Report - pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/index.html

Report Overview

Submitted URL
pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/index.html
IP
104.18.2.35
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-08 18:03:02
Access
public
Website Title
DocuSign Share File
Final URL
pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/910958da-0fdd-4638-b7ca-26efba10ec50
Tags
docusign phishing
urlquery detections
Phishing - Docusign

Detections

urlquery
13
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
pub-67e1775130984d3b982c6ca41261bc0c.r2.dev	unknown	unknown	No data	No data	999 B	894 B	104.18.2.35
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-05-08	404 B	5.5 kB	104.17.25.14
docucdn-a.akamaihd.net	10361	2009-09-14	2014-04-10	2024-05-07	442 B	1.7 kB	23.36.76.243
seeklogo.com	56607	2008-08-23	2012-05-31	2024-04-30	437 B	3.7 kB	172.67.190.76
dev-sqlmfia.pantheonsite.io	unknown	2016-01-29	2024-01-28	2024-04-18	893 B	148 kB	23.185.0.3
www.docusign.com	21972	1999-06-14	2012-10-04	2024-05-06	432 B	845 B	0.0.0.0
cdn.glitch.global	282615	2021-09-09	2022-01-13	2024-04-13	489 B	1.7 MB	151.101.194.132
ajax.aspnetcdn.com	693	2010-10-12	2012-05-24	2024-05-07	389 B	31 kB	152.199.19.160
docu-y5u.pages.dev	unknown	2020-09-02	2023-08-12	2024-04-17	3.7 kB	883 kB	172.66.45.29
i.imgur.com	5110	2009-01-09	2012-05-21	2024-05-08	383 B	35 kB	151.101.244.193
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-05-07	512 B	1.2 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-05-08	medium	pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/index.html	DocuSign

PhishTank

Scan Date	Severity	Indicator	Alert
2024-04-20	medium	pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/index.html	Other

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/910958da-0fdd-4638-b7ca-26efba10ec50	12 kB	2024-04-20	2024-05-08
Pretty URL pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/910958da-0fdd-4638-b7ca-26efba10ec50 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-20 18:53:50 Last Seen2024-05-08 20:03:08 Times Seen3 Hash 9e652c766c5204419eec8841a3883aba 7d5dd55c0db2acfddfe905705dc06638a4a90cdd 138138f107c11ef2e6d3a2b4c28738040f3c389567c189d6fce4de07ac828a2f Loading...

	ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js	87 kB	2023-03-07	2024-05-20
Pretty URL ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js IP 152.199.19.160 ASN #15133 EDGECAST Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-05-20 02:18:04 Times Seen115149 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js	20 kB	2023-03-07	2024-05-19
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-05-19 09:12:25 Times Seen3767 Hash 053305c2b293c27c02523cda42962c09 556b0af7346b9e21a8eea1be8b195b563169ecd5 be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44 Loading...

HTTP Transactions (21)

URL IP Response Size

pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/index.html

104.18.2.35

200 OK

587 B

URL User Request GET HTTP/1.1
pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/index.html
IP
104.18.2.35:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0
ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
587 B (587 bytes)
Hash
e147b3c5b0770cc094c4723053bed794
2d08f1c1099114ac80b8e35d342c237ca91cd9ed
1a3dba09f2bc53b1b799a8b6cd9587c662f7b76a97cedc3b5309beda003374cc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Docusign
OpenPhish	phishing	DocuSign
PhishTank	phishing	Other

HTTP Headers

GET /index.html HTTP/1.1
Host: pub-67e1775130984d3b982c6ca41261bc0c.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 18:02:38 GMT
Content-Type: text/html
Content-Length: 587
Connection: keep-alive
Accept-Ranges: bytes
ETag: "e147b3c5b0770cc094c4723053bed794"
Last-Modified: Fri, 19 Apr 2024 19:36:43 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880b5c9f5ac70b4d-OSL

cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js

104.17.25.14

200 OK

4.5 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/index.html
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
4.5 kB (4517 bytes)
Hash
053305c2b293c27c02523cda42962c09
556b0af7346b9e21a8eea1be8b195b563169ecd5
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44

