classyclones.com Open in urlscan Pro
69.49.244.91  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request verification.php Show response classyclones.com/payment/of/	33 KB 33 KB	383ms 125ms	Document text/html	69.49.244.91 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://classyclones.com/payment/of/verification.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 69.49.244.91 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 69-49-244-91.unifiedlayer.com Software Apache / Resource Hash ac21ffa8d852cc4b561cf19c6cd982b73e74755be2e4f0dc89e03061354191b2 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Thu, 21 Apr 2022 11:03:53 GMT Keep-Alive timeout=5, max=100 Server Apache Transfer-Encoding chunked
GET H/1.1	200 OK	client.css estatements.midlandstatesbank.com/styles/	5 KB 2 KB	480ms 156ms	Stylesheet text/css	12.189.22.64 INFOIMAGE
General Check archive.org Show headers Download Go to Full URL https://estatements.midlandstatesbank.com/styles/client.css Requested by Host: classyclones.com URL: https://classyclones.com/payment/of/verification.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 12.189.22.64 Shepherd, United States, ASN36838 (INFOIMAGE, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash 12b7eecb79b7fb5ebd3bceefcf678f62d83620900dfc2d56d388425979752ee0 Security Headers Name Value Strict-Transport-Security max-age=15768000 Request headers accept-language de-DE,de;q=0.9 Referer https://classyclones.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Thu, 21 Apr 2022 10:51:02 GMT Content-Encoding gzip Last-Modified Tue, 29 Sep 2020 20:20:32 GMT Server Apache/2.4.29 (Ubuntu) ETag W/"5441-1601410832000-gzip" Vary Accept-Encoding Strict-Transport-Security max-age=15768000 Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1412
GET H/1.1	200 OK	boxmenu.css estatements.midlandstatesbank.com/styles/	2 KB 796 B	486ms 158ms	Stylesheet text/css	12.189.22.64 INFOIMAGE
General Check archive.org Show headers Download Go to Full URL https://estatements.midlandstatesbank.com/styles/boxmenu.css Requested by Host: classyclones.com URL: https://classyclones.com/payment/of/verification.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 12.189.22.64 Shepherd, United States, ASN36838 (INFOIMAGE, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash 267f1179716d40d02c10f141eda6d071de12426648539504304149eb3cfcbf91 Security Headers Name Value Strict-Transport-Security max-age=15768000 Request headers accept-language de-DE,de;q=0.9 Referer https://classyclones.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Thu, 21 Apr 2022 10:51:02 GMT Content-Encoding gzip Last-Modified Tue, 29 Sep 2020 18:49:04 GMT Server Apache/2.4.29 (Ubuntu) ETag W/"1785-1601405344000-gzip" Vary Accept-Encoding Strict-Transport-Security max-age=15768000 Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 412
GET H/1.1	200 OK	forms.css estatements.midlandstatesbank.com/styles/	5 KB 1 KB	487ms 159ms	Stylesheet text/css	12.189.22.64 INFOIMAGE
General Check archive.org Show headers Download Go to Full URL https://estatements.midlandstatesbank.com/styles/forms.css Requested by Host: classyclones.com URL: https://classyclones.com/payment/of/verification.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 12.189.22.64 Shepherd, United States, ASN36838 (INFOIMAGE, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash d8303e7cc49516c09bc145b23ecc0deea5a804a3b6b3e44294755b5e66d6548a Security Headers Name Value Strict-Transport-Security max-age=15768000 Request headers accept-language de-DE,de;q=0.9 Referer https://classyclones.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Thu, 21 Apr 2022 10:51:02 GMT Content-Encoding gzip Last-Modified Tue, 29 Sep 2020 20:20:32 GMT Server Apache/2.4.29 (Ubuntu) ETag W/"5049-1601410832000-gzip" Vary Accept-Encoding Strict-Transport-Security max-age=15768000 Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 952
GET H/1.1	200 OK	jquery-ui-1.8.9.custom.css estatements.midlandstatesbank.com/styles/jqueryui/themes/ui-lightness/	33 KB 6 KB	501ms 164ms	Stylesheet text/css	12.189.22.64 INFOIMAGE
