www.cllaj.re Open in urlscan Pro
198.23.62.235 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.cllaj.re/wpadmin/ofc/pages.php?id=24ea75c404e06cb894dbbd480c84a5e2
Submission: On August 09 via manual (August 9th 2017, 10:07:19 pm UTC) from US

Summary HTTP 23 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 23 HTTP transactions. The main IP is 198.23.62.235, located in Pompano Beach, United States and belongs to STEADFAST - Steadfast, US. The main domain is www.cllaj.re.
TLS certificate: Issued by cPanel, Inc. Certification Authority on July 24th 2017. Valid for: 3 months.

This is the only time www.cllaj.re was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DocuSign (Online)

Domain & IP information

	IP Address		AS Autonomous System
15	198.23.62.235 198.23.62.235		32748 (STEADFAST) (STEADFAST - Steadfast)
23	2

15 198.23.62.235 (Pompano Beach, United States)

ASN32748 (STEADFAST - Steadfast, US)
PTR: sitewebreunion.net

www.cllaj.re	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	cllaj.re www.cllaj.re	81 KB
0	msocdn.com Failed prod.msocdn.com Failed
23	2

	Domain	Requested by
15	www.cllaj.re	www.cllaj.re
0	prod.msocdn.com Failed
23	2

This site contains no links.

Subject Issuer	Validity	Valid
cllaj.re cPanel, Inc. Certification Authority	`2017-07-24` - `2017-10-22`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.cllaj.re/wpadmin/ofc/pages.php?id=24ea75c404e06cb894dbbd480c84a5e2
Frame ID: 15960.1
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

23
Requests

65 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

81 kB
Transfer

199 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request pages.php Show response
www.cllaj.re/wpadmin/ofc/ 10 KB
2 KB 668ms
213ms Document
text/html 198.23.62.235
Steadfast

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cllaj.re/wpadmin/ofc/pages.php?id=24ea75c404e06cb894dbbd480c84a5e2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

198.23.62.235 Pompano Beach, United States, ASN32748 (STEADFAST - Steadfast, US),

Reverse DNS

sitewebreunion.net

Software

Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4 / PHP/5.6.31

Resource Hash

a482f218611738e9ada4da902d4ea602b0066ffbbd6c8ef741caffbfd2fec809

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Wed, 09 Aug 2017 22:07:08 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4
X-Powered-By: PHP/5.6.31
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=UTF-8
Connection: Keep-Alive
Vary: Accept-Encoding,User-Agent
Content-Length: 2372
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=150

GET
H/1.1 200
OK GeminiHomeV2.css
www.cllaj.re/wpadmin/ofc/file/ 2 KB
696 B 233ms
233ms Stylesheet
text/css 198.23.62.235
Steadfast

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cllaj.re/wpadmin/ofc/file/GeminiHomeV2.css

Requested by

Host: www.cllaj.re
URL: https://www.cllaj.re/wpadmin/ofc/pages.php?id=24ea75c404e06cb894dbbd480c84a5e2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

198.23.62.235 Pompano Beach, United States, ASN32748 (STEADFAST - Steadfast, US),

Reverse DNS

sitewebreunion.net

Software

Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4 /

Resource Hash

734f5e0df943e426724bc18c9703838531d73f8edbc9c2a4b07f540284043059

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.cllaj.re/wpadmin/ofc/pages.php?id=24ea75c404e06cb894dbbd480c84a5e2
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Wed, 09 Aug 2017 22:07:08 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 27 Mar 2017 11:38:36 GMT
Server: Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4
X-Frame-Options: SAMEORIGIN
ETag: "20642dc-62c-54bb4c8a4e700-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=149
Content-Length: 696
Expires: Wed, 16 Aug 2017 22:07:08 GMT

GET
H/1.1 200
OK conciergehelper.css
www.cllaj.re/wpadmin/ofc/file/ 5 KB
1 KB 428ms
220ms Stylesheet
text/css 198.23.62.235
Steadfast

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cllaj.re/wpadmin/ofc/file/conciergehelper.css

Requested by

Host: www.cllaj.re
URL: https://www.cllaj.re/wpadmin/ofc/pages.php?id=24ea75c404e06cb894dbbd480c84a5e2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