HTTP Headers

GET /ajax/libs/jquery.mask/1.14.10/jquery.mask.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 18:02:38 GMT
content-type: application/javascript; charset=utf-8
content-length: 4517
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec3-4e98"
last-modified: Mon, 04 May 2020 16:11:47 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 593746
expires: Mon, 28 Apr 2025 18:02:38 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gAu9jNDZ7An7pY1YXHKFzoRBLIBy3XHiIbehrf5ltFpu233Fb1O08LtzKWI2l4PrhEloRGM7t%2BVOFmFGtj%2FMGhQttScZnplhlb%2BKu0wr86QfrMljAGfj%2BvrTV4bhKsAhgBqo14MG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 880b5ca938455699-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js

152.199.19.160

200 OK

30 kB

URL GET HTTP/2
ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js
IP
152.199.19.160:443
ASN
#15133 EDGECAST

Requested by
https://pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/index.html
Certificate
IssuerDigiCert Inc
Subject*.vo.msecnd.net
Fingerprint86:E0:37:E4:B1:31:51:81:DD:54:33:82:FF:4D:EB:D1:15:5F:65:C4
ValidityTue, 30 Jan 2024 00:00:00 GMT - Thu, 30 Jan 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
30 kB (30394 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /ajax/jQuery/jquery-3.3.1.min.js HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 3858158
cache-control: public,max-age=31536000
content-type: application/javascript
date: Wed, 08 May 2024 18:02:38 GMT
etag: "80288516b793d31:0"
last-modified: Mon, 22 Jan 2018 19:27:49 GMT
server: ECAcc (ska/F6AE)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 30394
X-Firefox-Spdy: h2

docucdn-a.akamaihd.net/olive/images/2.47.0/header-logos/docusign.svg

23.36.76.243

200 OK

1.3 kB

URL GET HTTP/2
docucdn-a.akamaihd.net/olive/images/2.47.0/header-logos/docusign.svg
IP
23.36.76.243:443
ASN
#20940 Akamai International B.V.

Requested by
https://pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/index.html
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint28:39:AF:63:7D:02:E8:F7:17:23:A0:EE:E0:C9:2F:9C:64:17:68:0A
ValidityThu, 18 Apr 2024 00:00:00 GMT - Sat, 19 Apr 2025 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
1.3 kB (1257 bytes)
Hash
440fe9f91ffea5c808b75d74298423e7
c42c5c7b43ef49f1c1a3191efd5624477e9cc549
7c5e35b0c8299b8660a9c4f4393c7af2ced0143540a1ecdf266d174b690b779b

HTTP Headers

GET /olive/images/2.47.0/header-logos/docusign.svg HTTP/1.1
Host: docucdn-a.akamaihd.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/svg+xml
etag: "440fe9f91ffea5c808b75d74298423e7:1660684826.417675"
last-modified: Fri, 12 Aug 2022 19:56:41 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31529300
date: Wed, 08 May 2024 18:02:39 GMT
content-length: 1257
access-control-allow-origin: *
x-content-type-options: nosniff
X-Firefox-Spdy: h2

seeklogo.com/images/D/docusign-logo-2C4F5FAE95-seeklogo.com.png

172.67.190.76

200 OK

2.5 kB

URL GET HTTP/2
seeklogo.com/images/D/docusign-logo-2C4F5FAE95-seeklogo.com.png
IP
172.67.190.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/index.html
Certificate
IssuerLet's Encrypt
Subjectseeklogo.com
Fingerprint79:1C:65:70:D5:30:59:87:BB:3C:90:04:40:65:19:45:8D:96:3A:37
ValiditySun, 31 Mar 2024 10:17:27 GMT - Sat, 29 Jun 2024 10:17:26 GMT

File type
PNG image data, 300 x 300, 8-bit colormap, non-interlaced
Size
2.5 kB (2527 bytes)
Hash
539bae789201d3577c14106c34df631d
b00ad53a3779811136b4e8ec979c5f1574929889
2f2dc59ea0dc82ff30683861f43987f900f1861a6635de031264a69577d62eb4

HTTP Headers

GET /images/D/docusign-logo-2C4F5FAE95-seeklogo.com.png HTTP/1.1
Host: seeklogo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 18:02:39 GMT
content-type: image/png
content-length: 2527
cache-control: public, max-age=31536000
last-modified: Sun, 27 Nov 2022 01:23:07 GMT
etag: "1d901fecdc9865f"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-download-options: noopen
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self'
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 3772
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fvp4TBz6ggfJsdrc7CBzBBDK9qwiYPYSoRgOUZ%2BoiNucXo%2FnUk4tPnjTpcUi7GYqNeoNpoxpah%2BJ2zPnMsI8j0Xd6Djj3Dz4fseUpQm%2B0tvBQwvOlznK7nX52mQ0Zww%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b5ca9efd756b1-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

docu-y5u.pages.dev/images/look.png

172.66.45.29

200 OK

34 kB

URL GET HTTP/2
docu-y5u.pages.dev/images/look.png
IP
172.66.45.29:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/index.html
Certificate
IssuerLet's Encrypt
Subjectdocu-y5u.pages.dev
Fingerprint33:58:96:C8:3B:5C:69:F2:98:7D:AC:6E:8C:3B:F7:F0:10:52:FA:65
ValidityThu, 04 Apr 2024 12:13:02 GMT - Wed, 03 Jul 2024 12:13:01 GMT

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
Size
34 kB (34316 bytes)
Hash
a3cdfeaf028cf60d90337ce4bb1b632f
44f084707b89b3a999b9a58c06e872ac6ca909d3
2f128c34e99f47c352178964fc87af68352b7395984d68313bba7a5b2647abaa

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Docusign

HTTP Headers

GET /images/look.png HTTP/1.1
Host: docu-y5u.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 18:02:39 GMT
content-type: image/png
content-length: 34316
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "920f141cb9133095ad177d782f9c63dd"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nNuI8W0R26iAXeT6s0f3Z1GmDYf5oAg6DlDK22CUZv73FuesPcWGb1jLP1DS8BtowcoAJTEZ5A1S72rXc4JIcu1BJIv8uDArMJv5UoKhGIxmBo6%2Bmlkhc8HgmuRL0sp%2FXeUaSHA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b5ca9c80456ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

docu-y5u.pages.dev/images/aol.png

172.66.45.29

200 OK

18 kB

URL GET HTTP/2
docu-y5u.pages.dev/images/aol.png
IP
172.66.45.29:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/index.html
Certificate
IssuerLet's Encrypt
Subjectdocu-y5u.pages.dev
Fingerprint33:58:96:C8:3B:5C:69:F2:98:7D:AC:6E:8C:3B:F7:F0:10:52:FA:65
ValidityThu, 04 Apr 2024 12:13:02 GMT - Wed, 03 Jul 2024 12:13:01 GMT

File type
PNG image data, 1280 x 511, 8-bit gray+alpha, non-interlaced
Size
18 kB (17665 bytes)
Hash
7c7cf7681aee5e76ca1a7dbf2ec7c318
f49db999fd79caec4192dc372e0357753df5a004
6a9935d6d50e144151e34c0b42b5222853231ee05f51533cc8f1de146e275f8d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Docusign

HTTP Headers

GET /images/aol.png HTTP/1.1
Host: docu-y5u.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 18:02:39 GMT
content-type: image/png
content-length: 17665
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "e4cabf90e1eb0c4b5779057215e6192f"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nnSsxxvzT71ghAP2MMLKPRxG%2B4JK7OZmDMvTof7r%2BOrHE7MN3f9bRTAtlLM01Hg5PoeoA7UQ5Y24Tp9iRo40ty3b0CBq7YuVacEAn77OSAu8G9kOHWiMAKzT%2BUResuu7lCQWOHI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b5ca9cffa56ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

docu-y5u.pages.dev/images/other1.png

172.66.45.29

200 OK

22 kB

URL GET HTTP/2
docu-y5u.pages.dev/images/other1.png
IP
172.66.45.29:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/index.html
Certificate
IssuerLet's Encrypt
Subjectdocu-y5u.pages.dev
Fingerprint33:58:96:C8:3B:5C:69:F2:98:7D:AC:6E:8C:3B:F7:F0:10:52:FA:65
ValidityThu, 04 Apr 2024 12:13:02 GMT - Wed, 03 Jul 2024 12:13:01 GMT

File type
PNG image data, 190 x 187, 8-bit/color RGBA, non-interlaced
Size
22 kB (21882 bytes)
Hash
6843a244e12fab158aa189680b5e7049
0e1c691f87cc4fa35c88344974f2829c40176b70
3a9b144d6482b78afc4e0a940a1d3c22240f14fa535b808cf4dab9635339569f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Docusign

HTTP Headers

GET /images/other1.png HTTP/1.1
Host: docu-y5u.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 18:02:39 GMT
content-type: image/png
content-length: 21882
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "ce396a535465db1166706e8f2fd2d252"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RjltTLP3KLt%2FvgL1w%2F254vv2BlO%2FggcYygH4hKwgJRqdcGrYJMEgxXeTSIqofNkEEnLxg6p1IzK%2FUJ7VZ3uWMfrjl2cWMeRHP%2FF39FSj17zTE16wLWpv%2Boy0PZ%2BenibUKLWv4MQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b5ca9c80656ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

docu-y5u.pages.dev/images/yah2.png

172.66.45.29

200 OK

67 kB

URL GET HTTP/2
docu-y5u.pages.dev/images/yah2.png
IP
172.66.45.29:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/index.html
Certificate
IssuerLet's Encrypt
Subjectdocu-y5u.pages.dev
Fingerprint33:58:96:C8:3B:5C:69:F2:98:7D:AC:6E:8C:3B:F7:F0:10:52:FA:65
ValidityThu, 04 Apr 2024 12:13:02 GMT - Wed, 03 Jul 2024 12:13:01 GMT

File type
PNG image data, 2560 x 709, 8-bit/color RGBA, non-interlaced
Size
67 kB (67162 bytes)
Hash
0a7edf5ea8f987f8f6f3f60c5446cbbf
5114aa0685e69b614ee4ed77a37ab187bd5e560f
4e5feb95191aebc6cb65710a428c70c2411c7ac6cf5e1946b221c2f1b92ed0c8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Docusign

HTTP Headers

GET /images/yah2.png HTTP/1.1
Host: docu-y5u.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 18:02:39 GMT
content-type: image/png
content-length: 67162
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "c3d42417b96cb75c4dd06d01c853808c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r88X%2B%2BtKP0UGh20DPRK%2FmyoS9R1tLMTUKtfxthqzfF6wIfBJTDfVL7I8iFb4tuXAJ9Qvy4Qa01NDbpgwUbYnAg06Dg72jUrLS729RpX3TNQ3aZEXGowJ87UNGBIVxGIonhHdUFw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b5ca9c80256ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

docu-y5u.pages.dev/images/yah.png

172.66.45.29

200 OK

72 kB

URL GET HTTP/2
docu-y5u.pages.dev/images/yah.png
IP
172.66.45.29:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/index.html
Certificate
IssuerLet's Encrypt
Subjectdocu-y5u.pages.dev
Fingerprint33:58:96:C8:3B:5C:69:F2:98:7D:AC:6E:8C:3B:F7:F0:10:52:FA:65
ValidityThu, 04 Apr 2024 12:13:02 GMT - Wed, 03 Jul 2024 12:13:01 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 840x544, components 3
Size
72 kB (72145 bytes)
Hash
4449f4d52b3c39575efe9e8dd1deea4c
630364eeb6ccc5c8fdeca83cd580034e38e3ae08
41c25e225507c2f7aea38f876a90c5963a12807f110e08956082acf23a03e8ab

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Docusign

HTTP Headers

GET /images/yah.png HTTP/1.1
Host: docu-y5u.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 18:02:39 GMT
content-type: image/png
content-length: 72145
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "6c1e8f13444033b5d6f6d16fd6bc0927"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aQiTWpFzhEwutXEt7mpSVz2xaGr5WFFVVgI%2F%2Fbu50dK%2FgIsBrx3bXtTWZ22tljGu9hS5QDLkvO5vE%2BrzUwnfijwVnI9leRjGOT%2BGzLVc9DxwjENBbSxSbGw8nTR5NS2DwDgRfag%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b5ca9cffd56ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

docu-y5u.pages.dev/images/office3651.png

172.66.45.29

200 OK

18 kB

URL GET HTTP/2
docu-y5u.pages.dev/images/office3651.png
IP
172.66.45.29:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/index.html
Certificate
IssuerLet's Encrypt
Subjectdocu-y5u.pages.dev
Fingerprint33:58:96:C8:3B:5C:69:F2:98:7D:AC:6E:8C:3B:F7:F0:10:52:FA:65
ValidityThu, 04 Apr 2024 12:13:02 GMT - Wed, 03 Jul 2024 12:13:01 GMT

File type
PNG image data, 187 x 188, 8-bit/color RGBA, non-interlaced
Size
18 kB (18147 bytes)
Hash
a5cdadd60382e9ae6228121542eb1c2a
cec15f6470d0237569e931d7d11752b41ac5d8a3
71e729939e175f4ae9d3fcc645d6b7389ec341a47a84950e047197331fdc22f1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Docusign

HTTP Headers

GET /images/office3651.png HTTP/1.1
Host: docu-y5u.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 18:02:39 GMT
content-type: image/png
content-length: 18147
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "4e0f64e8bb5ef17abb09f0a04ee8d19d"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9%2FDL%2BPmOBDzrpEeRnEvqeJoPETdzcxPZ4%2B3kuuWkMDFGoIMB3PBkTnp4UZyYQiOUQj%2B4JcRV336Mrppx%2B3TLQZK60SbOz2VL9S2dEs0%2BYtuCQBPnHCdkuLqxu6En5A6lJJLJT%2FQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b5ca9c80156ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

docu-y5u.pages.dev/images/offi.png

172.66.45.29

200 OK

64 kB

URL GET HTTP/2
docu-y5u.pages.dev/images/offi.png
IP
172.66.45.29:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/index.html
Certificate
IssuerLet's Encrypt
Subjectdocu-y5u.pages.dev
Fingerprint33:58:96:C8:3B:5C:69:F2:98:7D:AC:6E:8C:3B:F7:F0:10:52:FA:65
ValidityThu, 04 Apr 2024 12:13:02 GMT - Wed, 03 Jul 2024 12:13:01 GMT

File type
PNG image data, 864 x 1024, 8-bit/color RGBA, non-interlaced
Size
64 kB (64019 bytes)
Hash
ada6a19789e5c72533c9872541ba42a6
5192839b8888eead65db3ccee7fd68e86e7ccb53
0c1ebf2bbc55550d5f3c379f178f308a1d45e4e885a623a118d3689b1be6c704

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Docusign

HTTP Headers

GET /images/offi.png HTTP/1.1
Host: docu-y5u.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 18:02:39 GMT
content-type: image/png
content-length: 64019
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "75591e4741ce99b7b9792c6359ec3b86"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qNXhgUx0jgF%2FrT6w5qIenCs7qh9XCHxA82YxucfU8W0n3tCd%2B8EhTRhKa2KuQOW33WAbYqRn82FstFv6deo28HAbIxdI%2B%2FBOTIijHDn9TiXFvQjCk3xRCBEk4S2mWYZ07DfVV5o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b5ca9c80056ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

docu-y5u.pages.dev/images/mailo.png

172.66.45.29

200 OK

578 kB

URL GET HTTP/2
docu-y5u.pages.dev/images/mailo.png
IP
172.66.45.29:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/index.html
Certificate
IssuerLet's Encrypt
Subjectdocu-y5u.pages.dev
Fingerprint33:58:96:C8:3B:5C:69:F2:98:7D:AC:6E:8C:3B:F7:F0:10:52:FA:65
ValidityThu, 04 Apr 2024 12:13:02 GMT - Wed, 03 Jul 2024 12:13:01 GMT

File type
PNG image data, 600 x 596, 8-bit/color RGBA, non-interlaced
Size
578 kB (578451 bytes)
Hash
b291bda6b904cd07b552b3ce84266143
d24f424286c59aab5672248de698281be4c1929b
86b84a5512c4a5d4af354ca4978a018f17472e301b4ba7e86a178cdacb709bf3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Docusign

HTTP Headers

GET /images/mailo.png HTTP/1.1
Host: docu-y5u.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 18:02:39 GMT
content-type: image/png
content-length: 578451
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "7ab2cbf852b6162148c033e18b91a6ed"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H%2FOt7jiJ8nczb8s9DCB8jHnULYoL6mYR5Ui2ZVbhgdJAHObPf1goO3DpAGpW%2B5xaCYWdRvzXEfgysP8PLbfYA6jOwrhyG9sL%2BhWngRiwyhUJiqb1N9mYhBYTb8p%2BOG7MsoAKEHE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b5ca9cfff56ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

i.imgur.com/5yZj1kl.png

151.101.244.193

200 OK

34 kB

URL GET HTTP/2
i.imgur.com/5yZj1kl.png
IP
151.101.244.193:443
ASN
#54113 FASTLY

Requested by
https://pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/index.html
Certificate
IssuerSectigo Limited
Subject*.imgur.com
Fingerprint39:5B:E1:0D:4A:FC:A4:C7:F3:71:DE:C4:5C:12:69:F9:5F:58:9F:42
ValidityThu, 15 Feb 2024 00:00:00 GMT - Fri, 14 Feb 2025 23:59:59 GMT

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
Size
34 kB (34197 bytes)
Hash
1d2139ee0d22054e95c8e0fdec395691
eda09f92c8685eec7e31414b3237bda06e331b45
b571e2ee5a15b8ef193d859efd2ad277691302ba2aeca7c4c2d23dfbc768fa8b

HTTP Headers

GET /5yZj1kl.png HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
last-modified: Tue, 29 Nov 2022 15:29:15 GMT
etag: "1d2139ee0d22054e95c8e0fdec395691"
x-amz-cf-pop: IAD12-P2
x-amz-cf-id: Gb4BdggNjqLGSNqIHQlSrGUObW7P8mV3yDC0rUkZ3ZTRTTsvQUNbQg==
cache-control: public, max-age=31536000
accept-ranges: bytes
age: 1335427
date: Wed, 08 May 2024 18:02:39 GMT
x-served-by: cache-iad-kcgs7200055-IAD, cache-hel1410032-HEL
x-cache: Miss from cloudfront, HIT, HIT
x-cache-hits: 857, 0
x-timer: S1715191359.158442,VS0,VE2
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 34197
X-Firefox-Spdy: h2

dev-sqlmfia.pantheonsite.io/sqlfax/jquery.js

23.185.0.3

200 OK

111 kB

URL GET HTTP/2
dev-sqlmfia.pantheonsite.io/sqlfax/jquery.js
IP
23.185.0.3:443
ASN
#54113 FASTLY

Requested by
https://pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/index.html
Certificate
IssuerLet's Encrypt
Subjectpantheonsite.io
FingerprintF0:B6:EE:9C:03:9F:B0:36:8C:F7:7A:BA:A2:D4:49:C5:4D:32:99:59
ValidityMon, 22 Apr 2024 16:38:54 GMT - Sun, 21 Jul 2024 16:38:53 GMT

File type
gzip compressed data, max speed, from Unix
Size
111 kB (110772 bytes)
Hash
8172d84689322bdaeea75e7ce7bb11dc
df3b3ca0004c9ed0360aa7de9360227760f14310
e44c60199f4b663ade3558c66039debab3d5dbc843d6b9ae4b73048ed62d654f

HTTP Headers

GET /sqlfax/jquery.js HTTP/1.1
Host: dev-sqlmfia.pantheonsite.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
content-type: application/x-javascript
etag: W/"65b2d514-47090"
expires: Wed, 08 May 2024 18:02:37 GMT
last-modified: Thu, 25 Jan 2024 21:39:32 GMT
server: nginx
strict-transport-security: max-age=300
x-pantheon-styx-hostname: styx-fe3-a-b789bbb5d-9rbpc
x-styx-req-id: 27fa16aa-0d65-11ef-8076-faa25f1afe88
cache-control: no-cache, must-revalidate
date: Wed, 08 May 2024 18:02:38 GMT
x-served-by: cache-chi-kigq8000028-CHI, cache-hel1410024-HEL
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1715191358.466504,VS0,VE137
vary: Accept-Encoding
x-robots-tag: noindex
age: 0
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish
X-Firefox-Spdy: h2

docu-y5u.pages.dev/css/app.css

172.66.45.29

200 OK

2.7 kB

URL GET HTTP/2
docu-y5u.pages.dev/css/app.css
IP
172.66.45.29:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/index.html
Certificate
IssuerLet's Encrypt
Subjectdocu-y5u.pages.dev
Fingerprint33:58:96:C8:3B:5C:69:F2:98:7D:AC:6E:8C:3B:F7:F0:10:52:FA:65
ValidityThu, 04 Apr 2024 12:13:02 GMT - Wed, 03 Jul 2024 12:13:01 GMT

File type
assembler source, ASCII text, with CRLF line terminators
Size
2.7 kB (2702 bytes)
Hash
9a6e2d743d1d9d8f0248181ef653a179
7787807a7f438b96b250499dd0c3171e15c4133c
abede81197469472079897b5bbfdea971d5df79e9ee8f6e166825a3061b0f3ed

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Docusign

HTTP Headers

GET /css/app.css HTTP/1.1
Host: docu-y5u.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 18:02:39 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"e3fce4bcdec1fd1ce710d5dce319bf87"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MOfgQfGO695hEY%2BeA7qxg8SM8eQ9SjBoXlpQN%2BHn3Eth6e4zfehMTihmz5A7cgnAlP2crFOhu9j%2BShSW%2Bu%2B2ScOOXKEDIRFwpBcQxJResPcbb%2BwGmOD19Sdc7%2FcIyD%2Fc3Mg52Qc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b5ca9cff556ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=TP2m2wr1A0iYP5-ZSyuKX8Zv1TGQkKjHjF1MJrFxTqT_cic6JnLmg3_hd24-fVejB13Lvh7BshytX6TYto4X012aPfTNNeFa2PdVGauVCH9wnAAvx8bFb51iw585jilD
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Wed, 08 May 2024 18:01:01 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 115
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

www.docusign.com/sites/all/themes/custom/docusign/favicons/favicon.ico

0.0.0.0

0 B

URL GET
www.docusign.com/sites/all/themes/custom/docusign/favicons/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/index.html
Certificate
IssuerDigiCert Inc
Subjectwww.docusign.com
Fingerprint2E:4B:A6:1E:A7:6D:EE:E5:14:17:84:6E:4B:CF:55:45:30:B5:3A:69
ValidityTue, 07 May 2024 00:00:00 GMT - Sat, 07 Jun 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sites/all/themes/custom/docusign/favicons/favicon.ico HTTP/1.1
Host: www.docusign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: max-age=31622400
content-type: image/x-icon
etag: "66237e3a-3c2e"
expires: Mon, 21 Apr 2025 11:52:06 GMT
last-modified: Sat, 20 Apr 2024 08:35:06 GMT
server: nginx
x-pantheon-styx-hostname: styx-fe3-b-c7695954b-blb9d
x-styx-req-id: 69236a6b-ff0c-11ee-9bde-7e3417314868
content-encoding: gzip
x-timer: S1713847238.088117,VS0,VE112
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 08 May 2024 18:02:39 GMT
age: 1577434
x-served-by: cache-chi-kigq8000093-CHI, cache-hel1410027-HEL, cache-hel1410031-HEL
x-cache: HIT, MISS, HIT
x-cache-hits: 0, 0, 320
vary: Accept-Encoding, X-Original-Host
strict-transport-security: max-age=31557600; includeSubDomains; preload
set-cookie: ds_ts_re=0; HttpOnly; SameSite=Strict; Secure; Path=/
content-length: 1362
X-Firefox-Spdy: h2

dev-sqlmfia.pantheonsite.io/sqlfax/basic.js

23.185.0.3

200 OK

36 kB

URL GET HTTP/2
dev-sqlmfia.pantheonsite.io/sqlfax/basic.js
IP
23.185.0.3:443
ASN
#54113 FASTLY

Requested by
https://pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/index.html
Certificate
IssuerLet's Encrypt
Subjectpantheonsite.io
FingerprintF0:B6:EE:9C:03:9F:B0:36:8C:F7:7A:BA:A2:D4:49:C5:4D:32:99:59
ValidityMon, 22 Apr 2024 16:38:54 GMT - Sun, 21 Jul 2024 16:38:53 GMT

File type
JavaScript source, ASCII text, with very long lines (35164), with CRLF line terminators
Size
36 kB (35719 bytes)
Hash
6a3f2993f18f8231c1708e4fd1425eb9
95e57e4af4ef3f46537c33b9b6c7a501afb6c7ff
d32ba80189c7a4631859c3085c0ecaa9925f6602d7deba95d5050ad667ca9a63

HTTP Headers

GET /sqlfax/basic.js HTTP/1.1
Host: dev-sqlmfia.pantheonsite.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
content-type: application/x-javascript
etag: W/"6622c6fd-8b87"
expires: Wed, 08 May 2024 18:02:37 GMT
last-modified: Fri, 19 Apr 2024 19:33:17 GMT
server: nginx
strict-transport-security: max-age=300
x-pantheon-styx-hostname: styx-fe3-a-b789bbb5d-84gzx
x-styx-req-id: 27fd62cb-0d65-11ef-bc95-aa06d938f058
cache-control: no-cache, must-revalidate
date: Wed, 08 May 2024 18:02:38 GMT
x-served-by: cache-chi-kigq8000137-CHI, cache-hel1410024-HEL
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1715191358.486439,VS0,VE135
vary: Accept-Encoding
x-robots-tag: noindex
age: 0
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish
X-Firefox-Spdy: h2

cdn.glitch.global/8d5109a6-1873-4f95-9253-bd838b3669c7/video.mp4

151.101.194.132

206 Partial Content

1.7 MB

URL GET HTTP/2
cdn.glitch.global/8d5109a6-1873-4f95-9253-bd838b3669c7/video.mp4
IP
151.101.194.132:443
ASN
#54113 FASTLY

Requested by
https://pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/index.html
Certificate
IssuerLet's Encrypt
Subjectcdn.glitch.global
FingerprintF2:EB:85:15:C1:89:0D:2A:EF:A5:2E:07:1E:4F:69:31:EF:1C:8C:06
ValiditySun, 31 Mar 2024 19:31:34 GMT - Sat, 29 Jun 2024 19:31:33 GMT

File type

Size
1.7 MB (1654775 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /8d5109a6-1873-4f95-9253-bd838b3669c7/video.mp4 HTTP/1.1
Host: cdn.glitch.global
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 206 Partial Content
x-amz-id-2: qXOqNmjef5euvfhVbuyKWHNHSfusznrX8q70XgPUmX4ryfc2no7PJ24cQhX7DU0z2FyFGAdzrPs=
x-amz-request-id: 56K9S0MNVQ9657A3
last-modified: Mon, 04 Apr 2022 12:42:29 GMT
etag: "710095c093f6424f5bad42c310538527"
cache-control: max-age=31536000
content-type: video/mp4
server: AmazonS3
via: 1.1 varnish, 1.1 varnish
access-control-allow-methods: GET, HEAD, POST
access-control-allow-origin: *
content-security-policy: script-src 'none'
accept-ranges: bytes
age: 244121
content-range: bytes 0-20737963/20737964
date: Wed, 08 May 2024 18:02:39 GMT
x-served-by: cache-iad-kiad7000062-IAD, cache-hel1410026-HEL
x-cache: HIT, HIT
x-cache-hits: 2347, 0
x-timer: S1715191360.741200,VS0,VE1
content-length: 20737964
X-Firefox-Spdy: h2

pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/favicon.ico

0.0.0.0

0 B

URL GET
pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/index.html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0
ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Docusign

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: pub-67e1775130984d3b982c6ca41261bc0c.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-67e1775130984d3b982c6ca41261bc0c.r2.dev/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (21)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate