| melbournevetservices.com/pprLh6g4Pksz9Bhavk8q07ag4Pvk8wR15rldwg4PdLh6jx3z9BR15WPy |  172.67.144.117 | | 9.3 kB |
URL melbournevetservices.com/pprLh6g4Pksz9Bhavk8q07ag4Pvk8wR15rldwg4PdLh6jx3z9BR15WPy IP172.67.144.117:0
File typeJavaScript source, ASCII text, with very long lines (1101) Hash77135d7407235aa1776cb653296ddcfa 1ff402d7e3a093d1f190e99a7521d6677cd5acc9 f270d692ccb9f559c4b9274872f231870d7b78738af3a185e3132248a4e1472f
GET /pprLh6g4Pksz9Bhavk8q07ag4Pvk8wR15rldwg4PdLh6jx3z9BR15WPy HTTP/1.1
Host: melbournevetservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
date: Tue, 07 May 2024 08:20:48 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/5.6.40
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sj32u%2FeHYo%2Bes8CALmOVzel2DMIpscI9SZLmBTDQ9qnecZt%2BkreVfC65skUHtownFZhwSO2jl0D8R4lxHoslMQCF6zbFaYsjQtZXLuZiqQsh%2Fas9TneJvzWLmblsP4zMoAYaTHchQ8q4m5s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ffcaf0ecd756cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| aadcdn.msftauth.net/shared/1.0/content/js/oneDs_472fa3a12b65cf387ccd.js | 152.199.23.37 | | 26 kB |
URL aadcdn.msftauth.net/shared/1.0/content/js/oneDs_472fa3a12b65cf387ccd.js IP152.199.23.37:0
File typeJavaScript source, ASCII text, with very long lines (49529) Hashcfa8ba56849c0b404d176f121879730a 5b7876a7d7edcb703a0854f0011de1ee01183ec9 235b558b77ab36f63c1439a68ac2410aaf8f42f7b9c93c0bfdc9af662abab8b6
GET /shared/1.0/content/js/oneDs_472fa3a12b65cf387ccd.js HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://melbournevetservices.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 3711243
cache-control: public, max-age=31536000
content-md5: xAmVJ4UrtXATagLD0tDXoQ==
content-type: application/x-javascript
date: Tue, 07 May 2024 08:20:48 GMT
etag: 0x8D9942E72241B02
last-modified: Thu, 21 Oct 2021 01:02:25 GMT
server: ECAcc (ska/F6E6)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 1c2131fe-001e-0077-1496-7e7928000000
x-ms-version: 2009-09-19
content-length: 26117
X-Firefox-Spdy: h2
|
|
| aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_12dabd9245715d165757.js | 152.199.23.37 | | 5.4 kB |
URL aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_12dabd9245715d165757.js IP152.199.23.37:0
File typeJavaScript source, ASCII text, with very long lines (14442) Hashef8b670e11ba41bca22629ae914377e0 ad19924e781747b81a8e3116b98c8b2fe2d9b83b 2b3df4d53882fba74216d365e7344c782145f2faf8e08a2d69c548f5fbc7fbf5
GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_12dabd9245715d165757.js HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://melbournevetservices.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 3711243
cache-control: public, max-age=31536000
content-md5: +lZRrDLGp8Gp/hURw2aXyQ==
content-type: application/x-javascript
date: Tue, 07 May 2024 08:20:48 GMT
etag: 0x8D99FD65BAB30A3
last-modified: Thu, 04 Nov 2021 21:02:05 GMT
server: ECAcc (ska/F7BE)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 2c1341af-a01e-00bd-0696-7ef379000000
x-ms-version: 2009-09-19
content-length: 5386
X-Firefox-Spdy: h2
|
|
| aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css | 152.199.23.37 | | 20 kB |
URL aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css IP152.199.23.37:0
File typeASCII text, with very long lines (61177) Hash29f1d1172158f929b64cc926e4521c0b af19579c25ebbfd3bbc82a5ab77479647fe02ab8 8b6a3b17737161e5fe8c29e401372a94b8e650226cf0cd17b4c3c4de5b380b11
GET /ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://melbournevetservices.com
DNT: 1
Connection: keep-alive
Referer: https://melbournevetservices.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 3718406
cache-control: public, max-age=31536000
content-md5: 0O2H9juGYL0zkzcYWr0NIg==
content-type: text/css
date: Tue, 07 May 2024 08:20:48 GMT
etag: 0x8D982C8F03AF4D4
last-modified: Tue, 28 Sep 2021 21:42:58 GMT
server: ECAcc (ska/F769)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 795572af-c01e-00d3-2c85-7e1346000000
x-ms-version: 2009-09-19
content-length: 19877
X-Firefox-Spdy: h2
|
|
| aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_a6PeIgafSneuouox-qU5OA2.js | 152.199.23.37 | | 129 kB |
URL aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_a6PeIgafSneuouox-qU5OA2.js IP152.199.23.37:0
File typeJavaScript source, ASCII text, with very long lines (64616) Size129 kB (128665 bytes) Hash6ba3de22069f4a77aea2ea31faa53938 05dea88e8d1f201378424db6f51ef190950eb522 ce768e83be373f5303ce3117cba6e60874a328c5fb740fb4dbc14989105e0a0d
GET /shared/1.0/content/js/ConvergedLogin_PCore_a6PeIgafSneuouox-qU5OA2.js HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://melbournevetservices.com
DNT: 1
Connection: keep-alive
Referer: https://melbournevetservices.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 3718406
cache-control: public, max-age=31536000
content-md5: e+GEpArZIh9idGnWSOj0zg==
content-type: application/x-javascript
date: Tue, 07 May 2024 08:20:48 GMT
etag: 0x8D99FD6608B3F3E
last-modified: Thu, 04 Nov 2021 21:02:14 GMT
server: ECAcc (ska/F7A6)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: d81ad06d-601e-00d9-5685-7e1d53000000
x-ms-version: 2009-09-19
content-length: 128665
X-Firefox-Spdy: h2
|
|
| aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js | 152.199.23.37 | | 13 kB |
URL aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js IP152.199.23.37:0
File typeUnicode text, UTF-8 text, with very long lines (32002) Hashfa18dc190c5f6455340b0cdb2da083a9 7ade83ba171abee5803d093cca708d45954eb4fa a423ac7e2310bc44a1defeb1f6df180cab8a59442e7f41d093f21649fcc86e69
GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://melbournevetservices.com
DNT: 1
Connection: keep-alive
Referer: https://melbournevetservices.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 3718406
cache-control: public, max-age=31536000
content-md5: GYbSFdLE8Xb9pCzSg7cJ6A==
content-type: application/x-javascript
date: Tue, 07 May 2024 08:20:48 GMT
etag: 0x8D992B5E417004E
last-modified: Tue, 19 Oct 2021 04:06:56 GMT
server: ECAcc (ska/F73C)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: ad9d3dd4-901e-004a-2385-7e8722000000
x-ms-version: 2009-09-19
content-length: 12608
X-Firefox-Spdy: h2
|
|
| aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg | 152.199.23.37 | | 673 B |
URL aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg IP152.199.23.37:0
File typeSVG Scalable Vector Graphics image Hashbc3d32a696895f78c19df6c717586a5d 9191cb156a30a3ed79c44c0a16c95159e8ff689d 0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://melbournevetservices.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 3736057
cache-control: public, max-age=31536000
content-md5: DhdidjYrlCeaRJJRG/y9mA==
content-type: image/svg+xml
date: Tue, 07 May 2024 08:20:48 GMT
etag: 0x8D7B007297AE131
last-modified: Wed, 12 Feb 2020 22:01:50 GMT
server: ECAcc (ska/F732)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 52d23733-f01e-004c-3a5c-7e7d2e000000
x-ms-version: 2009-09-19
content-length: 673
X-Firefox-Spdy: h2
|
|
| aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico | 13.107.246.53 | | 17 kB |
URL aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico IP13.107.246.53:0 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
File typeMS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors Hash12e3dac858061d088023b2bd48e2fa96 e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://melbournevetservices.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 08:20:48 GMT
content-type: image/x-icon
content-length: 17174
cache-control: public, max-age=31536000
last-modified: Sun, 18 Oct 2020 03:02:03 GMT
etag: 0x8D8731230C851A6
x-ms-request-id: 03b53544-801e-0052-580c-9fd0a9000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240507T082048Z-er15bb998b7jkprxhhpw58pbtc000000026g000000005whm
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| login.live.com/Me.htm?v=3 |  20.190.177.83 | | 1.1 kB |
URL login.live.com/Me.htm?v=3 IP20.190.177.83:0 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
File typeHTML document, ASCII text, with very long lines (2345), with CRLF line terminators Hashe86ef8b6111e5fb1d1665bcdc90888c9 994bf7651cb967cd9053056af2d69acb74db7f29 3410242720de50b090d07a23aee2dad879b31d36f2615732962ec4cfa8a9d458
GET /Me.htm?v=3 HTTP/1.1
Host: login.live.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://melbournevetservices.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=315360000
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: Fri, 05 May 2034 08:20:48 GMT
Vary: Accept-Encoding
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Referrer-Policy: strict-origin-when-cross-origin
x-ms-route-info: C547_BL2
x-ms-request-id: 48f0de5d-fe55-4724-b648-a5e996b33ae2
PPServer: PPV: 30 H: BL02EPF0001D985 V: 0
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
Set-Cookie: uaid=cfb8b7f4c8cf41c2bf1d8454cec497da; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
MSPRequ=id=N<=1715070048&co=1; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
Date: Tue, 07 May 2024 08:20:48 GMT
Content-Length: 1132
|
|
| www.docusign.net/Member/EmailStart.aspx?r=c1ay266fd-5962-4e8c-8d7e-k97828cf6565e | 162.248.184.178 | | 199 B |
URL www.docusign.net/Member/EmailStart.aspx?r=c1ay266fd-5962-4e8c-8d7e-k97828cf6565e IP162.248.184.178:0
File typeHTML document, ASCII text, with CRLF line terminators Hash95ae00e252fdf30c5904fb9cf15186f2 26489148ac43c958af88addac5d4da147e4fbcac 68eb562d8224495df33d36867e17e1ec10ebe5cc785fca0c84a1faac371f113c
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Docusign |
GET /Member/EmailStart.aspx?r=c1ay266fd-5962-4e8c-8d7e-k97828cf6565e HTTP/1.1
Host: www.docusign.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /Member/EmailStart.aspx?r=c1ay266fd-5962-4e8c-8d7e-k97828cf6565e&cookiecheck=1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Set-Cookie: pvm=SE102FE38_8812; path=/; secure; HttpOnly; SameSite=None
ASP.NET_SessionId=44dwdlcjsr2ddsfr0srxapmi; path=/; secure; HttpOnly; SameSite=None
__AntiXsrfMemberToken=2f755cb708eb4be2a4f9c2c92f76db9d; path=/; secure; HttpOnly; SameSite=None
DocuSignCookieCheck=1; expires=Fri, 01-Jan-2500 08:00:00 GMT; path=/; secure; HttpOnly; SameSite=None
BIGipDocuSign_NA1=!PhVjMVGFAoT5TVG7IZ73o+v3qY2ncprYVNMCCR8YmFpedOBMI+jgLeAA+J8vBnlytHatWrd5xyFwqg==; path=/; Httponly; Secure
X-DocuSign-Node: SE102FE38
Date: Tue, 07 May 2024 08:20:49 GMT
Content-Length: 199
|
|
| www.docusign.net/Member/EmailStart.aspx?r=c1ay266fd-5962-4e8c-8d7e-k97828cf6565e&cookiecheck=1 | 162.248.184.178 | | 142 B |
URL www.docusign.net/Member/EmailStart.aspx?r=c1ay266fd-5962-4e8c-8d7e-k97828cf6565e&cookiecheck=1 IP162.248.184.178:0
File typeHTML document, ASCII text, with CRLF line terminators Hash041791671d1da5fde0c815331682ccda 7ae1edfe932a17354478fbd0dc7ba75823b8134f 6d8d012d29684a8d52a7d39ed457d99b8d43930ed00fa6d571d2538de64d5a4f
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Docusign |
GET /Member/EmailStart.aspx?r=c1ay266fd-5962-4e8c-8d7e-k97828cf6565e&cookiecheck=1 HTTP/1.1
Host: www.docusign.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: pvm=SE102FE38_8812; ASP.NET_SessionId=44dwdlcjsr2ddsfr0srxapmi; __AntiXsrfMemberToken=2f755cb708eb4be2a4f9c2c92f76db9d; DocuSignCookieCheck=1; BIGipDocuSign_NA1=!PhVjMVGFAoT5TVG7IZ73o+v3qY2ncprYVNMCCR8YmFpedOBMI+jgLeAA+J8vBnlytHatWrd5xyFwqg==
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /Member/IncorrectURL.aspx
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Set-Cookie: pvm=SE102FE38_8812; path=/; secure; HttpOnly; SameSite=None
MemberConsoleMobile=; path=/; secure; HttpOnly; SameSite=None
Branding=DistributorCode=DocuSign&ProductName=DocuSign; expires=Thu, 01-Jan-2026 08:00:00 GMT; path=/; secure; HttpOnly; SameSite=None
BIGipDocuSign_NA1=!9keraF+EHs8cdKm7IZ73o+v3qY2ncuKioR4ERUkDJDD3lgVVt9CRmY9riTv1zIgQ762JCvtJE/iO3g==; path=/; Httponly; Secure
X-DocuSign-Node: SE102FE38
Date: Tue, 07 May 2024 08:20:49 GMT
Content-Length: 142
|
|
| www.docusign.net/Member/IncorrectURL.aspx | 162.248.184.178 | | 62 kB |
URL www.docusign.net/Member/IncorrectURL.aspx IP162.248.184.178:0
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (14693), with CRLF line terminators Hashb9574c4ac5ed78241e00a6f6675c6ad1 1231ebe77093587015376d4f7b011d25e1031a5c facd6ab6d0b958f768e83b923fa901dbeaf99e1d0c669724b0064eb91552c14e
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Docusign |
GET /Member/IncorrectURL.aspx HTTP/1.1
Host: www.docusign.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: pvm=SE102FE38_8812; ASP.NET_SessionId=44dwdlcjsr2ddsfr0srxapmi; __AntiXsrfMemberToken=2f755cb708eb4be2a4f9c2c92f76db9d; DocuSignCookieCheck=1; BIGipDocuSign_NA1=!9keraF+EHs8cdKm7IZ73o+v3qY2ncuKioR4ERUkDJDD3lgVVt9CRmY9riTv1zIgQ762JCvtJE/iO3g==; MemberConsoleMobile=; Branding=DistributorCode=DocuSign&ProductName=DocuSign
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Set-Cookie: pvm=SE102FE38_8812; path=/; secure; HttpOnly; SameSite=None
MemberConsoleMobile=; path=/; secure; HttpOnly; SameSite=None
Branding=DistributorCode=DocuSign&ProductName=DocuSign; expires=Thu, 01-Jan-2026 08:00:00 GMT; path=/; secure; HttpOnly; SameSite=None
BIGipDocuSign_NA1=!VsfMoy5PXayF+Aa7IZ73o+v3qY2ncsQXI6LUI+D1IESaCy3KRofSJ6i2eiw5bOHXr5QfGZgru/Cs+A==; path=/; Httponly; Secure
X-DocuSign-Node: SE102FE38
Date: Tue, 07 May 2024 08:20:49 GMT
Content-Length: 61528
|
|
| docucdn-a.akamaihd.net/signing/1.9.0/css/font-faces.css |  23.36.76.243 | 200 OK | 557 B |
URL GET HTTP/2docucdn-a.akamaihd.net/signing/1.9.0/css/font-faces.css IP23.36.76.243:443 ASN#20940 Akamai International B.V.
Requested byhttps://www.docusign.net/Member/IncorrectURL.aspx#/0.16938969361102/authorize?client_id=0.16938969361102-0ff1-0.13520826638453&auth=10.64423448808688-0.060982154245014 CertificateIssuerDigiCert Inc Subjecta248.e.akamai.net FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9 ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File typeASCII text, with very long lines (394) Hash6108bd319a568f571b8c44f75eeda9a1 db6a905e4ed7c8db27d91883367e15609139f828 129f4c25b5ec38ba815cbdf948a6f73c388b12774b32ed200eed51318dd06bde
GET /signing/1.9.0/css/font-faces.css HTTP/1.1
Host: docucdn-a.akamaihd.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.docusign.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-type: text/css
etag: "6108bd319a568f571b8c44f75eeda9a1:1413400521"
last-modified: Wed, 15 Oct 2014 19:14:55 GMT
server: AkamaiNetStorage
content-encoding: gzip
content-length: 557
cache-control: max-age=30494616
date: Tue, 07 May 2024 08:20:50 GMT
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| www.docusign.net/Member/Images/logo_docusign_new.png | 162.248.184.178 | 200 OK | 3.5 kB |
URL GET HTTP/1.1www.docusign.net/Member/Images/logo_docusign_new.png IP162.248.184.178:443
Requested byhttps://www.docusign.net/Member/IncorrectURL.aspx#/0.16938969361102/authorize?client_id=0.16938969361102-0ff1-0.13520826638453&auth=10.64423448808688-0.060982154245014 CertificateIssuerDigiCert Inc Subjectwww.docusign.net Fingerprint3F:15:A9:0C:37:06:03:9C:54:55:8C:C2:FF:DB:BC:94:FF:1A:D5:09 ValidityMon, 22 May 2023 00:00:00 GMT - Fri, 21 Jun 2024 23:59:59 GMT
File typePNG image data, 231 x 76, 8-bit/color RGBA, non-interlaced Hash044b1bafe33f65ba9dd03d14b6cda242 ca6e879bb34c0a89343c1daabec2d9114e0637c9 d9836397cb6cd908ad639ae32fea57d7173b8bc3494be7b8c73b5cea7442e733
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Docusign |
GET /Member/Images/logo_docusign_new.png HTTP/1.1
Host: www.docusign.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.docusign.net/Member/IncorrectURL.aspx
Cookie: pvm=SE102FE38_8812; ASP.NET_SessionId=44dwdlcjsr2ddsfr0srxapmi; __AntiXsrfMemberToken=2f755cb708eb4be2a4f9c2c92f76db9d; DocuSignCookieCheck=1; BIGipDocuSign_NA1=!VsfMoy5PXayF+Aa7IZ73o+v3qY2ncsQXI6LUI+D1IESaCy3KRofSJ6i2eiw5bOHXr5QfGZgru/Cs+A==; MemberConsoleMobile=; Branding=DistributorCode=DocuSign&ProductName=DocuSign
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
ETag: "c99e1b125e85da1:0"
X-DocuSign-Node: SE102FE38
Date: Tue, 07 May 2024 08:20:50 GMT
Content-Length: 3537
Set-Cookie: BIGipDocuSign_NA1=!VD6PxKQG36+rH9m7IZ73o+v3qY2nco3lUiVP+pHHFQoS6WUpaKXcRtohD02AqlomSGj/MPGdDpU4bg==; path=/; Httponly; Secure
|
|
| www.docusign.net/Member/Images/backgrounds/body_background.png | 162.248.184.178 | 200 OK | 17 kB |
URL GET HTTP/1.1www.docusign.net/Member/Images/backgrounds/body_background.png IP162.248.184.178:443
Requested byhttps://www.docusign.net/Member/IncorrectURL.aspx#/0.16938969361102/authorize?client_id=0.16938969361102-0ff1-0.13520826638453&auth=10.64423448808688-0.060982154245014 CertificateIssuerDigiCert Inc Subjectwww.docusign.net Fingerprint3F:15:A9:0C:37:06:03:9C:54:55:8C:C2:FF:DB:BC:94:FF:1A:D5:09 ValidityMon, 22 May 2023 00:00:00 GMT - Fri, 21 Jun 2024 23:59:59 GMT
File typePNG image data, 150 x 150, 8-bit/color RGB, non-interlaced Hash8cfd38bf6f923dec6e548a7bac738ecb d386c3c838466f13a7f2a6ab8c24902cdc2472ca 05d3d302721835f6a6729557f2c436c2cb58e0629219a1de437a6f0e802451e4
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Docusign |
GET /Member/Images/backgrounds/body_background.png HTTP/1.1
Host: www.docusign.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.docusign.net/Member/IncorrectURL.aspx
Cookie: pvm=SE102FE38_8812; ASP.NET_SessionId=44dwdlcjsr2ddsfr0srxapmi; __AntiXsrfMemberToken=2f755cb708eb4be2a4f9c2c92f76db9d; DocuSignCookieCheck=1; BIGipDocuSign_NA1=!VsfMoy5PXayF+Aa7IZ73o+v3qY2ncsQXI6LUI+D1IESaCy3KRofSJ6i2eiw5bOHXr5QfGZgru/Cs+A==; MemberConsoleMobile=; Branding=DistributorCode=DocuSign&ProductName=DocuSign
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
ETag: "9138f5115e85da1:0"
X-DocuSign-Node: SE102FE38
Date: Tue, 07 May 2024 08:20:50 GMT
Content-Length: 17405
Set-Cookie: BIGipDocuSign_NA1=!7E2uVvMc4NFZyji7IZ73o+v3qY2nctpxmRYxjTW4cbbHzhMOy0nY39vq1PG1O2aDX4hPRAEicxz49g==; path=/; Httponly; Secure
|
|
| www.docusign.net/Member/Images/backgrounds/header_logo_gradient.png | 162.248.184.178 | 200 OK | 1.0 kB |
URL GET HTTP/1.1www.docusign.net/Member/Images/backgrounds/header_logo_gradient.png IP162.248.184.178:443
Requested byhttps://www.docusign.net/Member/IncorrectURL.aspx#/0.16938969361102/authorize?client_id=0.16938969361102-0ff1-0.13520826638453&auth=10.64423448808688-0.060982154245014 CertificateIssuerDigiCert Inc Subjectwww.docusign.net Fingerprint3F:15:A9:0C:37:06:03:9C:54:55:8C:C2:FF:DB:BC:94:FF:1A:D5:09 ValidityMon, 22 May 2023 00:00:00 GMT - Fri, 21 Jun 2024 23:59:59 GMT
File typePNG image data, 1 x 47, 8-bit/color RGBA, non-interlaced Hashb5a26b5668e9f2cebf1f507c31e94250 8aa3b50e6695c4e3e027888551e7e06b9c245a12 3a462b49641bceee199faf313b60d6bb3a35fe5768161204266d4897b1272f4c
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Docusign |
GET /Member/Images/backgrounds/header_logo_gradient.png HTTP/1.1
Host: www.docusign.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.docusign.net/Member/IncorrectURL.aspx
Cookie: pvm=SE102FE38_8812; ASP.NET_SessionId=44dwdlcjsr2ddsfr0srxapmi; __AntiXsrfMemberToken=2f755cb708eb4be2a4f9c2c92f76db9d; DocuSignCookieCheck=1; BIGipDocuSign_NA1=!VsfMoy5PXayF+Aa7IZ73o+v3qY2ncsQXI6LUI+D1IESaCy3KRofSJ6i2eiw5bOHXr5QfGZgru/Cs+A==; MemberConsoleMobile=; Branding=DistributorCode=DocuSign&ProductName=DocuSign
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
ETag: "ec26f8115e85da1:0"
X-DocuSign-Node: SE102FE38
Date: Tue, 07 May 2024 08:20:50 GMT
Content-Length: 1030
Set-Cookie: BIGipDocuSign_NA1=!H64j7q7OjO439W27IZ73o+v3qY2nchFwdZln2hjRprHKuXxiFRFqYCEdfP0cgICGeoU7D/KrpgYO3g==; path=/; Httponly; Secure
|
|
| www.docusign.net/Member/Images/backgrounds/header_logo_frame_left.png | 162.248.184.178 | 200 OK | 3.1 kB |
URL GET HTTP/1.1www.docusign.net/Member/Images/backgrounds/header_logo_frame_left.png IP162.248.184.178:443
Requested byhttps://www.docusign.net/Member/IncorrectURL.aspx#/0.16938969361102/authorize?client_id=0.16938969361102-0ff1-0.13520826638453&auth=10.64423448808688-0.060982154245014 CertificateIssuerDigiCert Inc Subjectwww.docusign.net Fingerprint3F:15:A9:0C:37:06:03:9C:54:55:8C:C2:FF:DB:BC:94:FF:1A:D5:09 ValidityMon, 22 May 2023 00:00:00 GMT - Fri, 21 Jun 2024 23:59:59 GMT
File typePNG image data, 17 x 47, 8-bit/color RGBA, non-interlaced Hash691b9a93274440f31b500f561ab8ce45 242f7ddb2d53395cc263a498bda09d897e8b9928 819ab23053986121d868a42950e5ee915daf2848dc8273bf5f513a061e735050
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Docusign |
GET /Member/Images/backgrounds/header_logo_frame_left.png HTTP/1.1
Host: www.docusign.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.docusign.net/Member/IncorrectURL.aspx
Cookie: pvm=SE102FE38_8812; ASP.NET_SessionId=44dwdlcjsr2ddsfr0srxapmi; __AntiXsrfMemberToken=2f755cb708eb4be2a4f9c2c92f76db9d; DocuSignCookieCheck=1; BIGipDocuSign_NA1=!VsfMoy5PXayF+Aa7IZ73o+v3qY2ncsQXI6LUI+D1IESaCy3KRofSJ6i2eiw5bOHXr5QfGZgru/Cs+A==; MemberConsoleMobile=; Branding=DistributorCode=DocuSign&ProductName=DocuSign
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
ETag: "ebfff7115e85da1:0"
X-DocuSign-Node: SE102FE38
Date: Tue, 07 May 2024 08:20:50 GMT
Content-Length: 3141
|
|
| www.docusign.net/Signing/Images/logo_docusign_new_white.png | 162.248.184.178 | 200 OK | 4.0 kB |
URL GET HTTP/1.1www.docusign.net/Signing/Images/logo_docusign_new_white.png IP162.248.184.178:443
Requested byhttps://www.docusign.net/Member/IncorrectURL.aspx#/0.16938969361102/authorize?client_id=0.16938969361102-0ff1-0.13520826638453&auth=10.64423448808688-0.060982154245014 CertificateIssuerDigiCert Inc Subjectwww.docusign.net Fingerprint3F:15:A9:0C:37:06:03:9C:54:55:8C:C2:FF:DB:BC:94:FF:1A:D5:09 ValidityMon, 22 May 2023 00:00:00 GMT - Fri, 21 Jun 2024 23:59:59 GMT
File typePNG image data, 231 x 76, 8-bit/color RGBA, non-interlaced Hash2b83c7b55dd89651ccbf62a5153d1984 e6664bc6d6ac06aac70abbe21cbd83adb776441a edd5eb91a05ef65653a6e9c4ddb60482ee93ad2994c1925cd2b7a310e7bdcc73
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Docusign |
GET /Signing/Images/logo_docusign_new_white.png HTTP/1.1
Host: www.docusign.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.docusign.net/Member/IncorrectURL.aspx
Cookie: pvm=SE102FE38_8812; ASP.NET_SessionId=44dwdlcjsr2ddsfr0srxapmi; __AntiXsrfMemberToken=2f755cb708eb4be2a4f9c2c92f76db9d; DocuSignCookieCheck=1; BIGipDocuSign_NA1=!VsfMoy5PXayF+Aa7IZ73o+v3qY2ncsQXI6LUI+D1IESaCy3KRofSJ6i2eiw5bOHXr5QfGZgru/Cs+A==; MemberConsoleMobile=; Branding=DistributorCode=DocuSign&ProductName=DocuSign
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Type: image/png
ETag: "ce7649135e85da1:0"
X-DocuSign-Node: SE102FE38
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Tue, 07 May 2024 08:20:50 GMT
Content-Length: 4010
Set-Cookie: BIGipDocuSign_NA1=!YuNYZtmxuVl8ui67IZ73o+v3qY2ncvuee+nPntfGaw9QCs/l5p3TGOoKyZ/yH3iOKjIW6S6W4rWoxg==; path=/; Httponly; Secure
|
|
| www.docusign.net/Member/Images/backgrounds/header_logo_frame_right.png | 162.248.184.178 | 200 OK | 3.2 kB |
URL GET HTTP/1.1www.docusign.net/Member/Images/backgrounds/header_logo_frame_right.png IP162.248.184.178:443
Requested byhttps://www.docusign.net/Member/IncorrectURL.aspx#/0.16938969361102/authorize?client_id=0.16938969361102-0ff1-0.13520826638453&auth=10.64423448808688-0.060982154245014 CertificateIssuerDigiCert Inc Subjectwww.docusign.net Fingerprint3F:15:A9:0C:37:06:03:9C:54:55:8C:C2:FF:DB:BC:94:FF:1A:D5:09 ValidityMon, 22 May 2023 00:00:00 GMT - Fri, 21 Jun 2024 23:59:59 GMT
File typePNG image data, 17 x 47, 8-bit/color RGBA, non-interlaced Hash5e2cde864488067520728e97ef8d1b90 3bd237d6df1ae573b31dc6c1f6e2e3e4ef805066 468b316935b741660ae9aea876ee588030a34635062fd2cd929e93b6c364e2e9
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Docusign |
GET /Member/Images/backgrounds/header_logo_frame_right.png HTTP/1.1
Host: www.docusign.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.docusign.net/Member/IncorrectURL.aspx
Cookie: pvm=SE102FE38_8812; ASP.NET_SessionId=44dwdlcjsr2ddsfr0srxapmi; __AntiXsrfMemberToken=2f755cb708eb4be2a4f9c2c92f76db9d; DocuSignCookieCheck=1; BIGipDocuSign_NA1=!VsfMoy5PXayF+Aa7IZ73o+v3qY2ncsQXI6LUI+D1IESaCy3KRofSJ6i2eiw5bOHXr5QfGZgru/Cs+A==; MemberConsoleMobile=; Branding=DistributorCode=DocuSign&ProductName=DocuSign
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
ETag: "ebfff7115e85da1:0"
X-DocuSign-Node: SE102FE38
Date: Tue, 07 May 2024 08:20:50 GMT
Content-Length: 3152
|
|
| www.docusign.net/Member/Images/controls/btn_arrow_u.png | 162.248.184.178 | 200 OK | 3.0 kB |
URL GET HTTP/1.1www.docusign.net/Member/Images/controls/btn_arrow_u.png IP162.248.184.178:443
Requested byhttps://www.docusign.net/Member/IncorrectURL.aspx#/0.16938969361102/authorize?client_id=0.16938969361102-0ff1-0.13520826638453&auth=10.64423448808688-0.060982154245014 CertificateIssuerDigiCert Inc Subjectwww.docusign.net Fingerprint3F:15:A9:0C:37:06:03:9C:54:55:8C:C2:FF:DB:BC:94:FF:1A:D5:09 ValidityMon, 22 May 2023 00:00:00 GMT - Fri, 21 Jun 2024 23:59:59 GMT
File typePNG image data, 10 x 10, 8-bit/color RGBA, non-interlaced Hashc863db426897325cb4805b2c20f51f30 a426fe43f0ce1a489ce091cc27768cdcc2991210 2a5179b8851c8e3dfc77d7dcb33b3963afa037608336d6ae412acaa38ad59d22
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Docusign |
GET /Member/Images/controls/btn_arrow_u.png HTTP/1.1
Host: www.docusign.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.docusign.net/Member/IncorrectURL.aspx
Cookie: pvm=SE102FE38_8812; ASP.NET_SessionId=44dwdlcjsr2ddsfr0srxapmi; __AntiXsrfMemberToken=2f755cb708eb4be2a4f9c2c92f76db9d; DocuSignCookieCheck=1; BIGipDocuSign_NA1=!VsfMoy5PXayF+Aa7IZ73o+v3qY2ncsQXI6LUI+D1IESaCy3KRofSJ6i2eiw5bOHXr5QfGZgru/Cs+A==; MemberConsoleMobile=; Branding=DistributorCode=DocuSign&ProductName=DocuSign
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
ETag: "2f16fe115e85da1:0"
X-DocuSign-Node: SE102FE38
Date: Tue, 07 May 2024 08:20:50 GMT
Content-Length: 2961
|
|
| www.docusign.net/Member/Images/backgrounds/header_noisegradient.png | 162.248.184.178 | 200 OK | 9.2 kB |
URL GET HTTP/1.1www.docusign.net/Member/Images/backgrounds/header_noisegradient.png IP162.248.184.178:443
Requested byhttps://www.docusign.net/Member/IncorrectURL.aspx#/0.16938969361102/authorize?client_id=0.16938969361102-0ff1-0.13520826638453&auth=10.64423448808688-0.060982154245014 CertificateIssuerDigiCert Inc Subjectwww.docusign.net Fingerprint3F:15:A9:0C:37:06:03:9C:54:55:8C:C2:FF:DB:BC:94:FF:1A:D5:09 ValidityMon, 22 May 2023 00:00:00 GMT - Fri, 21 Jun 2024 23:59:59 GMT
File typePNG image data, 150 x 51, 8-bit/color RGBA, non-interlaced Hash8dec213a403485d39b769e3599e999b2 d1586c900e9708a9ce28aaaf87965a50fe1e7d20 5fe95ce6a89cbdcedfa166171ff4ce3ea0a91c36aeb4e19be0046d2fb7026efa
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Docusign |
GET /Member/Images/backgrounds/header_noisegradient.png HTTP/1.1
Host: www.docusign.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.docusign.net/Member/IncorrectURL.aspx
Cookie: pvm=SE102FE38_8812; ASP.NET_SessionId=44dwdlcjsr2ddsfr0srxapmi; __AntiXsrfMemberToken=2f755cb708eb4be2a4f9c2c92f76db9d; DocuSignCookieCheck=1; BIGipDocuSign_NA1=!VsfMoy5PXayF+Aa7IZ73o+v3qY2ncsQXI6LUI+D1IESaCy3KRofSJ6i2eiw5bOHXr5QfGZgru/Cs+A==; MemberConsoleMobile=; Branding=DistributorCode=DocuSign&ProductName=DocuSign
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
ETag: "b4ef8115e85da1:0"
X-DocuSign-Node: SE102FE38
Date: Tue, 07 May 2024 08:20:50 GMT
Content-Length: 9217
|
|
| www.docusign.net/Member/Images/backgrounds/subheader_background.png | 162.248.184.178 | 200 OK | 297 B |
URL GET HTTP/1.1www.docusign.net/Member/Images/backgrounds/subheader_background.png IP162.248.184.178:443
Requested byhttps://www.docusign.net/Member/IncorrectURL.aspx#/0.16938969361102/authorize?client_id=0.16938969361102-0ff1-0.13520826638453&auth=10.64423448808688-0.060982154245014 CertificateIssuerDigiCert Inc Subjectwww.docusign.net Fingerprint3F:15:A9:0C:37:06:03:9C:54:55:8C:C2:FF:DB:BC:94:FF:1A:D5:09 ValidityMon, 22 May 2023 00:00:00 GMT - Fri, 21 Jun 2024 23:59:59 GMT
File typePNG image data, 1 x 120, 8-bit/color RGBA, non-interlaced Hash806bc0ed808f3603fd1b9e68229dc3c4 038e1f93a8594a83f55c3fa06a390c46c791951f d35fa9f29b205d4af614b86ad32649b244e95728e1d3dc0254e1390a10ce56ec
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Docusign |
GET /Member/Images/backgrounds/subheader_background.png HTTP/1.1
Host: www.docusign.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.docusign.net/Member/IncorrectURL.aspx
Cookie: pvm=SE102FE38_8812; ASP.NET_SessionId=44dwdlcjsr2ddsfr0srxapmi; __AntiXsrfMemberToken=2f755cb708eb4be2a4f9c2c92f76db9d; DocuSignCookieCheck=1; BIGipDocuSign_NA1=!VsfMoy5PXayF+Aa7IZ73o+v3qY2ncsQXI6LUI+D1IESaCy3KRofSJ6i2eiw5bOHXr5QfGZgru/Cs+A==; MemberConsoleMobile=; Branding=DistributorCode=DocuSign&ProductName=DocuSign
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
ETag: "acd6f9115e85da1:0"
X-DocuSign-Node: SE102FE38
Date: Tue, 07 May 2024 08:20:50 GMT
Content-Length: 297
Set-Cookie: BIGipDocuSign_NA1=!THsESwccyFBlMym7IZ73o+v3qY2ncu7SxTevbBcDe9nDp9Z8/2Vms9FK91tiYzzKPluPFX8qPGQTdA==; path=/; Httponly; Secure
|
|
| docucdn-a.akamaihd.net/olive/latest/img/new_favicon.png | 23.36.76.243 | | 1.8 kB |
URL GET docucdn-a.akamaihd.net/olive/latest/img/new_favicon.png IP23.36.76.243:0 ASN#20940 Akamai International B.V.
Requested byhttps://www.docusign.net/Member/IncorrectURL.aspx#/0.16938969361102/authorize?client_id=0.16938969361102-0ff1-0.13520826638453&auth=10.64423448808688-0.060982154245014 CertificateIssuerDigiCert Inc Subjecta248.e.akamai.net FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9 ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File typePNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced Hashcfea5fe04e58b83aebd4df3ebb3c4b2e 3359610772742850775a5fe444566b6ea9e9d1c1 890025e99a02f1de41d921f4b717e91325d8617d222e3435315c202d99ae74cb
GET /olive/latest/img/new_favicon.png HTTP/1.1
Host: docucdn-a.akamaihd.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.docusign.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: AkamaiGHost
mime-version: 1.0
accept-ranges: bytes
content-type: image/png
etag: "cfea5fe04e58b83aebd4df3ebb3c4b2e:1563296858"
last-modified: Tue, 16 Jul 2019 00:59:41 GMT
vary: Accept-Encoding
content-encoding: gzip
expires: Tue, 07 May 2024 08:20:51 GMT
cache-control: max-age=0, no-cache
pragma: no-cache
date: Tue, 07 May 2024 08:20:51 GMT
content-length: 1751
access-control-allow-origin: *
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| accounts.appsign.info/?username=ppreikschat@aitworldwide.com |  31.172.87.154 | | 5.2 kB |
URL accounts.appsign.info/?username=ppreikschat@aitworldwide.com IP31.172.87.154:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3 Hash40b095d890e281ae98d3ba61d4977023 e7738a4bc0af6bad94faffd2004c276451b96c1a 4b88f17096f8c7518b326a38a56bd6955a5f272f00081b7c60d44e2b4cdb88df
GET /?username=ppreikschat@aitworldwide.com HTTP/1.1
Host: accounts.appsign.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://melbournevetservices.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Tue, 07 May 2024 08:20:49 GMT
content-type: text/html; charset=utf-8
location: https://www.docusign.net/Member/EmailStart.aspx?r=c1ay266fd-5962-4e8c-8d7e-k97828cf6565e
referrer-policy: no-referrer
X-Firefox-Spdy: h2
|
|
| www.docusign.net/Member/IncorrectURL.aspx | 162.248.184.178 | 200 OK | 62 kB |
URL User Request GET HTTP/1.1www.docusign.net/Member/IncorrectURL.aspx IP162.248.184.178:443
CertificateIssuerDigiCert Inc Subjectwww.docusign.net Fingerprint3F:15:A9:0C:37:06:03:9C:54:55:8C:C2:FF:DB:BC:94:FF:1A:D5:09 ValidityMon, 22 May 2023 00:00:00 GMT - Fri, 21 Jun 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Docusign |
GET /Member/IncorrectURL.aspx HTTP/1.1
Host: www.docusign.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: pvm=SE102FE38_8812; ASP.NET_SessionId=44dwdlcjsr2ddsfr0srxapmi; __AntiXsrfMemberToken=2f755cb708eb4be2a4f9c2c92f76db9d; DocuSignCookieCheck=1; BIGipDocuSign_NA1=!9keraF+EHs8cdKm7IZ73o+v3qY2ncuKioR4ERUkDJDD3lgVVt9CRmY9riTv1zIgQ762JCvtJE/iO3g==; MemberConsoleMobile=; Branding=DistributorCode=DocuSign&ProductName=DocuSign
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Set-Cookie: pvm=SE102FE38_8812; path=/; secure; HttpOnly; SameSite=None
MemberConsoleMobile=; path=/; secure; HttpOnly; SameSite=None
Branding=DistributorCode=DocuSign&ProductName=DocuSign; expires=Thu, 01-Jan-2026 08:00:00 GMT; path=/; secure; HttpOnly; SameSite=None
BIGipDocuSign_NA1=!VsfMoy5PXayF+Aa7IZ73o+v3qY2ncsQXI6LUI+D1IESaCy3KRofSJ6i2eiw5bOHXr5QfGZgru/Cs+A==; path=/; Httponly; Secure
X-DocuSign-Node: SE102FE38
Date: Tue, 07 May 2024 08:20:49 GMT
Content-Length: 61528
|
|
| accounts.appsign.info/?username=ppreikschat@aitworldwide.com | 31.172.87.154 | 302 Found | 62 kB |
URL User Request GET HTTP/2accounts.appsign.info/?username=ppreikschat@aitworldwide.com IP31.172.87.154:443
CertificateIssuerLet's Encrypt Subjectappsign.info FingerprintC2:FD:BB:0A:78:85:6B:75:E8:5E:0C:B4:47:14:20:20:54:AF:AD:30 ValidityMon, 06 May 2024 09:42:38 GMT - Sun, 04 Aug 2024 09:42:37 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?username=ppreikschat@aitworldwide.com HTTP/1.1
Host: accounts.appsign.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://melbournevetservices.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Tue, 07 May 2024 08:20:49 GMT
content-type: text/html; charset=utf-8
location: https://www.docusign.net/Member/EmailStart.aspx?r=c1ay266fd-5962-4e8c-8d7e-k97828cf6565e
referrer-policy: no-referrer
X-Firefox-Spdy: h2
|
|
| melbournevetservices.com/ref.php?url=https://melbournevetservices.com/pprLh6g4Pksz9Bhavk8q07ag4Pvk8wR15rldwg4PdLh6jx3z9BR15WPy | 172.67.144.117 | 302 Found | 62 kB |
URL User Request GET HTTP/3melbournevetservices.com/ref.php?url=https://melbournevetservices.com/pprLh6g4Pksz9Bhavk8q07ag4Pvk8wR15rldwg4PdLh6jx3z9BR15WPy IP172.67.144.117:443
CertificateIssuerGoogle Trust Services LLC Subjectmelbournevetservices.com Fingerprint8C:E9:25:6B:AB:FE:B5:6C:53:4E:EA:BD:62:B7:45:D0:96:C3:E4:1F ValidityFri, 29 Mar 2024 05:44:10 GMT - Thu, 27 Jun 2024 05:44:09 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ref.php?url=https://melbournevetservices.com/pprLh6g4Pksz9Bhavk8q07ag4Pvk8wR15rldwg4PdLh6jx3z9BR15WPy HTTP/1.1
Host: melbournevetservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://melbournevetservices.com/pprLh6g4Pksz9Bhavk8q07ag4Pvk8wR15rldwg4PdLh6jx3z9BR15WPy
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
date: Tue, 07 May 2024 08:20:49 GMT
content-type: text/html; charset=UTF-8
location: https://accounts.appsign.info/?username=ppreikschat@aitworldwide.com#/0.16938969361102/authorize?client_id=0.16938969361102-0ff1-0.13520826638453&auth=10.64423448808688-0.060982154245014
x-powered-by: PHP/5.6.40
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FjfML4dIUtHoJ8m9t6hf2nRGRePmo292jh%2F2lhZek1riPKR3HHNWWEJS2%2BsH7s3iEtsTp8gP2Du2IItrglMkaHwLDBhmDK0WI44Qt704WdK%2FBDXL8rR4YWmiiHp9QbqTG3V2aFTJcY220P0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ffcaffb9b356af-OSL
alt-svc: h3=":443"; ma=86400
|
|
| www.docusign.net/Member/EmailStart.aspx?r=c1ay266fd-5962-4e8c-8d7e-k97828cf6565e | 162.248.184.178 | 302 Found | 62 kB |
URL User Request GET HTTP/1.1www.docusign.net/Member/EmailStart.aspx?r=c1ay266fd-5962-4e8c-8d7e-k97828cf6565e IP162.248.184.178:443
CertificateIssuerDigiCert Inc Subjectwww.docusign.net Fingerprint3F:15:A9:0C:37:06:03:9C:54:55:8C:C2:FF:DB:BC:94:FF:1A:D5:09 ValidityMon, 22 May 2023 00:00:00 GMT - Fri, 21 Jun 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Docusign |
GET /Member/EmailStart.aspx?r=c1ay266fd-5962-4e8c-8d7e-k97828cf6565e HTTP/1.1
Host: www.docusign.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /Member/EmailStart.aspx?r=c1ay266fd-5962-4e8c-8d7e-k97828cf6565e&cookiecheck=1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Set-Cookie: pvm=SE102FE38_8812; path=/; secure; HttpOnly; SameSite=None
ASP.NET_SessionId=44dwdlcjsr2ddsfr0srxapmi; path=/; secure; HttpOnly; SameSite=None
__AntiXsrfMemberToken=2f755cb708eb4be2a4f9c2c92f76db9d; path=/; secure; HttpOnly; SameSite=None
DocuSignCookieCheck=1; expires=Fri, 01-Jan-2500 08:00:00 GMT; path=/; secure; HttpOnly; SameSite=None
BIGipDocuSign_NA1=!PhVjMVGFAoT5TVG7IZ73o+v3qY2ncprYVNMCCR8YmFpedOBMI+jgLeAA+J8vBnlytHatWrd5xyFwqg==; path=/; Httponly; Secure
X-DocuSign-Node: SE102FE38
Date: Tue, 07 May 2024 08:20:49 GMT
Content-Length: 199
|
|
| www.docusign.net/Member/EmailStart.aspx?r=c1ay266fd-5962-4e8c-8d7e-k97828cf6565e&cookiecheck=1 | 162.248.184.178 | 302 Found | 62 kB |
URL User Request GET HTTP/1.1www.docusign.net/Member/EmailStart.aspx?r=c1ay266fd-5962-4e8c-8d7e-k97828cf6565e&cookiecheck=1 IP162.248.184.178:443
CertificateIssuerDigiCert Inc Subjectwww.docusign.net Fingerprint3F:15:A9:0C:37:06:03:9C:54:55:8C:C2:FF:DB:BC:94:FF:1A:D5:09 ValidityMon, 22 May 2023 00:00:00 GMT - Fri, 21 Jun 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Docusign |
GET /Member/EmailStart.aspx?r=c1ay266fd-5962-4e8c-8d7e-k97828cf6565e&cookiecheck=1 HTTP/1.1
Host: www.docusign.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: pvm=SE102FE38_8812; ASP.NET_SessionId=44dwdlcjsr2ddsfr0srxapmi; __AntiXsrfMemberToken=2f755cb708eb4be2a4f9c2c92f76db9d; DocuSignCookieCheck=1; BIGipDocuSign_NA1=!PhVjMVGFAoT5TVG7IZ73o+v3qY2ncprYVNMCCR8YmFpedOBMI+jgLeAA+J8vBnlytHatWrd5xyFwqg==
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /Member/IncorrectURL.aspx
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Set-Cookie: pvm=SE102FE38_8812; path=/; secure; HttpOnly; SameSite=None
MemberConsoleMobile=; path=/; secure; HttpOnly; SameSite=None
Branding=DistributorCode=DocuSign&ProductName=DocuSign; expires=Thu, 01-Jan-2026 08:00:00 GMT; path=/; secure; HttpOnly; SameSite=None
BIGipDocuSign_NA1=!9keraF+EHs8cdKm7IZ73o+v3qY2ncuKioR4ERUkDJDD3lgVVt9CRmY9riTv1zIgQ762JCvtJE/iO3g==; path=/; Httponly; Secure
X-DocuSign-Node: SE102FE38
Date: Tue, 07 May 2024 08:20:49 GMT
Content-Length: 142
|
|
0.0.0.0