198.23.62.235 Pompano Beach, United States, ASN32748 (STEADFAST - Steadfast, US),

Reverse DNS

sitewebreunion.net

Software

Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4 /

Resource Hash

e3dd3d2eb577e0976c6c3bb2a597839a4b50019e6f34767d692b371aa6a87dd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.cllaj.re/wpadmin/ofc/pages.php?id=24ea75c404e06cb894dbbd480c84a5e2
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Wed, 09 Aug 2017 22:07:08 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 27 Mar 2017 11:38:36 GMT
Server: Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4
X-Frame-Options: SAMEORIGIN
ETag: "20642bd-1450-54bb4c8a4e700-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=150
Content-Length: 1402
Expires: Wed, 16 Aug 2017 22:07:08 GMT

GET
H/1.1 200
OK AppTile.css
www.cllaj.re/wpadmin/ofc/file/ 1 KB
523 B 455ms
243ms Stylesheet
text/css 198.23.62.235
Steadfast

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cllaj.re/wpadmin/ofc/file/AppTile.css

Requested by

Host: www.cllaj.re
URL: https://www.cllaj.re/wpadmin/ofc/pages.php?id=24ea75c404e06cb894dbbd480c84a5e2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

198.23.62.235 Pompano Beach, United States, ASN32748 (STEADFAST - Steadfast, US),

Reverse DNS

sitewebreunion.net

Software

Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4 /

Resource Hash

1e433631dd88e2b7c65a36d80acd0134287a5b6effc8a68a6a3f8bfe619928d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.cllaj.re/wpadmin/ofc/pages.php?id=24ea75c404e06cb894dbbd480c84a5e2
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Wed, 09 Aug 2017 22:07:08 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 27 Mar 2017 11:38:36 GMT
Server: Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4
X-Frame-Options: SAMEORIGIN
ETag: "20642b7-564-54bb4c8a4e700-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=150
Content-Length: 523
Expires: Wed, 16 Aug 2017 22:07:08 GMT

GET
H/1.1 200
OK EmbeddedFonts.css
www.cllaj.re/wpadmin/ofc/file/ 4 KB
396 B 462ms
247ms Stylesheet
text/css 198.23.62.235
Steadfast

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cllaj.re/wpadmin/ofc/file/EmbeddedFonts.css

Requested by

Host: www.cllaj.re
URL: https://www.cllaj.re/wpadmin/ofc/pages.php?id=24ea75c404e06cb894dbbd480c84a5e2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

198.23.62.235 Pompano Beach, United States, ASN32748 (STEADFAST - Steadfast, US),

Reverse DNS

sitewebreunion.net

Software

Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4 /

Resource Hash

ee63a0504d463e639fd21abb1a96d909f530d309b679e6ab953155cf58f07a84

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.cllaj.re/wpadmin/ofc/pages.php?id=24ea75c404e06cb894dbbd480c84a5e2
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Wed, 09 Aug 2017 22:07:08 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 27 Mar 2017 11:38:36 GMT
Server: Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4
X-Frame-Options: SAMEORIGIN
ETag: "20642da-e72-54bb4c8a4e700-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=150
Content-Length: 396
Expires: Wed, 16 Aug 2017 22:07:08 GMT

GET
H/1.1 200
OK MasterStyles15.css
www.cllaj.re/wpadmin/ofc/file/ 90 KB
25 KB 442ms
227ms Stylesheet
text/css 198.23.62.235
Steadfast

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cllaj.re/wpadmin/ofc/file/MasterStyles15.css

Requested by

Host: www.cllaj.re
URL: https://www.cllaj.re/wpadmin/ofc/pages.php?id=24ea75c404e06cb894dbbd480c84a5e2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

198.23.62.235 Pompano Beach, United States, ASN32748 (STEADFAST - Steadfast, US),

Reverse DNS

sitewebreunion.net

Software

Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4 /

Resource Hash

a79d12b1ece73120a07168f3a409515e43736055e7d40a9daf4f8d619e417a0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.cllaj.re/wpadmin/ofc/pages.php?id=24ea75c404e06cb894dbbd480c84a5e2
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Wed, 09 Aug 2017 22:07:08 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 27 Mar 2017 11:38:36 GMT
Server: Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4
X-Frame-Options: SAMEORIGIN
ETag: "20642e1-166c9-54bb4c8a4e700-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=150
Content-Length: 25732
Expires: Wed, 16 Aug 2017 22:07:08 GMT

GET
H/1.1 404
Not Found MasterStyles15MVC.css
www.cllaj.re/wpadmin/ofc/file/ 0
0 637ms
412ms Stylesheet
text/html 198.23.62.235
Steadfast

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cllaj.re/wpadmin/ofc/file/MasterStyles15MVC.css

