Report - pub-5691982c40c64203bca01fa8c9e26722.r2.dev/indexjs.html

Report Overview

Submitted URL
pub-5691982c40c64203bca01fa8c9e26722.r2.dev/indexjs.html
IP
104.18.2.35
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-17 04:22:29
Access
public
Website Title
DocuSign Share File
Final URL
pub-5691982c40c64203bca01fa8c9e26722.r2.dev/e22055d4-854a-42fd-9bb2-185bc814a723
Tags
docusign phishing
urlquery detections
Phishing - Docusign

Detections

urlquery
13
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
pub-5691982c40c64203bca01fa8c9e26722.r2.dev	unknown	unknown	No data	No data	1.0 kB	904 B	104.18.3.35
seeklogo.com	56607	2008-08-23	2012-05-31	2024-04-01	437 B	3.7 kB	104.21.84.83
docucdn-a.akamaihd.net	10361	2009-09-14	2014-04-10	2024-04-15	442 B	1.7 kB	23.36.76.200
docu-y5u.pages.dev	unknown	2020-09-02	2023-08-12	2024-03-23	3.7 kB	886 kB	172.66.45.29
cdn.glitch.global	282615	2021-09-09	2022-01-13	2024-04-16	487 B	1.0 MB	151.101.2.132
dev-dewdropdee.pantheonsite.io	unknown	unknown	No data	No data	905 B	328 kB	23.185.0.3
ajax.aspnetcdn.com	693	2010-10-12	2012-05-24	2024-04-16	389 B	31 kB	152.199.19.160
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-04-16	404 B	5.5 kB	104.17.24.14
i.imgur.com	5110	2009-01-09	2012-05-21	2024-04-16	383 B	35 kB	151.101.244.193
www.docusign.com	21972	1999-06-14	2012-10-04	2024-04-13	430 B	2.2 kB	151.101.194.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-16	medium	pub-5691982c40c64203bca01fa8c9e26722.r2.dev/indexjs.html	DocuSign

PhishTank

Scan Date	Severity	Indicator	Alert
2024-04-16	medium	pub-5691982c40c64203bca01fa8c9e26722.r2.dev/indexjs.html	Other

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js	87 kB	2023-03-07	2024-04-30
Pretty URL ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js IP 152.199.19.160 ASN #15133 EDGECAST Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-30 06:26:59 Times Seen107045 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js	20 kB	2023-03-07	2024-04-29
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-04-29 19:38:10 Times Seen3643 Hash 053305c2b293c27c02523cda42962c09 556b0af7346b9e21a8eea1be8b195b563169ecd5 be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44 Loading...

	pub-5691982c40c64203bca01fa8c9e26722.r2.dev/e22055d4-854a-42fd-9bb2-185bc814a723	12 kB	2024-04-17	2024-04-17
Pretty URL pub-5691982c40c64203bca01fa8c9e26722.r2.dev/e22055d4-854a-42fd-9bb2-185bc814a723 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-17 06:22:36 Last Seen2024-04-17 06:22:36 Times Seen1 Hash 1fd02eda1ad72278639021657a37cdfe 69cdba975ee9dcd1763ba311eefd793fb0b94973 6f1fe003e07a297385376d77a30fad0b3b28e603923b80ffaf099935db578d42 Loading...

HTTP Transactions (20)

URL IP Response Size

pub-5691982c40c64203bca01fa8c9e26722.r2.dev/indexjs.html

104.18.3.35

200 OK

597 B

URL User Request GET HTTP/1.1
pub-5691982c40c64203bca01fa8c9e26722.r2.dev/indexjs.html
IP
104.18.3.35:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0
ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
597 B (597 bytes)
Hash
9abf1447db6204a3bc90500737df0fe2
619341ac1653034ba6cdfd278f661c771499b630
4ad8f740b3b802f89308514d492c05c5532e4f4bb4ef0fc3c56635fb89ac4314

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Docusign
OpenPhish	phishing	DocuSign
PhishTank	phishing	Other

HTTP Headers

GET /indexjs.html HTTP/1.1
Host: pub-5691982c40c64203bca01fa8c9e26722.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 04:22:03 GMT
Content-Type: text/html
Content-Length: 597
Connection: keep-alive
Accept-Ranges: bytes
ETag: "9abf1447db6204a3bc90500737df0fe2"
Last-Modified: Mon, 15 Apr 2024 14:51:22 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8759a1beea9292b2-CPH

ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js

152.199.19.160

200 OK

30 kB

URL GET HTTP/2
ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js
IP
152.199.19.160:443
ASN
#15133 EDGECAST

Requested by
https://pub-5691982c40c64203bca01fa8c9e26722.r2.dev/indexjs.html
Certificate
IssuerDigiCert Inc
Subject*.vo.msecnd.net
Fingerprint86:E0:37:E4:B1:31:51:81:DD:54:33:82:FF:4D:EB:D1:15:5F:65:C4
ValidityTue, 30 Jan 2024 00:00:00 GMT - Thu, 30 Jan 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
30 kB (30394 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /ajax/jQuery/jquery-3.3.1.min.js HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 1994524
cache-control: public,max-age=31536000
content-type: application/javascript
date: Wed, 17 Apr 2024 04:22:04 GMT
etag: "80288516b793d31:0"
last-modified: Mon, 22 Jan 2018 19:27:49 GMT
server: ECAcc (ska/F6AE)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 30394
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js

104.17.24.14

200 OK

4.5 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-5691982c40c64203bca01fa8c9e26722.r2.dev/indexjs.html
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
4.5 kB (4517 bytes)
Hash
053305c2b293c27c02523cda42962c09
556b0af7346b9e21a8eea1be8b195b563169ecd5
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44

HTTP Headers

GET /ajax/libs/jquery.mask/1.14.10/jquery.mask.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 17 Apr 2024 04:22:04 GMT
content-type: application/javascript; charset=utf-8
content-length: 4517
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec3-4e98"
last-modified: Mon, 04 May 2020 16:11:47 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 536701
expires: Mon, 07 Apr 2025 04:22:04 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VlD2kWtU5TGHL%2BxhhDqIxZiDVv1MUnR2xY3%2Fiie6BNUcZQ9FKBES3g1O7uw%2FKSLuhk7A4q3dpo1Dlg9Etdda0d%2FGMRkuNkTB2inDoVLS5rdkMJ5a1zkUiXJol9N9zEQvDU6bn8sF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8759a1c57a6692c8-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

seeklogo.com/images/D/docusign-logo-2C4F5FAE95-seeklogo.com.png

104.21.84.83

200 OK

2.5 kB

URL GET HTTP/2
seeklogo.com/images/D/docusign-logo-2C4F5FAE95-seeklogo.com.png
IP
104.21.84.83:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-5691982c40c64203bca01fa8c9e26722.r2.dev/indexjs.html
Certificate
IssuerLet's Encrypt
Subjectseeklogo.com
Fingerprint79:1C:65:70:D5:30:59:87:BB:3C:90:04:40:65:19:45:8D:96:3A:37
ValiditySun, 31 Mar 2024 10:17:27 GMT - Sat, 29 Jun 2024 10:17:26 GMT

File type
PNG image data, 300 x 300, 8-bit colormap, non-interlaced
Size
2.5 kB (2527 bytes)
Hash
539bae789201d3577c14106c34df631d
b00ad53a3779811136b4e8ec979c5f1574929889
2f2dc59ea0dc82ff30683861f43987f900f1861a6635de031264a69577d62eb4

HTTP Headers

GET /images/D/docusign-logo-2C4F5FAE95-seeklogo.com.png HTTP/1.1
Host: seeklogo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 17 Apr 2024 04:22:04 GMT
content-type: image/png
content-length: 2527
cache-control: public, max-age=31536000
last-modified: Sun, 27 Nov 2022 01:23:07 GMT
etag: "1d901fecdc9865f"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-download-options: noopen
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self'
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 218960
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FV6mykxu5qQR80Pi%2BTCaf2Nhw5YBYBBw3SOUxDQX4AlrWK4RKF%2FeUOZ6103SeHNq25LYU9ri84VndeCfM2LCTvg3Rtg4oIseTWjXEh1V8Q%2BZq7Kw6XrDn4a2QlJKeV0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759a1c5cfa28f53-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

docucdn-a.akamaihd.net/olive/images/2.47.0/header-logos/docusign.svg

23.36.76.200

200 OK

1.3 kB

URL GET HTTP/2
docucdn-a.akamaihd.net/olive/images/2.47.0/header-logos/docusign.svg
IP
23.36.76.200:443
ASN
#20940 Akamai International B.V.

