{"report_id":"57696dfd-f59a-4a92-9c4f-9a39988d251e","version":6,"status":"done","tags":["docusign","phishing","suspicious","telegram_bot"],"date":"2026-06-03T10:06:43Z","url":{"schema":"http","addr":"al-akshaintl.com/wp-includes/ydfsdj456/docusign.html","fqdn":"al-akshaintl.com","domain":"al-akshaintl.com","tld":"com"},"ip":{"addr":"103.169.161.66","port":0,"asn":148993,"as":"Diana Host Ltd","country":"Bangladesh","country_code":"BD"},"final":{"url":{"schema":"https","addr":"al-akshaintl.com/wp-includes/ydfsdj456/docusign.html","fqdn":"al-akshaintl.com","domain":"al-akshaintl.com","tld":"com"},"title":"DocuSign Login - Enter your password to sign in","dom":{"size":25386,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (14647)","md5":"2d3c0a50c62a9bf3a947d7abd18a9282","sha1":"9a0b921fc87ee07d07ee3a8222ae04457a4affd5","sha256":"d426ba27033b33ac3bd31a07646f87bd8ea32c6ba390b88575bca09deb58af05","sha512":"81bf9f40a44083870c1d0067f93f9b335d12d0940813ead2bb98c8ec56ecfd7836107f5fc09447b08b963a658b254815efe09695439940a940b876a30ca7566b","ssdeep":"768:X/9y/TAUrSVjp1v17EQCueM/bvyz0b92sc7UGePKzZuKj1ee6ze5K6rJH10O0tO4:M/TAUrSV9ezeerz0O0tOtH0Xf5n","tlshash":"f0b2f921a202253a5417c9ca6656b70bb0f2f20adc53c736fab943648fe3dd37623749","dom_hash":"domhash7d00f4e9cda84fc0be3d4df6e7b77c32","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"al-akshaintl.com/wp-includes/ydfsdj456/docusign.html","fqdn":"al-akshaintl.com","domain":"al-akshaintl.com","tld":"com"},"ip":{"addr":"103.169.161.66","port":0,"asn":148993,"as":"Diana Host Ltd","country":"Bangladesh","country_code":"BD"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-08T10:06:43Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":4,"analyzer":2}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-03T10:06:23Z","timestamp":1780481183,"ip_dst":{"addr":"104.26.12.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":49594,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI","source":"{\"timestamp\":\"2026-06-03T10:06:23.317800+0000\",\"flow_id\":512703074387487,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.27\",\"src_port\":49594,\"dest_ip\":\"104.26.12.205\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2047703,\"rev\":1,\"signature\":\"ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_08_22\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2023_08_22\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"External_IP_Lookup\"],\"updated_at\":[\"2023_08_22\"]}},\"tls\":{\"sni\":\"api.ipify.org\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":915,\"bytes_toclient\":3512,\"start\":\"2026-06-03T10:06:23.312863+0000\"}}"}],"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-03","alert":"Detects file containing Telegram Bot API","trigger":"al-akshaintl.com/wp-includes/ydfsdj456/docusign.html","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"al-akshaintl.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DocuSign","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DocuSign phishing","tags":["docusign","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null}]},"summary":[{"fqdn":"api.ipify.org","ip":{"addr":"104.26.12.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2014-01-05","domain_rank":8166,"first_seen":"2014-10-06T12:38:43Z","last_seen":"2026-06-01T13:23:11.84445Z","alert_count":0,"request_count":1,"received_data":269,"sent_data":452,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"al-akshaintl.com","ip":{"addr":"103.169.161.66","port":443,"asn":148993,"as":"Diana Host Ltd","country":"Bangladesh","country_code":"BD"},"domain_registered":"2023-06-15","domain_rank":0,"first_seen":"2026-06-03T02:53:27.011313Z","last_seen":"2026-06-03T02:53:27.011313Z","alert_count":8,"request_count":2,"received_data":26826,"sent_data":923,"comment":"","tags":null,"fingerprints":[{"name":"jQuery:2.2.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Google Hosted Libraries","description":"Google Hosted Libraries is a stable, reliable, high-speed, globally available content distribution network for the most popular, open-source JavaScript libraries.","website":"https://developers.google.com/speed/libraries","common_platform_enumeration":"","icon":"Google Developers.svg","categories":["CDN"]}]},{"fqdn":"docucdn-a.akamaihd.net","ip":{"addr":"23.36.76.139","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2009-09-14","domain_rank":51084,"first_seen":"2014-04-10T18:55:33Z","last_seen":"2026-06-02T23:43:08.066682Z","alert_count":0,"request_count":1,"received_data":2996,"sent_data":442,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ajax.googleapis.com","ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":3691,"first_seen":"2012-05-22T10:38:03Z","last_seen":"2026-06-01T07:27:10.818968Z","alert_count":0,"request_count":1,"received_data":86564,"sent_data":409,"comment":"","tags":null,"fingerprints":null},{"fqdn":"logo.clearbit.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2003-07-04","domain_rank":185091,"first_seen":"2015-06-30T16:39:45Z","last_seen":"2026-06-02T15:51:13.240688Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":392,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"al-akshaintl.com/wp-includes/ydfsdj456/docusign.html","fqdn":"al-akshaintl.com","domain":"al-akshaintl.com","tld":"com"},"ip":{"addr":"103.169.161.66","port":443,"asn":148993,"as":"Diana Host Ltd","country":"Bangladesh","country_code":"BD"},"md5":"223fe5f60f19a3b99e8ef1f4bc95808f","sha1":"815db07de9d7f749382adbcb9f53d4d8586cfe6a","sha256":"3e23e96c6f763ed5bed796227c623f6330b2125c4e5b07024f3a94c061651728","sha512":"1658406ecfa4c644a3a831293e12aab2e54a29a02c71dc340b1b7f98d165e87bb7a665da8ab415db9cf1b31bda37612acec4e8ccf138138d4dccb8b1e04b5f51","size":3190,"token":"7160511418:AAGmX7q9Wk7iix-wW43ktfDbxFyPBdtgwAs","is_revoked":false,"bot":{"token":"7160511418:AAGmX7q9Wk7iix-wW43ktfDbxFyPBdtgwAs","user_id":"7160511418","username":"DomainsLogs_bot","first_name":"DomainsLogs","last_name":"","chat":{"chat_id":"5680268906","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":2}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DocuSign","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DocuSign phishing","tags":["docusign","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"al-akshaintl.com/wp-includes/ydfsdj456/docusign.html","fqdn":"al-akshaintl.com","domain":"al-akshaintl.com","tld":"com"},"ip":{"addr":"103.169.161.66","port":443,"asn":148993,"as":"Diana Host Ltd","country":"Bangladesh","country_code":"BD"},"introduction_type":"eventHandler","is_inline":false,"md5":"55d41bf1762ab367e34869095adc637a","sha1":"a971c369972c389b280912b9f0c0cf3732694b8d","sha256":"90cafbf1ac4ef47a2ef629011d29aae0bac2c7d96f05506c1df4f5646c417925","sha512":"71c77c6f6c8528716d50dc83abea2ed1fca8a3743f463e39807695a694a82b680806902a621ec0fd4e2479b19d3a7834ac3d62a516ec1f6544cf850beb9cba7a","ssdeep":"","tlshash":"c7200000000000000000030000000000c0000000000000000000000000030000000000","size":3,"data":"","first_seen":"2023-11-26T01:58:04Z","last_seen":"2026-06-03T10:06:45.214519Z","times_seen":5125,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","size":85578,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-06-07T15:02:20.028686Z","times_seen":283778,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"al-akshaintl.com/wp-includes/ydfsdj456/docusign.html","fqdn":"al-akshaintl.com","domain":"al-akshaintl.com","tld":"com"},"ip":{"addr":"103.169.161.66","port":443,"asn":148993,"as":"Diana Host Ltd","country":"Bangladesh","country_code":"BD"},"introduction_type":"scriptElement","is_inline":true,"md5":"223fe5f60f19a3b99e8ef1f4bc95808f","sha1":"815db07de9d7f749382adbcb9f53d4d8586cfe6a","sha256":"3e23e96c6f763ed5bed796227c623f6330b2125c4e5b07024f3a94c061651728","sha512":"1658406ecfa4c644a3a831293e12aab2e54a29a02c71dc340b1b7f98d165e87bb7a665da8ab415db9cf1b31bda37612acec4e8ccf138138d4dccb8b1e04b5f51","ssdeep":"","tlshash":"626111d7759b04b40aea60e6593b834c35b0810b3c00c944b82c9114af35faab57ffd9","size":3190,"data":"","first_seen":"2026-06-03T02:53:30.816171Z","last_seen":"2026-06-03T10:06:45.215082Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-03","alert":"Detects file containing Telegram Bot API","trigger":"al-akshaintl.com/wp-includes/ydfsdj456/docusign.html","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"docucdn-a.akamaihd.net/olive/images/2.47.0/header-logos/docusign.svg","fqdn":"docucdn-a.akamaihd.net","domain":"docucdn-a.akamaihd.net","tld":"akamaihd.net"},"ip":{"addr":"23.36.76.139","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://al-akshaintl.com/wp-includes/ydfsdj456/docusign.html","date":"2026-06-03T10:06:22.941Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a248.e.akamai.net","organization":"Akamai Technologies, Inc."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 22 Dec 2025 00:00:00 GMT","end":"Tue, 22 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:B2:9F:CE:36:F7:1B:99:CD:BB:71:38:B2:10:7D:02:2D:47:8A:F9","sha256":"79:2C:E7:17:B6:65:CA:8A:0A:ED:F9:F7:A3:BA:68:BD:15:B7:BF:81:DA:35:4E:2C:7D:C4:86:9B:F9:F2:2E:62"}}},"request":{"raw":"GET /olive/images/2.47.0/header-logos/docusign.svg HTTP/1.1\r\nHost: docucdn-a.akamaihd.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/svg+xml\r\netag: \"440fe9f91ffea5c808b75d74298423e7:1660684826.417675\"\r\nlast-modified: Fri, 12 Aug 2022 19:56:41 GMT\r\nserver: AkamaiNetStorage\r\ncontent-encoding: br\r\ncontent-length: 1217\r\ncache-control: max-age=31536000\r\ndate: Wed, 03 Jun 2026 10:06:23 GMT\r\nalt-svc: h3=\":443\"; ma=93600,h3-29=\":443\"; ma=93600\r\naccess-control-allow-origin: *\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2544,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"440fe9f91ffea5c808b75d74298423e7","sha1":"c42c5c7b43ef49f1c1a3191efd5624477e9cc549","sha256":"7c5e35b0c8299b8660a9c4f4393c7af2ced0143540a1ecdf266d174b690b779b","sha512":"0483120687cb3130c1830a1fdbccc82a2200d72552be14fa3ae4b73899de1576095b25c3b277b80206190580ca859f87cd38eeeb7ab29c1a49f79841b78d0068","ssdeep":"","tlshash":"c15175e5073461ccf5e71d7bee372885671db8fa7e7681c2824ace948482c54ee45c20","first_seen":"2023-08-10T06:49:41Z","last_seen":"2026-06-03T10:06:45.210287Z","times_seen":2235,"resource_available":false,"data":null}},"time_used":241,"timings":{"blocked":102,"dns":83,"connect":1,"send":0,"wait":30,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://al-akshaintl.com/wp-includes/ydfsdj456/docusign.html","date":"2026-06-03T10:06:22.942Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Thu, 07 May 2026 15:53:15 GMT","end":"Thu, 30 Jul 2026 15:53:14 GMT"},"fingerprint":{"sha1":"19:42:B0:56:3A:E4:79:BF:8B:69:E2:50:F4:76:BF:1E:A9:D7:7A:49","sha256":"D7:FF:C1:46:95:F3:5F:08:04:B0:E1:A8:FE:14:FC:60:19:58:D6:C7:D3:6E:82:B3:64:07:E9:E1:CB:9A:27:8C"}}},"request":{"raw":"GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1\r\nHost: ajax.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"hosted-libraries-pushers\"\r\nreport-to: {\"group\":\"hosted-libraries-pushers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 30028\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 28 May 2026 02:21:40 GMT\r\nexpires: Fri, 28 May 2027 02:21:40 GMT\r\ncache-control: public, max-age=31536000, stale-while-revalidate=2592000\r\nage: 546283\r\nlast-modified: Tue, 03 Mar 2020 19:15:00 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":85578,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (32065)","md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-06-07T15:02:20.028686Z","times_seen":283778,"resource_available":true,"data":null}},"time_used":509,"timings":{"blocked":221,"dns":1,"connect":29,"send":0,"wait":30,"receive":30,"ssl":194},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"logo.clearbit.com/","fqdn":"logo.clearbit.com","domain":"clearbit.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://al-akshaintl.com/wp-includes/ydfsdj456/docusign.html","date":"2026-06-03T10:06:23.290Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: logo.clearbit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T15:09:50.158129Z","times_seen":16214810,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.ipify.org/?format=json","fqdn":"api.ipify.org","domain":"ipify.org","tld":"org"},"ip":{"addr":"104.26.12.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://al-akshaintl.com/wp-includes/ydfsdj456/docusign.html","date":"2026-06-03T10:06:23.314Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ipify.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 29 Apr 2026 21:16:17 GMT","end":"Tue, 28 Jul 2026 22:16:15 GMT"},"fingerprint":{"sha1":"6D:CC:48:D6:E1:8C:50:0D:7C:B9:13:15:F0:18:E0:73:56:59:60:F7","sha256":"00:FD:76:18:CB:8D:B6:5A:4C:B7:0A:37:77:28:B1:01:5C:3D:6A:E4:2D:06:02:C1:9D:B8:6B:F8:6F:F8:31:77"}}},"request":{"raw":"GET /?format=json HTTP/1.1\r\nHost: api.ipify.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://al-akshaintl.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 03 Jun 2026 10:06:23 GMT\r\ncontent-type: application/json\r\ncontent-length: 21\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\nvary: Origin\r\ncf-cache-status: DYNAMIC\r\ncf-ray: a05de283c98d5688-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"7d69c71af0f191e9a72db6153f8018d1","sha1":"f67c5f2887bc05654b47f76e9621e53a4091aed1","sha256":"5bac6e06cf0e1ad38c55f9f9d12122272bf4b8157877629fe68cd33fe2133c65","sha512":"fdf43a8f3d843fe9008949d6709c8e2a5cd640f6101522319745f0a829f21dc8f4bd4d70ff3e2f6e1fd53ca0d2dd872bf3588c593a403071102ab28763cbdba5","ssdeep":"","tlshash":"b8700022000000208c80800eca0a032223a0000ac20a00088e800b2288a0b380282032","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-06-07T07:51:18.251001Z","times_seen":93313,"resource_available":false,"data":null}},"time_used":133,"timings":{"blocked":15,"dns":8,"connect":1,"send":0,"wait":94,"receive":0,"ssl":12},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"al-akshaintl.com/favicon.ico","fqdn":"al-akshaintl.com","domain":"al-akshaintl.com","tld":"com"},"ip":{"addr":"103.169.161.66","port":443,"asn":148993,"as":"Diana Host Ltd","country":"Bangladesh","country_code":"BD"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://al-akshaintl.com/wp-includes/ydfsdj456/docusign.html","date":"2026-06-03T10:06:23.312Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.al-akshaintl.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 19:25:54 GMT","end":"Sat, 18 Jul 2026 19:25:53 GMT"},"fingerprint":{"sha1":"1B:C2:ED:C1:AA:0E:17:02:A7:D4:1F:63:62:76:13:A3:79:2E:0B:5C","sha256":"F9:36:50:6B:B7:27:19:EF:91:2A:68:83:B8:2C:28:1B:44:3A:BF:D5:8E:35:09:52:4D:74:EA:1D:FC:C2:F5:90"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: al-akshaintl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\ncontent-type: text/html\r\ncontent-length: 796\r\ndate: Wed, 03 Jun 2026 10:06:23 GMT\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":796,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF, LF line terminators","md5":"265e51037981a14ed99a5fc8c5ec1b51","sha1":"d12ac588953298fdaf46dd5b4af8eb4cf6b06f0a","sha256":"c4b07931b3fc37bc80d56a367783e7fa7c04ced4befec7f57ed079c38c960400","sha512":"b18aa610811c5f9bc1dd829ad90a95568e81a41e1fd1472983dc00147f65045fd91fbc498b5263ce4f4c88b041be21f186ed2ce357d3bcf86c0429ca18991151","ssdeep":"","tlshash":"1101f12ac182a80fe0231070fa91e37451594212629b4f647b9ff676f6ce1ab56b22cc","first_seen":"2024-02-05T05:35:22Z","last_seen":"2026-06-07T07:22:14.267481Z","times_seen":46569,"resource_available":true,"data":null}},"time_used":708,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":708,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"al-akshaintl.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DocuSign","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DocuSign phishing","tags":["docusign","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"al-akshaintl.com/wp-includes/ydfsdj456/docusign.html","fqdn":"al-akshaintl.com","domain":"al-akshaintl.com","tld":"com"},"ip":{"addr":"103.169.161.66","port":443,"asn":148993,"as":"Diana Host Ltd","country":"Bangladesh","country_code":"BD"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-03T10:06:21.978Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.al-akshaintl.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 19:25:54 GMT","end":"Sat, 18 Jul 2026 19:25:53 GMT"},"fingerprint":{"sha1":"1B:C2:ED:C1:AA:0E:17:02:A7:D4:1F:63:62:76:13:A3:79:2E:0B:5C","sha256":"F9:36:50:6B:B7:27:19:EF:91:2A:68:83:B8:2C:28:1B:44:3A:BF:D5:8E:35:09:52:4D:74:EA:1D:FC:C2:F5:90"}}},"request":{"raw":"GET /wp-includes/ydfsdj456/docusign.html HTTP/1.1\r\nHost: al-akshaintl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\nlast-modified: Mon, 01 Jun 2026 16:52:50 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 6710\r\ndate: Wed, 03 Jun 2026 10:06:22 GMT\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery:2.2.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Google Hosted Libraries","description":"Google Hosted Libraries is a stable, reliable, high-speed, globally available content distribution network for the most popular, open-source JavaScript libraries.","website":"https://developers.google.com/speed/libraries","common_platform_enumeration":"","icon":"Google Developers.svg","categories":["CDN"]}],"data":{"size":25243,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (14640), with CRLF line terminators","md5":"aebfbef76f566d489f9d8e7df86405a6","sha1":"c5ea2032054a34c7c383f608ec6d3d8cc50b0637","sha256":"96d49541856f8fbfa0fd357ba39d01c446945d45354ea794fc46dd424e87acce","sha512":"cff8c88718a89685075081d56e6bc789dcb0acc9255690e1740dc68a0ce96f376f0f5594bc81328e3a2fdd2b50cc4a57e774221ab4b8782064a950a28e4dc844","ssdeep":"768:n/9y/TAUrSVNaerkUeeKugF0k0P5Qh07Sw2:8/TAUrSVgeTeeS0k0P5Qh07Sw2","tlshash":"71b2e961a202253a5823c9da6562a30bf0b2f207dd53c735f9ba43288fd7dd77623749","first_seen":"2026-06-03T02:53:30.811551Z","last_seen":"2026-06-03T10:06:45.213302Z","times_seen":2,"resource_available":true,"data":null}},"time_used":1163,"timings":{"blocked":374,"dns":0,"connect":181,"send":0,"wait":414,"receive":1,"ssl":190},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-03","alert":"Detects file containing Telegram Bot API","trigger":"al-akshaintl.com/wp-includes/ydfsdj456/docusign.html","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"al-akshaintl.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DocuSign","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DocuSign phishing","tags":["docusign","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null}]}}]}