Requested by

Host: www.cllaj.re
URL: https://www.cllaj.re/wpadmin/ofc/pages.php?id=24ea75c404e06cb894dbbd480c84a5e2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

198.23.62.235 Pompano Beach, United States, ASN32748 (STEADFAST - Steadfast, US),

Reverse DNS

sitewebreunion.net

Software

Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4 / PHP/5.6.31

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cllaj.re/wpadmin/ofc/pages.php?id=24ea75c404e06cb894dbbd480c84a5e2
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Aug 2017 22:07:08 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4
X-Powered-By: PHP/5.6.31
X-Frame-Options: SAMEORIGIN
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-cache
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding,User-Agent
Content-Length: 673
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=150

GET
H/1.1 200
OK shellg2coremincss_ba45585d.css
www.cllaj.re/wpadmin/ofc/file/ 31 KB
6 KB 451ms
218ms Stylesheet
text/css 198.23.62.235
Steadfast

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cllaj.re/wpadmin/ofc/file/shellg2coremincss_ba45585d.css

Requested by

Host: www.cllaj.re
URL: https://www.cllaj.re/wpadmin/ofc/pages.php?id=24ea75c404e06cb894dbbd480c84a5e2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

198.23.62.235 Pompano Beach, United States, ASN32748 (STEADFAST - Steadfast, US),

Reverse DNS

sitewebreunion.net

Software

Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4 /

Resource Hash

7203ea431e00ea57bbbeef3d0d86e71660c6cf089ed83f7c9bda8d3c7f15cea8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.cllaj.re/wpadmin/ofc/pages.php?id=24ea75c404e06cb894dbbd480c84a5e2
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Wed, 09 Aug 2017 22:07:08 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 27 Mar 2017 11:38:36 GMT
Server: Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4
X-Frame-Options: SAMEORIGIN
ETag: "20642e3-7cad-54bb4c8a4e700-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=148
Content-Length: 6435
Expires: Wed, 16 Aug 2017 22:07:08 GMT

GET
H/1.1 404
Not Found shellg2corecss_11377998.css
www.cllaj.re/wpadmin/ofc/file/ 0
0 812ms
385ms Stylesheet
text/html 198.23.62.235
Steadfast

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cllaj.re/wpadmin/ofc/file/shellg2corecss_11377998.css

Requested by

Host: www.cllaj.re
URL: https://www.cllaj.re/wpadmin/ofc/pages.php?id=24ea75c404e06cb894dbbd480c84a5e2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

198.23.62.235 Pompano Beach, United States, ASN32748 (STEADFAST - Steadfast, US),

Reverse DNS

sitewebreunion.net

Software

Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4 / PHP/5.6.31

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cllaj.re/wpadmin/ofc/pages.php?id=24ea75c404e06cb894dbbd480c84a5e2
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Aug 2017 22:07:08 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4
X-Powered-By: PHP/5.6.31
X-Frame-Options: SAMEORIGIN
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-cache
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding,User-Agent
Content-Length: 673
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=149

GET
H/1.1 200
OK data.css
www.cllaj.re/wpadmin/ofc/file/ 14 KB
2 KB 716ms
265ms Stylesheet
text/css 198.23.62.235
Steadfast

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cllaj.re/wpadmin/ofc/file/data.css

Requested by

Host: www.cllaj.re
URL: https://www.cllaj.re/wpadmin/ofc/pages.php?id=24ea75c404e06cb894dbbd480c84a5e2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

198.23.62.235 Pompano Beach, United States, ASN32748 (STEADFAST - Steadfast, US),

Reverse DNS

sitewebreunion.net

Software

Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4 /

Resource Hash

8a1687e9cc74a616cd14fcb8dac9bc3d901765d7d4d9644183b406f4a0cc155d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.cllaj.re/wpadmin/ofc/pages.php?id=24ea75c404e06cb894dbbd480c84a5e2
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Wed, 09 Aug 2017 22:07:08 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 27 Mar 2017 11:38:36 GMT
Server: Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4
X-Frame-Options: SAMEORIGIN
ETag: "20642d4-368a-54bb4c8a4e700-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=147
Content-Length: 1782
Expires: Wed, 16 Aug 2017 22:07:08 GMT

GET
H/1.1 404
Not Found shellg2pluscss_baae2042.css
www.cllaj.re/wpadmin/ofc/file/ 0
0 907ms
452ms Stylesheet
text/html 198.23.62.235
Steadfast

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cllaj.re/wpadmin/ofc/file/shellg2pluscss_baae2042.css

Requested by

Host: www.cllaj.re
URL: https://www.cllaj.re/wpadmin/ofc/pages.php?id=24ea75c404e06cb894dbbd480c84a5e2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

198.23.62.235 Pompano Beach, United States, ASN32748 (STEADFAST - Steadfast, US),

Reverse DNS

sitewebreunion.net

Software

Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4 / PHP/5.6.31

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cllaj.re/wpadmin/ofc/pages.php?id=24ea75c404e06cb894dbbd480c84a5e2
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Aug 2017 22:07:08 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4
X-Powered-By: PHP/5.6.31
X-Frame-Options: SAMEORIGIN
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-cache
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding,User-Agent
Content-Length: 673
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=149

GET SegoeUI-SemiLight-final.woff
prod.msocdn.com/16.00.1279.006/en-US/css/webfonts/ 0
0

GET
H/1.1 200
OK home_bkgd_1.png
www.cllaj.re/wpadmin/ofc/file/css/ 22 KB
22 KB 280ms
280ms Image
image/png 198.23.62.235
Steadfast

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cllaj.re/wpadmin/ofc/file/css/home_bkgd_1.png

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

198.23.62.235 Pompano Beach, United States, ASN32748 (STEADFAST - Steadfast, US),

Reverse DNS

sitewebreunion.net

Software

Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4 /

Resource Hash

b21a9de9414be9988efb7b56c4d2ab101aee02ebf6e80a16bfa43dfa7234da9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.cllaj.re/wpadmin/ofc/file/GeminiHomeV2.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Wed, 09 Aug 2017 22:07:09 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 27 Mar 2017 11:38:36 GMT
Server: Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4
ETag: "20642c5-5613-54bb4c8a4e700"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=148
Content-Length: 22035
Expires: Fri, 08 Sep 2017 22:07:09 GMT

GET SegoeUI-Light-final.woff
prod.msocdn.com/16.00.1279.006/en-US/css/webfonts/ 0
0

GET
H/1.1 200
OK banner.png
www.cllaj.re/wpadmin/ofc/file/css/ 4 KB
4 KB 282ms
282ms Image
image/png 198.23.62.235
Steadfast

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cllaj.re/wpadmin/ofc/file/css/banner.png

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

198.23.62.235 Pompano Beach, United States, ASN32748 (STEADFAST - Steadfast, US),

Reverse DNS

sitewebreunion.net

Software

Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4 /

Resource Hash

93ee4de61be217c38ee16a572de5b7ad5e5af581c24735388f6bd5917fa5bb0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.cllaj.re/wpadmin/ofc/file/MasterStyles15.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Wed, 09 Aug 2017 22:07:09 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 27 Mar 2017 11:38:36 GMT
Server: Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4
ETag: "20642c2-fef-54bb4c8a4e700"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=148
Content-Length: 4079
Expires: Fri, 08 Sep 2017 22:07:09 GMT

GET
H/1.1 200
OK aol.png
www.cllaj.re/wpadmin/ofc/file/css/ 1 KB
1 KB 287ms
287ms Image
image/png 198.23.62.235
Steadfast

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cllaj.re/wpadmin/ofc/file/css/aol.png

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

198.23.62.235 Pompano Beach, United States, ASN32748 (STEADFAST - Steadfast, US),

Reverse DNS

sitewebreunion.net

Software

Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4 /

Resource Hash

bba1c4e890bde6f4c4531d1503e284d0e7e510b3b72940778750b19852b47ce4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.cllaj.re/wpadmin/ofc/file/MasterStyles15.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Wed, 09 Aug 2017 22:07:09 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 27 Mar 2017 11:38:36 GMT
Server: Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4
ETag: "20642c1-5ac-54bb4c8a4e700"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=146
Content-Length: 1452
Expires: Fri, 08 Sep 2017 22:07:09 GMT

GET
H/1.1 200
OK oth.png
www.cllaj.re/wpadmin/ofc/file/css/ 16 KB
16 KB 309ms
309ms Image
image/png 198.23.62.235
Steadfast

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cllaj.re/wpadmin/ofc/file/css/oth.png

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

198.23.62.235 Pompano Beach, United States, ASN32748 (STEADFAST - Steadfast, US),

Reverse DNS

sitewebreunion.net

Software

Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4 /

Resource Hash

933099b34ed040d254b9f5b2fced95e76fad3f0fd933929c111259722d8ccd33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.cllaj.re/wpadmin/ofc/file/MasterStyles15.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Wed, 09 Aug 2017 22:07:09 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 27 Mar 2017 11:38:36 GMT
Server: Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.30 mod_bwlimited/1.4
ETag: "20642c7-3f22-54bb4c8a4e700"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=149
Content-Length: 16162
Expires: Fri, 08 Sep 2017 22:07:09 GMT

GET SegoeUI-Regular-final.woff
prod.msocdn.com/16.00.1279.006/en-US/css/webfonts/ 0
0

GET PortalIcons.woff
prod.msocdn.com/16.00.1279.006/en-US/css/webfonts/ 0
0

GET SegoeUI-Light-final.ttf
prod.msocdn.com/16.00.1279.006/en-US/css/webfonts/ 0
0

GET PortalIcons.ttf
prod.msocdn.com/16.00.1279.006/en-US/css/webfonts/ 0
0

GET SegoeUI-SemiLight-final.ttf
prod.msocdn.com/16.00.1279.006/en-US/css/webfonts/ 0
0

GET SegoeUI-Regular-final.ttf
prod.msocdn.com/16.00.1279.006/en-US/css/webfonts/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: prod.msocdn.com
URL: https://prod.msocdn.com/16.00.1279.006/en-US/css/webfonts/SegoeUI-SemiLight-final.woff

Domain: prod.msocdn.com
URL: https://prod.msocdn.com/16.00.1279.006/en-US/css/webfonts/SegoeUI-Light-final.woff

Domain: prod.msocdn.com
URL: https://prod.msocdn.com/16.00.1279.006/en-US/css/webfonts/SegoeUI-Regular-final.woff

Domain: prod.msocdn.com
URL: https://prod.msocdn.com/16.00.1279.006/en-US/css/webfonts/PortalIcons.woff

Domain: prod.msocdn.com
URL: https://prod.msocdn.com/16.00.1279.006/en-US/css/webfonts/SegoeUI-Light-final.ttf

Domain: prod.msocdn.com
URL: https://prod.msocdn.com/16.00.1279.006/en-US/css/webfonts/PortalIcons.ttf

Domain: prod.msocdn.com
URL: https://prod.msocdn.com/16.00.1279.006/en-US/css/webfonts/SegoeUI-SemiLight-final.ttf

Domain: prod.msocdn.com
URL: https://prod.msocdn.com/16.00.1279.006/en-US/css/webfonts/SegoeUI-Regular-final.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DocuSign (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.cllaj.re/	1970-01-01 00:00:00	Name: 08121f537ec4f0126b504d309c53ce3a Value: s2dj9sbqmkdo1s1jl6lkpsiov3

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

prod.msocdn.com
www.cllaj.re
prod.msocdn.com
198.23.62.235
1e433631dd88e2b7c65a36d80acd0134287a5b6effc8a68a6a3f8bfe619928d1
7203ea431e00ea57bbbeef3d0d86e71660c6cf089ed83f7c9bda8d3c7f15cea8
734f5e0df943e426724bc18c9703838531d73f8edbc9c2a4b07f540284043059
8a1687e9cc74a616cd14fcb8dac9bc3d901765d7d4d9644183b406f4a0cc155d
933099b34ed040d254b9f5b2fced95e76fad3f0fd933929c111259722d8ccd33
93ee4de61be217c38ee16a572de5b7ad5e5af581c24735388f6bd5917fa5bb0a
a482f218611738e9ada4da902d4ea602b0066ffbbd6c8ef741caffbfd2fec809
a79d12b1ece73120a07168f3a409515e43736055e7d40a9daf4f8d619e417a0b
b21a9de9414be9988efb7b56c4d2ab101aee02ebf6e80a16bfa43dfa7234da9b
bba1c4e890bde6f4c4531d1503e284d0e7e510b3b72940778750b19852b47ce4
e3dd3d2eb577e0976c6c3bb2a597839a4b50019e6f34767d692b371aa6a87dd7
ee63a0504d463e639fd21abb1a96d909f530d309b679e6ab953155cf58f07a84

www.cllaj.re Open in urlscan Pro 198.23.62.235 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

23 Requests

65 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

81 kBTransfer

199 kBSize

1 Cookies

0 Outgoing links

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

www.cllaj.re Open in urlscan Pro
198.23.62.235 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

65 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

81 kB
Transfer

199 kB
Size

1
Cookies

23 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!