905b4aaaecc783a24ba662084ff510` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.classicsdujour.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ Connection keep-alive Cache-Control no-cache Referer https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Date Fri, 08 Jun 2018 22:26:36 GMT Last-Modified Fri, 08 Jun 2018 22:26:35 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 4779
GET H/1.1	200 OK	w_bground.png www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/css/	14 KB 15 KB	339ms 171ms	Image image/png	216.97.224.230 Lunar Pages
General Check archive.org Show headers Download Go to Show image Full URL https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/css/w_bground.png Requested by Host: www.classicsdujour.com URL: https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 216.97.224.230 Anaheim, United States, ASN15244 (ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages, US), Reverse DNS disco.esolutions.net Software Apache / Resource Hash `f6d5a548c24ccb11364e4a441a43ef6e7cb7ebd877e18b610252a17bdfac9f06` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.classicsdujour.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/css/homestyle.css Connection keep-alive Cache-Control no-cache Referer https://www.classicsdujour.com/store/augustusneville1/DocuSign/PDF/dc/nx/read/css/homestyle.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Date Fri, 08 Jun 2018 22:26:36 GMT Last-Modified Fri, 08 Jun 2018 22:26:35 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 14734

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DocuSign (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

authenticcurry.co.uk
bit.ly
www.classicsdujour.com
108.167.181.19
216.97.224.230
67.199.248.11
11c253307fc90e21cb94842fd24250ad04da6566800a9e6bfbdeb94176de2082
21702e2e92184aa65341b0adde84d983d9252edd8d8d11dc97dd6518d3efb4c1
25647a7e8215a861b2b3a35f782020f677905b4aaaecc783a24ba662084ff510
2c60027314a9e66bd1537406fc0e5b1cbb9fcbef9f052da2974396008631f952
5f5449d9ed84cbf14829f79716fd4f0811223499c2b570c6fdfdd212a2a3dbbd
692b3cd3b84ee67299522b6d95cd3b5f41023c870d957649ea5367b3f0fdce7c
7217cca120376dadfd41a1e270de62d3975d8bae3d4862ef05716b73a4182d02
e7735cc5f64c32d03ecb6a946b18035ce7c35b46aad38331952f2dd30e3199b1
e7d6b5b5cce82e57508520546e49700807cf2fca9d156812ecce00043e3ea16b
f41ef759d8b4d41f8f1db198209a017d4d7539f04b46d6d592e109003ee54e05
f6d5a548c24ccb11364e4a441a43ef6e7cb7ebd877e18b610252a17bdfac9f06
fa2776137cbda7fb85aaa56be710f14e5d3d18e231756cfbe283a2938e7d6620

www.classicsdujour.com Open in urlscan Pro 216.97.224.230 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

92 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

2 IPs

1 Countries

63 kBTransfer

60 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

www.classicsdujour.com Open in urlscan Pro
216.97.224.230 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

92 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

63 kB
Transfer

60 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!