General Check archive.org Show headers Download Go to Full URL https://estatements.midlandstatesbank.com/styles/jqueryui/themes/ui-lightness/jquery-ui-1.8.9.custom.css Requested by Host: classyclones.com URL: https://classyclones.com/payment/of/verification.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 12.189.22.64 Shepherd, United States, ASN36838 (INFOIMAGE, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash 5cbf24ab2fbc25fbd01655d1573308da43a0395cebce19dc827a021ba1046b33 Security Headers Name Value Strict-Transport-Security max-age=15768000 Request headers accept-language de-DE,de;q=0.9 Referer https://classyclones.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Thu, 21 Apr 2022 10:51:02 GMT Content-Encoding gzip Last-Modified Tue, 29 Sep 2020 18:49:04 GMT Server Apache/2.4.29 (Ubuntu) ETag W/"34133-1601405344000-gzip" Vary Accept-Encoding Strict-Transport-Security max-age=15768000 Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 6196
GET H/1.1	200 OK	validationEngine.jquery.css estatements.midlandstatesbank.com/styles/	3 KB 1 KB	501ms 163ms	Stylesheet text/css	12.189.22.64 INFOIMAGE
General Check archive.org Show headers Download Go to Full URL https://estatements.midlandstatesbank.com/styles/validationEngine.jquery.css Requested by Host: classyclones.com URL: https://classyclones.com/payment/of/verification.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 12.189.22.64 Shepherd, United States, ASN36838 (INFOIMAGE, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash c789aeb8a731d6ede52aaf6acb668e81497f2c70ec620732ce919282faef2840 Security Headers Name Value Strict-Transport-Security max-age=15768000 Request headers accept-language de-DE,de;q=0.9 Referer https://classyclones.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Thu, 21 Apr 2022 10:51:02 GMT Content-Encoding gzip Last-Modified Tue, 29 Sep 2020 18:49:04 GMT Server Apache/2.4.29 (Ubuntu) ETag W/"2606-1601405344000-gzip" Vary Accept-Encoding Strict-Transport-Security max-age=15768000 Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 728
GET H/1.1	200 OK	validation.js Show response estatements.midlandstatesbank.com/javascript/	1 KB 884 B	509ms 166ms	Script application/javascript	12.189.22.64 INFOIMAGE
General Check archive.org Show headers Download Go to Full URL https://estatements.midlandstatesbank.com/javascript/validation.js Requested by Host: classyclones.com URL: https://classyclones.com/payment/of/verification.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 12.189.22.64 Shepherd, United States, ASN36838 (INFOIMAGE, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash 52b0ed391bfebb9288b920480ed8eb5ec773e87eb61f21246dca3165a48e5656 Security Headers Name Value Strict-Transport-Security max-age=15768000 Request headers accept-language de-DE,de;q=0.9 Referer https://classyclones.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Thu, 21 Apr 2022 10:51:02 GMT Content-Encoding gzip Last-Modified Tue, 29 Sep 2020 20:20:32 GMT Server Apache/2.4.29 (Ubuntu) ETag W/"1365-1601410832000-gzip" Vary Accept-Encoding Strict-Transport-Security max-age=15768000 Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 486
GET H/1.1	200 OK	jquery-1.4.4.min.js Show response estatements.midlandstatesbank.com/javascript/jquery/	77 KB 27 KB	639ms 159ms	Script application/javascript	12.189.22.64 INFOIMAGE
General Check archive.org Show headers Download Go to Full URL https://estatements.midlandstatesbank.com/javascript/jquery/jquery-1.4.4.min.js Requested by Host: classyclones.com URL: https://classyclones.com/payment/of/verification.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 12.189.22.64 Shepherd, United States, ASN36838 (INFOIMAGE, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash 517364f2d45162fb5037437b5b6cb953d00d9b2b3b79ba87d9fe57ea6ee6070c Security Headers Name Value Strict-Transport-Security max-age=15768000 Request headers accept-language de-DE,de;q=0.9 Referer https://classyclones.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Thu, 21 Apr 2022 10:51:02 GMT Content-Encoding gzip Last-Modified Tue, 29 Sep 2020 20:20:32 GMT Server Apache/2.4.29 (Ubuntu) ETag W/"78601-1601410832000-gzip" Vary Accept-Encoding Strict-Transport-Security max-age=15768000 Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 27073
GET H/1.1	200 OK	jquery-ui-1.8.9.custom.min.js Show response estatements.midlandstatesbank.com/javascript/jquery/	202 KB 51 KB	653ms 168ms	Script application/javascript	12.189.22.64 INFOIMAGE
General Check archive.org Show headers Download Go to Full URL https://estatements.midlandstatesbank.com/javascript/jquery/jquery-ui-1.8.9.custom.min.js Requested by Host: classyclones.com URL: https://classyclones.com/payment/of/verification.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 12.189.22.64 Shepherd, United States, ASN36838 (INFOIMAGE, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash 14a07d25823f4119e1f55c6ef5a0696f98861baf113aef76519aad93f01a32c5 Security Headers Name Value Strict-Transport-Security max-age=15768000 Request headers accept-language de-DE,de;q=0.9 Referer https://classyclones.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Thu, 21 Apr 2022 10:51:02 GMT Content-Encoding gzip Last-Modified Tue, 29 Sep 2020 18:49:04 GMT Server Apache/2.4.29 (Ubuntu) ETag W/"207146-1601405344000-gzip" Vary Accept-Encoding Strict-Transport-Security max-age=15768000 Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 51785
GET H/1.1	200 OK	jquery.validationEngine.js Show response estatements.midlandstatesbank.com/javascript/jquery/	26 KB 7 KB	646ms 160ms	Script application/javascript	12.189.22.64 INFOIMAGE
General Check archive.org Show headers Download Go to Full URL https://estatements.midlandstatesbank.com/javascript/jquery/jquery.validationEngine.js Requested by Host: classyclones.com URL: https://classyclones.com/payment/of/verification.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 12.189.22.64 Shepherd, United States, ASN36838 (INFOIMAGE, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash 7a299721e644822017dc072948c1648965d727b1ce54c8ba86518e3fd0744c62 Security Headers Name Value Strict-Transport-Security max-age=15768000 Request headers accept-language de-DE,de;q=0.9 Referer https://classyclones.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Thu, 21 Apr 2022 10:51:02 GMT Content-Encoding gzip Last-Modified Tue, 29 Sep 2020 20:20:32 GMT Server Apache/2.4.29 (Ubuntu) ETag W/"26723-1601410832000-gzip" Vary Accept-Encoding Strict-Transport-Security max-age=15768000 Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 6472
GET H/1.1	200 OK	jquery.validationEngine-en.js Show response estatements.midlandstatesbank.com/javascript/jquery/	2 KB 1 KB	664ms 163ms	Script application/javascript	12.189.22.64 INFOIMAGE
General Check archive.org Show headers Download Go to Full URL https://estatements.midlandstatesbank.com/javascript/jquery/jquery.validationEngine-en.js Requested by Host: classyclones.com URL: https://classyclones.com/payment/of/verification.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 12.189.22.64 Shepherd, United States, ASN36838 (INFOIMAGE, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash 5ca61b01d51eea297c875f363b1d42d5eaccfed0a16452a8c49741c203a28e94 Security Headers Name Value Strict-Transport-Security max-age=15768000 Request headers accept-language de-DE,de;q=0.9 Referer https://classyclones.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Thu, 21 Apr 2022 10:51:02 GMT Content-Encoding gzip Last-Modified Tue, 29 Sep 2020 18:49:04 GMT Server Apache/2.4.29 (Ubuntu) ETag W/"2323-1601405344000-gzip" Vary Accept-Encoding Strict-Transport-Security max-age=15768000 Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 771
GET DATA	200 OK	truncated /	6 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash c13ae3a103d8431dacfc0cd6a58c3e8970ba005e87b0799fe66d72217389a307 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	8 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash c074e76dd727cfac94a3bd569636f9f6fbd2110ec2f2613fa460df9687dd26b7 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Content-Type image/jpeg

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails function| is_empty function| not_match function| has_character function| has_digit_only function| has_invalid_char function| is_currancy function| is_invalid_email function| has_lower_case function| has_upper_case function| has_digit function| is_invalid_password function| has_repeated_char function| simple_check function| $ function| jQuery function| DP_jQuery_1650539035841 function| highlightMenu

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

classyclones.com
estatements.midlandstatesbank.com
12.189.22.64
69.49.244.91
12b7eecb79b7fb5ebd3bceefcf678f62d83620900dfc2d56d388425979752ee0
14a07d25823f4119e1f55c6ef5a0696f98861baf113aef76519aad93f01a32c5
267f1179716d40d02c10f141eda6d071de12426648539504304149eb3cfcbf91
517364f2d45162fb5037437b5b6cb953d00d9b2b3b79ba87d9fe57ea6ee6070c
52b0ed391bfebb9288b920480ed8eb5ec773e87eb61f21246dca3165a48e5656
5ca61b01d51eea297c875f363b1d42d5eaccfed0a16452a8c49741c203a28e94
5cbf24ab2fbc25fbd01655d1573308da43a0395cebce19dc827a021ba1046b33
7a299721e644822017dc072948c1648965d727b1ce54c8ba86518e3fd0744c62
ac21ffa8d852cc4b561cf19c6cd982b73e74755be2e4f0dc89e03061354191b2
c074e76dd727cfac94a3bd569636f9f6fbd2110ec2f2613fa460df9687dd26b7
c13ae3a103d8431dacfc0cd6a58c3e8970ba005e87b0799fe66d72217389a307
c789aeb8a731d6ede52aaf6acb668e81497f2c70ec620732ce919282faef2840
d8303e7cc49516c09bc145b23ecc0deea5a804a3b6b3e44294755b5e66d6548a