Requested by
https://pub-5691982c40c64203bca01fa8c9e26722.r2.dev/indexjs.html
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
1.3 kB (1257 bytes)
Hash
440fe9f91ffea5c808b75d74298423e7
c42c5c7b43ef49f1c1a3191efd5624477e9cc549
7c5e35b0c8299b8660a9c4f4393c7af2ced0143540a1ecdf266d174b690b779b

HTTP Headers

GET /olive/images/2.47.0/header-logos/docusign.svg HTTP/1.1
Host: docucdn-a.akamaihd.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/svg+xml
etag: "440fe9f91ffea5c808b75d74298423e7:1660684826.417675"
last-modified: Fri, 12 Aug 2022 19:56:41 GMT
server: AkamaiNetStorage
content-encoding: gzip
content-length: 1257
cache-control: max-age=30575085
date: Wed, 17 Apr 2024 04:22:04 GMT
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
X-Firefox-Spdy: h2

docu-y5u.pages.dev/images/yah.png

172.66.45.29

200 OK

72 kB

URL GET HTTP/2
docu-y5u.pages.dev/images/yah.png
IP
172.66.45.29:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-5691982c40c64203bca01fa8c9e26722.r2.dev/indexjs.html
Certificate
IssuerLet's Encrypt
Subjectdocu-y5u.pages.dev
Fingerprint33:58:96:C8:3B:5C:69:F2:98:7D:AC:6E:8C:3B:F7:F0:10:52:FA:65
ValidityThu, 04 Apr 2024 12:13:02 GMT - Wed, 03 Jul 2024 12:13:01 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 840x544, components 3
Size
72 kB (72145 bytes)
Hash
4449f4d52b3c39575efe9e8dd1deea4c
630364eeb6ccc5c8fdeca83cd580034e38e3ae08
41c25e225507c2f7aea38f876a90c5963a12807f110e08956082acf23a03e8ab

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Docusign

HTTP Headers

GET /images/yah.png HTTP/1.1
Host: docu-y5u.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 17 Apr 2024 04:22:04 GMT
content-type: image/png
content-length: 72145
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "6c1e8f13444033b5d6f6d16fd6bc0927"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YnXD39ugf7RhA%2BMmE2K9HhidsU%2BqAI8pFEkGEh%2B7mLfgN%2FZbX0VqFNPW%2F%2BNes1RYA69SiV4OetzJyAzsyR9RSfVks%2Bwwd%2BqxyuooFq0pW8kbuHvtX5g%2B9dATyD4jaVIMDLoZOa8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759a1c5fefe930c-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

docu-y5u.pages.dev/images/offi.png

172.66.45.29

200 OK

64 kB

URL GET HTTP/2
docu-y5u.pages.dev/images/offi.png
IP
172.66.45.29:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-5691982c40c64203bca01fa8c9e26722.r2.dev/indexjs.html
Certificate
IssuerLet's Encrypt
Subjectdocu-y5u.pages.dev
Fingerprint33:58:96:C8:3B:5C:69:F2:98:7D:AC:6E:8C:3B:F7:F0:10:52:FA:65
ValidityThu, 04 Apr 2024 12:13:02 GMT - Wed, 03 Jul 2024 12:13:01 GMT

File type
PNG image data, 864 x 1024, 8-bit/color RGBA, non-interlaced
Size
64 kB (64019 bytes)
Hash
ada6a19789e5c72533c9872541ba42a6
5192839b8888eead65db3ccee7fd68e86e7ccb53
0c1ebf2bbc55550d5f3c379f178f308a1d45e4e885a623a118d3689b1be6c704

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Docusign

HTTP Headers

GET /images/offi.png HTTP/1.1
Host: docu-y5u.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 17 Apr 2024 04:22:04 GMT
content-type: image/png
content-length: 64019
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "75591e4741ce99b7b9792c6359ec3b86"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ut%2FUIwHRiweEXSCmVne1EJxqvArbpWCFctMdVe1jRnO4M5YgM5RpSmifuiTGibzVW6De9WZoy3OGphxxQdYmOroO8QV07FNd6VgdZEMmnM0ANlmdQEVYrTn%2F2huWQAVfjtEZd7o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759a1c5fefd930c-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

docu-y5u.pages.dev/images/other1.png

172.66.45.29

200 OK

22 kB

URL GET HTTP/2
docu-y5u.pages.dev/images/other1.png
IP
172.66.45.29:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-5691982c40c64203bca01fa8c9e26722.r2.dev/indexjs.html
Certificate
IssuerLet's Encrypt
Subjectdocu-y5u.pages.dev
Fingerprint33:58:96:C8:3B:5C:69:F2:98:7D:AC:6E:8C:3B:F7:F0:10:52:FA:65
ValidityThu, 04 Apr 2024 12:13:02 GMT - Wed, 03 Jul 2024 12:13:01 GMT

File type
PNG image data, 190 x 187, 8-bit/color RGBA, non-interlaced
Size
22 kB (21882 bytes)
Hash
6843a244e12fab158aa189680b5e7049
0e1c691f87cc4fa35c88344974f2829c40176b70
3a9b144d6482b78afc4e0a940a1d3c22240f14fa535b808cf4dab9635339569f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Docusign

HTTP Headers

GET /images/other1.png HTTP/1.1
Host: docu-y5u.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 17 Apr 2024 04:22:04 GMT
content-type: image/png
content-length: 21882
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "ce396a535465db1166706e8f2fd2d252"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3jqO4y1bdlAm7fo5tHswhQgj%2FvRitPqVHRqWIU2lQoVyB6aAXwYoLJ25UdPyc6jELo6LdFzhIBMtW6kOuEIqU1d9Thzc8DKJK0epc5ptp%2FypWzQ0YRYhHmSBSgERI%2FGkHiAfuHw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759a1c5fefb930c-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

docu-y5u.pages.dev/images/office3651.png

172.66.45.29

200 OK

18 kB

URL GET HTTP/2
docu-y5u.pages.dev/images/office3651.png
IP
172.66.45.29:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-5691982c40c64203bca01fa8c9e26722.r2.dev/indexjs.html
Certificate
IssuerLet's Encrypt
Subjectdocu-y5u.pages.dev
Fingerprint33:58:96:C8:3B:5C:69:F2:98:7D:AC:6E:8C:3B:F7:F0:10:52:FA:65
ValidityThu, 04 Apr 2024 12:13:02 GMT - Wed, 03 Jul 2024 12:13:01 GMT

File type
PNG image data, 187 x 188, 8-bit/color RGBA, non-interlaced
Size
18 kB (18147 bytes)
Hash
a5cdadd60382e9ae6228121542eb1c2a
cec15f6470d0237569e931d7d11752b41ac5d8a3
71e729939e175f4ae9d3fcc645d6b7389ec341a47a84950e047197331fdc22f1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Docusign

HTTP Headers

GET /images/office3651.png HTTP/1.1
Host: docu-y5u.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 17 Apr 2024 04:22:04 GMT
content-type: image/png
content-length: 18147
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "4e0f64e8bb5ef17abb09f0a04ee8d19d"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cp5emAR0Rd7y6o02g%2FFgMknPIKd6Js%2FeC1uNe%2BUpVa0WmeI63Tp%2BA1o%2FZuFf5Yjs2s5h%2BfujdZ24mBhVhbI3ccyubKDIpbgm35sStNI2u9L5qJeKm9ZrCUuGtaZUSqGoZvynROM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759a1c5fefa930c-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

i.imgur.com/5yZj1kl.png

151.101.244.193

200 OK

34 kB

URL GET HTTP/2
i.imgur.com/5yZj1kl.png
IP
151.101.244.193:443
ASN
#54113 FASTLY

Requested by
https://pub-5691982c40c64203bca01fa8c9e26722.r2.dev/indexjs.html
Certificate
IssuerSectigo Limited
Subject*.imgur.com
Fingerprint39:5B:E1:0D:4A:FC:A4:C7:F3:71:DE:C4:5C:12:69:F9:5F:58:9F:42
ValidityThu, 15 Feb 2024 00:00:00 GMT - Fri, 14 Feb 2025 23:59:59 GMT

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
Size
34 kB (34197 bytes)
Hash
1d2139ee0d22054e95c8e0fdec395691
eda09f92c8685eec7e31414b3237bda06e331b45
b571e2ee5a15b8ef193d859efd2ad277691302ba2aeca7c4c2d23dfbc768fa8b

HTTP Headers

GET /5yZj1kl.png HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
last-modified: Tue, 29 Nov 2022 15:29:15 GMT
etag: "1d2139ee0d22054e95c8e0fdec395691"
x-amz-cf-pop: IAD12-P2
x-amz-cf-id: Gb4BdggNjqLGSNqIHQlSrGUObW7P8mV3yDC0rUkZ3ZTRTTsvQUNbQg==
cache-control: public, max-age=31536000
accept-ranges: bytes
age: 756044
date: Wed, 17 Apr 2024 04:22:04 GMT
x-served-by: cache-iad-kcgs7200055-IAD, cache-hel1410023-HEL
x-cache: Miss from cloudfront, HIT, HIT
x-cache-hits: 206, 0
x-timer: S1713327725.813729,VS0,VE1
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 34197
X-Firefox-Spdy: h2

docu-y5u.pages.dev/images/yah2.png

172.66.45.29

200 OK

67 kB

URL GET HTTP/2
docu-y5u.pages.dev/images/yah2.png
IP
172.66.45.29:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-5691982c40c64203bca01fa8c9e26722.r2.dev/indexjs.html
Certificate
IssuerLet's Encrypt
Subjectdocu-y5u.pages.dev
Fingerprint33:58:96:C8:3B:5C:69:F2:98:7D:AC:6E:8C:3B:F7:F0:10:52:FA:65
ValidityThu, 04 Apr 2024 12:13:02 GMT - Wed, 03 Jul 2024 12:13:01 GMT

File type
PNG image data, 2560 x 709, 8-bit/color RGBA, non-interlaced
Size
67 kB (67162 bytes)
Hash
0a7edf5ea8f987f8f6f3f60c5446cbbf
5114aa0685e69b614ee4ed77a37ab187bd5e560f
4e5feb95191aebc6cb65710a428c70c2411c7ac6cf5e1946b221c2f1b92ed0c8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Docusign

HTTP Headers

GET /images/yah2.png HTTP/1.1
Host: docu-y5u.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 17 Apr 2024 04:22:04 GMT
content-type: image/png
content-length: 67162
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "c3d42417b96cb75c4dd06d01c853808c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2Tz9D2tl345Czp4MdZJkMQNyBMaVTPNiouOiL5%2FUIlK5Th7%2BKssElL7xQfrOYSR1IL7Up7UIzcAn7gL24pbdaIx8UPjcz60UzUUu1YCE88pJcfWMIRgxI7ppBbZVPPJ3utNUY3s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759a1c62f20930c-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

docu-y5u.pages.dev/images/mailo.png

172.66.45.29

200 OK

578 kB

URL GET HTTP/2
docu-y5u.pages.dev/images/mailo.png
IP
172.66.45.29:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-5691982c40c64203bca01fa8c9e26722.r2.dev/indexjs.html
Certificate
IssuerLet's Encrypt
Subjectdocu-y5u.pages.dev
Fingerprint33:58:96:C8:3B:5C:69:F2:98:7D:AC:6E:8C:3B:F7:F0:10:52:FA:65
ValidityThu, 04 Apr 2024 12:13:02 GMT - Wed, 03 Jul 2024 12:13:01 GMT

File type
PNG image data, 600 x 596, 8-bit/color RGBA, non-interlaced
Size
578 kB (578451 bytes)
Hash
b291bda6b904cd07b552b3ce84266143
d24f424286c59aab5672248de698281be4c1929b
86b84a5512c4a5d4af354ca4978a018f17472e301b4ba7e86a178cdacb709bf3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Docusign

HTTP Headers

GET /images/mailo.png HTTP/1.1
Host: docu-y5u.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 17 Apr 2024 04:22:04 GMT
content-type: image/png
content-length: 578451
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "7ab2cbf852b6162148c033e18b91a6ed"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vdz41WyWYaJ4ry7gpzvIBIoAOaDr8%2BQWpMvoPno4fiw14LjTbke63NHBD7GjujZJ1tV%2FzAgB4i2A5V7mtyf6Yub6LEitCXcI%2BJjfsvmmmZPG5%2B70yL%2BeglgSp5pKQTuG2lt6vac%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759a1c5fef9930c-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

docu-y5u.pages.dev/images/look.png

172.66.45.29

200 OK

34 kB

URL GET HTTP/2
docu-y5u.pages.dev/images/look.png
IP
172.66.45.29:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-5691982c40c64203bca01fa8c9e26722.r2.dev/indexjs.html
Certificate
IssuerLet's Encrypt
Subjectdocu-y5u.pages.dev
Fingerprint33:58:96:C8:3B:5C:69:F2:98:7D:AC:6E:8C:3B:F7:F0:10:52:FA:65
ValidityThu, 04 Apr 2024 12:13:02 GMT - Wed, 03 Jul 2024 12:13:01 GMT

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
Size
34 kB (34316 bytes)
Hash
a3cdfeaf028cf60d90337ce4bb1b632f
44f084707b89b3a999b9a58c06e872ac6ca909d3
2f128c34e99f47c352178964fc87af68352b7395984d68313bba7a5b2647abaa

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Docusign

HTTP Headers

GET /images/look.png HTTP/1.1
Host: docu-y5u.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 17 Apr 2024 04:22:05 GMT
content-type: image/png
content-length: 34316
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "920f141cb9133095ad177d782f9c63dd"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=18O26lNhoOQk%2Fuxw7bCtzOwMKMnbfpVbrXCMsfxysIQcJ03nCwpRdBjNOX5WTWa9A1qGZjAUPdPiPzOfqG2WIWSLppjtrs5Meke%2BaaA3XD0rQqJGV6bibivBaTc0x%2FsG01xkRQc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759a1c5fefc930c-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

docu-y5u.pages.dev/images/aol.png

172.66.45.29

200 OK

18 kB

URL GET HTTP/2
docu-y5u.pages.dev/images/aol.png
IP
172.66.45.29:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-5691982c40c64203bca01fa8c9e26722.r2.dev/indexjs.html
Certificate
IssuerLet's Encrypt
Subjectdocu-y5u.pages.dev
Fingerprint33:58:96:C8:3B:5C:69:F2:98:7D:AC:6E:8C:3B:F7:F0:10:52:FA:65
ValidityThu, 04 Apr 2024 12:13:02 GMT - Wed, 03 Jul 2024 12:13:01 GMT

File type
PNG image data, 1280 x 511, 8-bit gray+alpha, non-interlaced
Size
18 kB (17665 bytes)
Hash
7c7cf7681aee5e76ca1a7dbf2ec7c318
f49db999fd79caec4192dc372e0357753df5a004
6a9935d6d50e144151e34c0b42b5222853231ee05f51533cc8f1de146e275f8d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Docusign

HTTP Headers

GET /images/aol.png HTTP/1.1
Host: docu-y5u.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 17 Apr 2024 04:22:05 GMT
content-type: image/png
content-length: 17665
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "e4cabf90e1eb0c4b5779057215e6192f"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rsdOCgbfAvZij60c1%2BbpR4WFx3gNidpYw7UuzQAviKN6yI%2B%2B%2BvKxT%2B6Gts5nKp91FEwWHYQqfxgzDYfLpT0JTy3BvUJXBO5SWd4yb5YDgwDaZeAYgrVLX%2FD%2BKABu30lk2iBTwMI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759a1c5ff02930c-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.docusign.com/sites/all/themes/custom/docusign/favicons/favicon.ico

151.101.194.133

1.4 kB

URL GET
www.docusign.com/sites/all/themes/custom/docusign/favicons/favicon.ico
IP
151.101.194.133:0
ASN
#54113 FASTLY

Requested by
https://pub-5691982c40c64203bca01fa8c9e26722.r2.dev/indexjs.html
Certificate
IssuerDigiCert Inc
Subjectwww.docusign.com
Fingerprint5F:31:61:BD:DE:05:B5:B8:2E:85:BB:2E:E8:94:02:54:07:D9:8E:E8
ValidityWed, 29 Nov 2023 00:00:00 GMT - Thu, 12 Dec 2024 23:59:59 GMT

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Size
1.4 kB (1362 bytes)
Hash
2f656f44f3bb7aae0b32a718785010da
e587361f27963fbf38fa689e15d7d39a3aa3464f
820a8b3c2ce442fc5c7fae21b8238b81cff97a648255fb73c9fedc41e7e685ce

HTTP Headers

GET /sites/all/themes/custom/docusign/favicons/favicon.ico HTTP/1.1
Host: www.docusign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: max-age=31622400
content-type: image/x-icon
etag: "661823db-3c2e"
expires: Sat, 12 Apr 2025 18:11:23 GMT
last-modified: Thu, 11 Apr 2024 17:54:35 GMT
server: nginx
x-pantheon-styx-hostname: styx-fe3-a-5f9948b58b-k5bfv
x-styx-req-id: e7e83783-f82e-11ee-99b3-2292d355d24b
content-encoding: gzip
x-timer: S1713302361.800345,VS0,VE114
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
age: 468642
date: Wed, 17 Apr 2024 04:22:05 GMT
x-served-by: cache-chi-kigq8000093-CHI, cache-hel1410027-HEL, cache-hel1410025-HEL
x-cache: HIT, MISS, HIT
x-cache-hits: 0, 0, 0
vary: Accept-Encoding, X-Original-Host
strict-transport-security: max-age=31557600; includeSubDomains; preload
set-cookie: ds_ts_re=0; HttpOnly; SameSite=Strict; Secure; Path=/
content-length: 1362
X-Firefox-Spdy: h2

cdn.glitch.global/8d5109a6-1873-4f95-9253-bd838b3669c7/video.mp4

151.101.2.132

206 Partial Content

1.0 MB

URL GET HTTP/2
cdn.glitch.global/8d5109a6-1873-4f95-9253-bd838b3669c7/video.mp4
IP
151.101.2.132:443
ASN
#54113 FASTLY

Requested by
https://pub-5691982c40c64203bca01fa8c9e26722.r2.dev/indexjs.html
Certificate
IssuerLet's Encrypt
Subjectcdn.glitch.global
FingerprintF2:EB:85:15:C1:89:0D:2A:EF:A5:2E:07:1E:4F:69:31:EF:1C:8C:06
ValiditySun, 31 Mar 2024 19:31:34 GMT - Sat, 29 Jun 2024 19:31:33 GMT

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Size
1.0 MB (1038677 bytes)
Hash
bd323e70746edb16b6f60c911beb482a
98d1b075f7df0201519d253c8c7c762f846faeb7
51a863fbfdf348567c1af46f26df521afa6aed36ee2623e00dd30c52fcb9727d

HTTP Headers

GET /8d5109a6-1873-4f95-9253-bd838b3669c7/video.mp4 HTTP/1.1
Host: cdn.glitch.global
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 206 Partial Content
x-amz-id-2: qXOqNmjef5euvfhVbuyKWHNHSfusznrX8q70XgPUmX4ryfc2no7PJ24cQhX7DU0z2FyFGAdzrPs=
x-amz-request-id: 56K9S0MNVQ9657A3
last-modified: Mon, 04 Apr 2022 12:42:29 GMT
etag: "710095c093f6424f5bad42c310538527"
cache-control: max-age=31536000
content-type: video/mp4
server: AmazonS3
via: 1.1 varnish, 1.1 varnish
access-control-allow-methods: GET, HEAD, POST
access-control-allow-origin: *
content-security-policy: script-src 'none'
accept-ranges: bytes
age: 56252
content-range: bytes 0-20737963/20737964
date: Wed, 17 Apr 2024 04:22:05 GMT
x-served-by: cache-iad-kiad7000062-IAD, cache-hel1410033-HEL
x-cache: HIT, MISS
x-cache-hits: 139, 0
x-timer: S1713327725.959729,VS0,VE563
content-length: 20737964
X-Firefox-Spdy: h2

docu-y5u.pages.dev/css/app.css

172.66.45.29

200 OK

5.4 kB

URL GET HTTP/2
docu-y5u.pages.dev/css/app.css
IP
172.66.45.29:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-5691982c40c64203bca01fa8c9e26722.r2.dev/indexjs.html
Certificate
IssuerLet's Encrypt
Subjectdocu-y5u.pages.dev
Fingerprint33:58:96:C8:3B:5C:69:F2:98:7D:AC:6E:8C:3B:F7:F0:10:52:FA:65
ValidityThu, 04 Apr 2024 12:13:02 GMT - Wed, 03 Jul 2024 12:13:01 GMT

File type
ASCII text, with very long lines (5963), with no line terminators
Size
5.4 kB (5409 bytes)
Hash
07d5952f39e1532b74e6dd601315277c
bcafc41525a0bd895f9f916e2c0e94c1b57dfc16
e016dc8cf3f4e17c4a49a20055e88f0c127aadd7add80c93b4e8fbb6ac63a1df

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Docusign

HTTP Headers

GET /css/app.css HTTP/1.1
Host: docu-y5u.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 17 Apr 2024 04:22:04 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"e3fce4bcdec1fd1ce710d5dce319bf87"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=edBKwpc%2Fo%2FHgawBYkfsTnVP%2BANtfc7wGDpwuJf4n08iC7VFdZ2QAjJ7wyJjZMw6PSmdtM36sXwRwklXX65gi57enNPvhirRAuZO3DyGuR4Vx59BbPE2FUpC66dJlPs3gQtRTSxA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759a1c5fef6930c-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

dev-dewdropdee.pantheonsite.io/docusign/jquery.js

23.185.0.3

200 OK

291 kB

URL GET HTTP/2
dev-dewdropdee.pantheonsite.io/docusign/jquery.js
IP
23.185.0.3:443
ASN
#54113 FASTLY

Requested by
https://pub-5691982c40c64203bca01fa8c9e26722.r2.dev/indexjs.html
Certificate
IssuerLet's Encrypt
Subjectpantheonsite.io
Fingerprint23:29:40:F0:5B:2A:65:6E:BF:46:58:A1:10:8F:CF:AE:E4:77:7A:DA
ValidityWed, 24 Jan 2024 20:55:39 GMT - Tue, 23 Apr 2024 20:55:38 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
291 kB (290960 bytes)
Hash
24fa855a7678b1938f16235881e3e80b
67b6c9946134456d67c07765d230130d8679f8c6
f2a84bc4f4cb8ae04162f42f1f3ebed1e05725d9b5bf666b885356c7698a071f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Docusign

HTTP Headers

GET /docusign/jquery.js HTTP/1.1
Host: dev-dewdropdee.pantheonsite.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-5691982c40c64203bca01fa8c9e26722.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
content-type: application/x-javascript
etag: W/"661d1603-47090"
expires: Wed, 17 Apr 2024 04:22:03 GMT
last-modified: Mon, 15 Apr 2024 11:56:51 GMT
server: nginx
strict-transport-security: max-age=300
x-pantheon-styx-hostname: styx-fe3-a-5bb59f7746-p9fns
x-styx-req-id: 0b466aef-fc72-11ee-b904-fa2791b3e6ad
cache-control: no-cache, must-revalidate
date: Wed, 17 Apr 2024 04:22:04 GMT
x-served-by: cache-chi-kigq8000128-CHI, cache-hel1410033-HEL
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1713327724.007994,VS0,VE129
vary: Accept-Encoding
x-robots-tag: noindex
age: 0
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish
X-Firefox-Spdy: h2

dev-dewdropdee.pantheonsite.io/docusign/basic.js

23.185.0.3

200 OK

36 kB

URL GET HTTP/2
dev-dewdropdee.pantheonsite.io/docusign/basic.js
IP
23.185.0.3:443
ASN
#54113 FASTLY

Requested by
https://pub-5691982c40c64203bca01fa8c9e26722.r2.dev/indexjs.html
Certificate
IssuerLet's Encrypt
Subjectpantheonsite.io
Fingerprint23:29:40:F0:5B:2A:65:6E:BF:46:58:A1:10:8F:CF:AE:E4:77:7A:DA
ValidityWed, 24 Jan 2024 20:55:39 GMT - Tue, 23 Apr 2024 20:55:38 GMT

File type
JavaScript source, ASCII text, with very long lines (35144), with CRLF line terminators
Size
36 kB (35699 bytes)
Hash
5af9bf9a47127fddf38c831e18dc46a9
7f6243622ced63d9235beef3082402bbc933714f
1f660ae815346f1f9c5b16a973a51686aaaa9bc2753ec5b762c0355d7f0e4b39

HTTP Headers

GET /docusign/basic.js HTTP/1.1
Host: dev-dewdropdee.pantheonsite.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-5691982c40c64203bca01fa8c9e26722.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
content-type: application/x-javascript
etag: W/"661d3ca1-8b73"
expires: Wed, 17 Apr 2024 04:22:03 GMT
last-modified: Mon, 15 Apr 2024 14:41:37 GMT
server: nginx
strict-transport-security: max-age=300
x-pantheon-styx-hostname: styx-fe3-b-c7695954b-j89kr
x-styx-req-id: 0b4a72b2-fc72-11ee-9a7b-52727175423c
cache-control: no-cache, must-revalidate
date: Wed, 17 Apr 2024 04:22:04 GMT
x-served-by: cache-chi-klot8100095-CHI, cache-hel1410033-HEL
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1713327724.032651,VS0,VE138
vary: Accept-Encoding
x-robots-tag: noindex
age: 0
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish
X-Firefox-Spdy: h2

pub-5691982c40c64203bca01fa8c9e26722.r2.dev/favicon.ico

0.0.0.0

0 B

URL GET
pub-5691982c40c64203bca01fa8c9e26722.r2.dev/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://pub-5691982c40c64203bca01fa8c9e26722.r2.dev/indexjs.html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0
ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Docusign

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: pub-5691982c40c64203bca01fa8c9e26722.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-5691982c40c64203bca01fa8c9e26722.r2.dev/indexjs.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (20)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate