exfrrjqpif-988094.docusignininauthshare.workers.dev Open in urlscan Pro
2606:4700:3036::6815:20e5 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://exfrrjqpif-988094.docusignininauthshare.workers.dev/
Submission: On July 04 via automatic, source phishtank (July 4th 2024, 6:48:28 am UTC) — Scanned from DE

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 13 IPs in 6 countries across 12 domains to perform 19 HTTP transactions. The main IP is 2606:4700:3036::6815:20e5, located in United States and belongs to CLOUDFLARENET, US. The main domain is exfrrjqpif-988094.docusignininauthshare.workers.dev.
TLS certificate: Issued by GTS CA 1P5 on May 14th 2024. Valid for: 3 months.

This is the only time exfrrjqpif-988094.docusignininauthshare.workers.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 6	2606:4700:303... 2606:4700:3036::6815:20e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
2	40.114.178.124 40.114.178.124	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	104.21.233.157 104.21.233.157	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.190.76 172.67.190.76	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	66.29.143.149 66.29.143.149	22612 (NAMECHEAP...) (NAMECHEAP-NET)
1	162.244.197.249 162.244.197.249	19780 (AS-INTERM...) (AS-INTERMEDIA2)
1	103.146.112.110 103.146.112.110	136557 (HOST-AS-A...) (HOST-AS-AP Host Universal Pty Ltd)
1	2600:9000:267... 2600:9000:2670:e00:e:7f4a:8900:93a1	16509 (AMAZON-02) (AMAZON-02)
1	144.76.109.178 144.76.109.178	24940 (HETZNER-AS) (HETZNER-AS)
1	2a02:ec80:300... 2a02:ec80:300:ed1a::2:b	14907 (WIKIMEDIA) (WIKIMEDIA)
1	162.19.58.158 162.19.58.158	16276 (OVH) (OVH)
1	172.67.156.83 172.67.156.83	13335 (CLOUDFLAR...) (CLOUDFLARENET)
19	13

6 2606:4700:3036::6815:20e5 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

exfrrjqpif-988094.docusignininauthshare.workers.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 40.114.178.124 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

external-content.duckduckgo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.21.233.157 (None, )

ASN13335 (CLOUDFLARENET, US)

toppng.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.190.76 (United States)

ASN13335 (CLOUDFLARENET, US)

seeklogo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.29.143.149 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: mail.kindpng.com

www.kindpng.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.244.197.249 (United States)

ASN19780 (AS-INTERMEDIA2, US)

controlpanel.serverdata.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.146.112.110 (Australia)

ASN136557 (HOST-AS-AP Host Universal Pty Ltd, AU)
PTR: cp52.hosting-cloud.net

www.in2tech.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2670:e00:e:7f4a:8900:93a1 (United States)

ASN16509 (AMAZON-02, US)

asset.brandfetch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 144.76.109.178 (Hamm, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.178.109.76.144.clients.your-server.de

www.freeiconspng.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:ec80:300:ed1a::2:b (United States)

ASN14907 (WIKIMEDIA, US)

upload.wikimedia.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.58.158 (France)

ASN16276 (OVH, FR)
PTR: ns3096590.ip-162-19-58.eu

i.ibb.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.156.83 (United States)

ASN13335 (CLOUDFLARENET, US)

exfrrjqpif-988094.docusignininauthshare.workers.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	workers.dev 1 redirects exfrrjqpif-988094.docusignininauthshare.workers.dev	25 KB
2	toppng.com toppng.com — Cisco Umbrella Rank: 298114	28 KB
2	duckduckgo.com external-content.duckduckgo.com — Cisco Umbrella Rank: 5934	87 KB
1	ibb.co i.ibb.co — Cisco Umbrella Rank: 10821	187 KB
1	wikimedia.org upload.wikimedia.org — Cisco Umbrella Rank: 3915	2 KB
1	freeiconspng.com www.freeiconspng.com — Cisco Umbrella Rank: 168484	45 KB
1	brandfetch.io asset.brandfetch.io — Cisco Umbrella Rank: 142011	18 KB
1	in2tech.com.au www.in2tech.com.au	41 KB
1	serverdata.net controlpanel.serverdata.net	2 KB
1	kindpng.com www.kindpng.com — Cisco Umbrella Rank: 196641	28 KB
1	seeklogo.com seeklogo.com — Cisco Umbrella Rank: 111930	8 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 469	31 KB
19	12

	Domain	Requested by
7	exfrrjqpif-988094.docusignininauthshare.workers.dev	1 redirects exfrrjqpif-988094.docusignininauthshare.workers.dev
2	toppng.com	exfrrjqpif-988094.docusignininauthshare.workers.dev
2	external-content.duckduckgo.com	exfrrjqpif-988094.docusignininauthshare.workers.dev
1	i.ibb.co	exfrrjqpif-988094.docusignininauthshare.workers.dev
1	upload.wikimedia.org	exfrrjqpif-988094.docusignininauthshare.workers.dev
1	www.freeiconspng.com	exfrrjqpif-988094.docusignininauthshare.workers.dev
1	asset.brandfetch.io	exfrrjqpif-988094.docusignininauthshare.workers.dev
1	www.in2tech.com.au	exfrrjqpif-988094.docusignininauthshare.workers.dev
1	controlpanel.serverdata.net	exfrrjqpif-988094.docusignininauthshare.workers.dev
1	www.kindpng.com	exfrrjqpif-988094.docusignininauthshare.workers.dev
1	seeklogo.com	exfrrjqpif-988094.docusignininauthshare.workers.dev
1	ajax.googleapis.com	exfrrjqpif-988094.docusignininauthshare.workers.dev
19	12

This site contains no links.

Subject Issuer	Validity	Valid
docusignininauthshare.workers.dev GTS CA 1P5	`2024-05-14` - `2024-08-12`	3 months	crt.sh
upload.video.google.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.duckduckgo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-02` - `2024-11-25`	7 months	crt.sh
toppng.com GTS CA 1P5	`2024-05-29` - `2024-08-27`	3 months	crt.sh
seeklogo.com E1	`2024-05-29` - `2024-08-27`	3 months	crt.sh
kindpng.com R3	`2024-05-16` - `2024-08-14`	3 months	crt.sh
*.serverdata.net GeoTrust TLS RSA CA G1	`2023-08-01` - `2024-08-31`	a year	crt.sh
in2tech.com.au E6	`2024-06-17` - `2024-09-15`	3 months	crt.sh
*.brandfetch.io Amazon RSA 2048 M02	`2024-06-22` - `2025-07-21`	a year	crt.sh
freeiconspng.com Sectigo RSA Domain Validation Secure Server CA	`2024-02-12` - `2025-03-13`	a year	crt.sh
*.wikipedia.org DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-10-18` - `2024-10-16`	a year	crt.sh
ibb.co R10	`2024-06-21` - `2024-09-19`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/
Frame ID: 273EE6653CD68652EA42922D140FAFCB
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

DocuSlgn | #1 in Electronic Signature

Page URL History Show full URLs

https://exfrrjqpif-988094.docusignininauthshare.workers.dev/ Page URL
https://exfrrjqpif-988094.docusignininauthshare.workers.dev/cdn-cgi/phish-bypass?atok=2OfOveOx80vze7XCjJbTmxpfDPYqUzXO.wpwGNDxNOA-172007... HTTP 301
https://exfrrjqpif-988094.docusignininauthshare.workers.dev/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

100 %
HTTPS

31 %
IPv6

12
Domains

12
Subdomains

13
IPs

6
Countries

502 kB
Transfer

694 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://exfrrjqpif-988094.docusignininauthshare.workers.dev/ Page URL
https://exfrrjqpif-988094.docusignininauthshare.workers.dev/cdn-cgi/phish-bypass?atok=2OfOveOx80vze7XCjJbTmxpfDPYqUzXO.wpwGNDxNOA-1720075691-0.0.1.1-%2F HTTP 301
https://exfrrjqpif-988094.docusignininauthshare.workers.dev/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
exfrrjqpif-988094.docusignininauthshare.workers.dev/ 4 KB
2 KB 149ms
44ms Document
text/html 2606:4700:3036::6815:20e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://exfrrjqpif-988094.docusignininauthshare.workers.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3036::6815:20e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c15ff1e843d27f33fbdeca30f5e514a776314ef79b3d402290cb4bf894da0e1

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cf-ray: 89dd2b0ed837195c-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 04 Jul 2024 06:48:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sxggy3LlIsZ%2F5qhM7zWDpWIn02928fGyTw%2BVwf5rLz4Dhggf5sADaKgxG%2FNGTmGxuCFHrxvZE2sb8RU85wHBI7L9dhrIcMbrF7FMDIMzw5gUGkKnT2iEnStC18Eu%2BV8eC46Zp2HhStTMALIY3H5Z3mtFDFgHXKUIoPg7VXv8GV7lVIAjgaH4bUlRSeH11EwAhbM%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 cf.errors.css
exfrrjqpif-988094.docusignininauthshare.workers.dev/cdn-cgi/styles/ 23 KB
5 KB 43ms
43ms Stylesheet
text/css 2606:4700:3036::6815:20e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://exfrrjqpif-988094.docusignininauthshare.workers.dev/cdn-cgi/styles/cf.errors.css

Requested by

Host: exfrrjqpif-988094.docusignininauthshare.workers.dev
URL: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3036::6815:20e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 06:48:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 28 Jun 2024 11:25:31 GMT
server: cloudflare
etag: W/"667e9dab-5df3"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 89dd2b0f18a7195c-FRA
expires: Thu, 04 Jul 2024 08:48:11 GMT

GET
H2 200 icon-exclamation.png
exfrrjqpif-988094.docusignininauthshare.workers.dev/cdn-cgi/images/ 452 B
540 B 41ms
41ms Image
image/png 2606:4700:3036::6815:20e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://exfrrjqpif-988094.docusignininauthshare.workers.dev/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: exfrrjqpif-988094.docusignininauthshare.workers.dev
URL: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/cdn-cgi/styles/cf.errors.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3036::6815:20e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/cdn-cgi/styles/cf.errors.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 06:48:11 GMT
x-content-type-options: nosniff
last-modified: Fri, 28 Jun 2024 11:25:31 GMT
server: cloudflare
etag: "667e9dab-1c4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 89dd2b0f68f8195c-FRA
content-length: 452
expires: Thu, 04 Jul 2024 08:48:11 GMT

GET
H2 200 favicon.ico
exfrrjqpif-988094.docusignininauthshare.workers.dev/ 45 KB
6 KB 62ms
62ms Other
text/html 2606:4700:3036::6815:20e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:20e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2948737224c8c0ac458590d4187f8678fa1a744c6cd8ba690164a7afc603dfa5

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 06:48:11 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pW%2FNyDVus0gcXzDJVQBO%2BJ9Gjud2%2F3E4q6Ps31M4UJV3gLJb0rL%2BfLIk4Yn2ekRIApyV0qXSMrWYAymmOReDtJPewobsbdyac4fDDtuBZcxIgFBHAtygUtGFRMyE4O%2FN9tp%2BnylR2jvdRRDKCrUFbe72T1og8TnpT7TbdVsC1Sx6c4N1CzKKW7sqfVAeyGT8t5U%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html;charset=UTF-8
cf-ray: 89dd2b0fa955195c-FRA
alt-svc: h3=":443"; ma=86400

GET
H2

200

Primary Request / Show response
exfrrjqpif-988094.docusignininauthshare.workers.dev/
Redirect Chain

https://exfrrjqpif-988094.docusignininauthshare.workers.dev/cdn-cgi/phish-bypass?atok=2OfOveOx80vze7XCjJbTmxpfDPYqUzXO.wpwGNDxNOA-1720075691-0.0.1.1-%2F
https://exfrrjqpif-988094.docusignininauthshare.workers.dev/

45 KB
6 KB

49ms
49ms

Document
text/html

2606:4700:3036::6815:20e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:20e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2948737224c8c0ac458590d4187f8678fa1a744c6cd8ba690164a7afc603dfa5

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cf-ray: 89dd2b25ec85195c-FRA
content-encoding: br
content-type: text/html;charset=UTF-8
date: Thu, 04 Jul 2024 06:48:15 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kTkrHi1ctoftBGDmCtMWhBvQJ0eQA72n%2FQG8L7iLFw0aFPHjAKSCfUw0%2BIe%2BJby5t6zBnT%2FJzT7nUqklunX%2BiMP9HtHqa%2Bgfr3GOUjVXrJRhtNB4kB5MUH3P9DfBXGBJJ686X21WONwhm3vNGBHal%2BJpmMdTbV3eZ%2FZ9nceqjdrcSpLib7L35f4MbRJupO5qTN8%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

cache-control: private, no-cache
cf-ray: 89dd2b259c23195c-FRA
content-length: 167
content-type: text/html
date: Thu, 04 Jul 2024 06:48:14 GMT
location: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ 87 KB
31 KB 126ms
39ms Script
text/javascript 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: exfrrjqpif-988094.docusignininauthshare.workers.dev
URL: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 06:13:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2077
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31017
x-xss-protection: 0
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Jul 2025 06:13:38 GMT

GET
H2 200 /
external-content.duckduckgo.com/iu/ 13 KB
14 KB 942ms
846ms Image
image/png 40.114.178.124
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fflexcutech.com%2Fwp-content%2Fuploads%2F2016%2F07%2Fdocusign-lgo.png&f=1&nofb=1

Requested by

Host: exfrrjqpif-988094.docusignininauthshare.workers.dev
URL: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

40.114.178.124 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

6ddced98e9c93e43ab0b48ce5688b14d1ff3c544fd2a7a7b37e04a28e95ae08e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-duckduckgo-locale: de_DE
date: Thu, 04 Jul 2024 06:48:15 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: origin
server: nginx
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
permissions-policy: interest-cohort=()
content-disposition: inline; filename="docusign-lgo-1492457432.png"; filename*=UTF-8''docusign-lgo-1492457432.png
x-xss-protection: 1;mode=block
expires: Fri, 04 Jul 2025 06:48:15 GMT

GET
H2 200 /
external-content.duckduckgo.com/iu/ 73 KB
74 KB 683ms
683ms Image
image/png 40.114.178.124
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fclipartcraft.com%2Fimages%2Foutlook-logo.png&f=1&nofb=1

Requested by

Host: exfrrjqpif-988094.docusignininauthshare.workers.dev
URL: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

40.114.178.124 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

101102cc61b170453acabffa9fdc776be2a367ab2d05fd4d97300b1750d1e79c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-duckduckgo-locale: de_DE
date: Thu, 04 Jul 2024 06:48:15 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: origin
server: nginx
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
permissions-policy: interest-cohort=()
content-disposition: inline; filename="outlook-logo-1339797958.png"; filename*=UTF-8''outlook-logo-1339797958.png
x-xss-protection: 1;mode=block
expires: Fri, 04 Jul 2025 06:48:15 GMT

GET
H3 200 office-365-icon-microsoft-office-logo-11563405007przwxfunpr.png
toppng.com/public/uploads/thumbnail/ 17 KB
17 KB 128ms
74ms Image
image/png 104.21.233.157
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://toppng.com/public/uploads/thumbnail/office-365-icon-microsoft-office-logo-11563405007przwxfunpr.png

Requested by

Host: exfrrjqpif-988094.docusignininauthshare.workers.dev
URL: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.233.157 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25f90a4f798d4bec59d1bd5a52ca0faab1890b4f226db6bf7902f22f6ab4eb56

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 06:48:15 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 17132
last-modified: Wed, 17 Jul 2019 23:10:13 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dJ%2Bel7T9FBq7Tg2Hv5qGO2FWJ896zn2LN3mrd1PqvUU2gXBQhivXVjzV%2B%2BondVW0zGWUrudgtfYN0XRTkBMMZv3d9tLF97SjJIM9g9oZwLNny1Fq6wBVsRH53xvu"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=9984600
accept-ranges: bytes
cf-ray: 89dd2b27da3790ec-FRA
expires: Fri, 04 Jul 2025 06:48:15 GMT

GET
H3 200 rackspace-logo-0D6979FEF6-seeklogo.com.png
seeklogo.com/images/R/ 7 KB
8 KB 114ms
61ms Image
image/png 172.67.190.76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seeklogo.com/images/R/rackspace-logo-0D6979FEF6-seeklogo.com.png

Requested by

Host: exfrrjqpif-988094.docusignininauthshare.workers.dev
URL: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.190.76 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6659cedf0baa76ed974eb4cf410285964e8491e5db8b6621be5308033ad12515

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 06:48:15 GMT
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: MISS
x-permitted-cross-domain-policies: none
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 7485
x-xss-protection: 1; mode=block
last-modified: Sat, 26 Nov 2022 17:24:36 GMT
server: cloudflare
etag: "1d901bbf4b2bf3d"
x-download-options: noopen
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FVAcLO59lF9VSBfRXZ%2BQBHPvWFk5MbBj%2FWU1HmNHeWWbxAdAG1emcSBT8pIB5IWjHyZ2qTyFivM70Ox1y1Fw1%2FAyKmLa2%2F0QD5fer25HcaXFRUMCGihdxTIk1umMrjw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
cf-ray: 89dd2b27cded2ba3-FRA

GET
H/1.1 200
OK 716-7162953_aol-logo-png.png
www.kindpng.com/picc/b/ 29 KB
28 KB 1011ms
612ms Image
image/png 66.29.143.149
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.kindpng.com/picc/b/716-7162953_aol-logo-png.png
Requested by: Host: exfrrjqpif-988094.docusignininauthshare.workers.dev
URL: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 66.29.143.149 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: mail.kindpng.com
Software: nginx/1.14.0 /
Resource Hash: 3626bc98f1df5f582c8c378e5e159ee21f2512ce2cb5cae4b2ac9f27ba85f547

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 04 Jul 2024 06:48:15 GMT
Content-Encoding: gzip
Last-Modified: Sat, 10 Dec 2022 12:35:05 GMT
Server: nginx/1.14.0
ETag: W/"63947cf9-7217"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: image/png
Connection: keep-alive

GET
H3 200 yahoo-y-vector-logo-download-free-11574118306iiwnvlzexj.png
toppng.com/public/uploads/thumbnail/ 10 KB
10 KB 111ms
57ms Image
image/png 104.21.233.157
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://toppng.com/public/uploads/thumbnail/yahoo-y-vector-logo-download-free-11574118306iiwnvlzexj.png

Requested by

Host: exfrrjqpif-988094.docusignininauthshare.workers.dev
URL: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.233.157 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3d49fb3952dd8ed34b05555cffd0921e2797c21314571fc1e4bc0b5aa4bbd32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 06:48:15 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 10118
last-modified: Mon, 18 Nov 2019 23:05:06 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jJP5opaKCyycGKYwAiXjMmAN%2FthmkJftNZJzGu6Jq9xrjQR8CkI4qkwFAlyQa0dVSa4YtEeS7NlKULXfssC5%2B3VpvySQCnUhIww8JHKUBid4Dg3g9rCmMX41yiJW"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=9984600
accept-ranges: bytes
cf-ray: 89dd2b27da3390ec-FRA
expires: Fri, 04 Jul 2025 06:48:15 GMT

GET
H2 200 aduser.svg
controlpanel.serverdata.net/content/images/icons/custom/ 1 KB
2 KB 1066ms
170ms Image
image/svg+xml 162.244.197.249
AS-INTERMEDIA2

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://controlpanel.serverdata.net/content/images/icons/custom/aduser.svg

Requested by

Host: exfrrjqpif-988094.docusignininauthshare.workers.dev
URL: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

162.244.197.249 , United States, ASN19780 (AS-INTERMEDIA2, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET, ARR/3.0

Resource Hash

36f53d513f4ade6962ea9b5342113dfb07037c5c22252338ebecc6d20d4dd11e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 04 Jul 2024 06:48:15 GMT
last-modified: Tue, 18 Jun 2024 20:41:46 GMT
server: Microsoft-IIS/10.0
etag: "0e162efbfc1da1:0"
x-powered-by: ASP.NET, ARR/3.0
x-frame-options: SAMEORIGIN
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
content-type: image/svg+xml
cache-control: max-age=172800
accept-ranges: bytes
content-length: 1256

GET
H2 200 owa.png
www.in2tech.com.au/wp-content/uploads/2019/01/ 41 KB
41 KB 1912ms
300ms Image
image/png 103.146.112.110
HOST-AS-AP Host U...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.in2tech.com.au/wp-content/uploads/2019/01/owa.png
Requested by: Host: exfrrjqpif-988094.docusignininauthshare.workers.dev
URL: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 103.146.112.110 , Australia, ASN136557 (HOST-AS-AP Host Universal Pty Ltd, AU),
Reverse DNS: cp52.hosting-cloud.net
Software: nginx /
Resource Hash: 74f5a3fbfa87ce7333aefde497bc7bff81c5e1aaa21d2a7fd93dd0847ddc15f4

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 06:48:17 GMT
last-modified: Mon, 11 Feb 2019 00:27:10 GMT
server: nginx
etag: "a26e-5c60c15e-bfd3c44315819b92;;;"
vary: User-Agent
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 41582
expires: Thu, 11 Jul 2024 06:48:17 GMT

GET
H2 200 idDUrfzUIn.png
asset.brandfetch.io/idu0JRNI4Q/ 18 KB
18 KB 166ms
45ms Image
image/png 2600:9000:2670:e00:e:7f4a:8900:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://asset.brandfetch.io/idu0JRNI4Q/idDUrfzUIn.png

Requested by

Host: exfrrjqpif-988094.docusignininauthshare.workers.dev
URL: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2670:e00:e:7f4a:8900:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

263b489226d5de00389be959a3d5fe4ddbd6c4e21b39fd01d218252f406dc91b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 02:15:37 GMT
via: 1.1 b6a955345e4fcc7881bd0a9815e8286e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P9
age: 16359
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 17931
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 19 Jun 2023 08:19:03 GMT
server: AmazonS3
etag: "5c81f81264f99d63f5621123da7eba4f"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: RaX13SIsGmhXC8ipcVyhJmED_IyrLhDUoHGYeProepLRtfM2Z9dhWQ==

GET
H2 200 webmail-icon-15.png
www.freeiconspng.com/uploads/ 45 KB
45 KB 154ms
45ms Image
image/png 144.76.109.178
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.freeiconspng.com/uploads/webmail-icon-15.png
Requested by: Host: exfrrjqpif-988094.docusignininauthshare.workers.dev
URL: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.109.178 Hamm, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.178.109.76.144.clients.your-server.de
Software: nginx /
Resource Hash: f7af6ac19feb9a23cdfd1a06dd6d48aec7aab1b91370c4a84ba9b59ab60e214c

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 06:48:15 GMT
last-modified: Tue, 14 Mar 2017 23:16:09 GMT
server: nginx
etag: "b392-54ab903572040"
content-type: image/png
cache-control: max-age=3600, no-cache, must-revalidate
accept-ranges: bytes
content-length: 45970
expires: Thu, 04 Jul 2024 07:48:15 GMT

GET
H2 200 GoDaddy_Logo_-_The_GO.svg
upload.wikimedia.org/wikipedia/commons/d/da/ 3 KB
2 KB 204ms
48ms Image
image/svg+xml 2a02:ec80:300:ed1a::2:b
WIKIMEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://upload.wikimedia.org/wikipedia/commons/d/da/GoDaddy_Logo_-_The_GO.svg

Requested by

Host: exfrrjqpif-988094.docusignininauthshare.workers.dev
URL: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:ec80:300:ed1a::2:b , United States, ASN14907 (WIKIMEDIA, US),

Reverse DNS

Software

envoy /

Resource Hash

0fb9ee73f361cabd6f4fb132f2d5eb5e8eeb74474fcbd975f8c8208530be9e39

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Jul 2024 19:21:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 41227
x-cache-status: hit-front
x-cache: cp3074 hit, cp3074 hit/5
server-timing: cache;desc="hit-front", host;desc="cp3074"
content-length: 1388
x-client-ip: 2a01:4a0:1338:93::6
x-object-meta-sha1base36: jawgt7shpgxoh9c5t0arap5zb58g6y5
last-modified: Sun, 21 Aug 2022 12:55:31 GMT
server: envoy
etag: W/a3419a7babc6604800eb39cbf7dbe79a
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 blurred-bg.jpg
i.ibb.co/cg5XSyS/ 186 KB
187 KB 159ms
52ms Image
image/jpeg 162.19.58.158
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.ibb.co/cg5XSyS/blurred-bg.jpg
Requested by: Host: exfrrjqpif-988094.docusignininauthshare.workers.dev
URL: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.19.58.158 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3096590.ip-162-19-58.eu
Software: nginx /
Resource Hash: ccfcc08bcc47330678dfa3ae89b38381deea22a86af8b765d41616ad8cec3c3b

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 06:48:15 GMT
last-modified: Wed, 13 Jul 2022 02:13:33 GMT
server: nginx
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 190875
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 favicon.ico
exfrrjqpif-988094.docusignininauthshare.workers.dev/ 45 KB
6 KB 62ms
62ms Other
text/html 172.67.156.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.156.83 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2948737224c8c0ac458590d4187f8678fa1a744c6cd8ba690164a7afc603dfa5

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 06:48:17 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i%2BQvWg4rw6%2BJHbjMhxmgjaxk3xDMr1ezBBAhEWUTrUDmwl4hxibLBYLuxX0wsvpRzpEDuHfBksxBJtuGbBypeenFGVxCPUoQms%2BRK6uHgdp%2FbPvipleVNycCpHxSNuBNdTzdGDaj1wVfOFr8JMicJXVuMNESlzXqYmlX0e4JYVFfk1jeyJ8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html;charset=UTF-8
cf-ray: 89dd2b37286819b1-FRA
alt-svc: h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.exfrrjqpif-988094.docusignininauthshare.workers.dev/	1970-01-20 21:49:22	Name: __cf_mw_byp Value: 2OfOveOx80vze7XCjJbTmxpfDPYqUzXO.wpwGNDxNOA-1720075691-0.0.1.1-/

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/ Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/ Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
recommendation	verbose	URL: https://exfrrjqpif-988094.docusignininauthshare.workers.dev/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
asset.brandfetch.io
controlpanel.serverdata.net
exfrrjqpif-988094.docusignininauthshare.workers.dev
external-content.duckduckgo.com
i.ibb.co
seeklogo.com
toppng.com
upload.wikimedia.org
www.freeiconspng.com
www.in2tech.com.au
www.kindpng.com
103.146.112.110
104.21.233.157
144.76.109.178
162.19.58.158
162.244.197.249
172.67.156.83
172.67.190.76
2600:9000:2670:e00:e:7f4a:8900:93a1
2606:4700:3036::6815:20e5
2a00:1450:4001:811::200a
2a02:ec80:300:ed1a::2:b
40.114.178.124
66.29.143.149
0fb9ee73f361cabd6f4fb132f2d5eb5e8eeb74474fcbd975f8c8208530be9e39
101102cc61b170453acabffa9fdc776be2a367ab2d05fd4d97300b1750d1e79c
1c15ff1e843d27f33fbdeca30f5e514a776314ef79b3d402290cb4bf894da0e1
25f90a4f798d4bec59d1bd5a52ca0faab1890b4f226db6bf7902f22f6ab4eb56
263b489226d5de00389be959a3d5fe4ddbd6c4e21b39fd01d218252f406dc91b
2948737224c8c0ac458590d4187f8678fa1a744c6cd8ba690164a7afc603dfa5
3626bc98f1df5f582c8c378e5e159ee21f2512ce2cb5cae4b2ac9f27ba85f547
36f53d513f4ade6962ea9b5342113dfb07037c5c22252338ebecc6d20d4dd11e
6659cedf0baa76ed974eb4cf410285964e8491e5db8b6621be5308033ad12515
6ddced98e9c93e43ab0b48ce5688b14d1ff3c544fd2a7a7b37e04a28e95ae08e
74f5a3fbfa87ce7333aefde497bc7bff81c5e1aaa21d2a7fd93dd0847ddc15f4
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
ccfcc08bcc47330678dfa3ae89b38381deea22a86af8b765d41616ad8cec3c3b
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f3d49fb3952dd8ed34b05555cffd0921e2797c21314571fc1e4bc0b5aa4bbd32
f7af6ac19feb9a23cdfd1a06dd6d48aec7aab1b91370c4a84ba9b59ab60e214c
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

exfrrjqpif-988094.docusignininauthshare.workers.dev Open in urlscan Pro 2606:4700:3036::6815:20e5 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

19 Requests

100 %HTTPS

31 %IPv6

12 Domains

12 Subdomains

13 IPs

6 Countries

502 kBTransfer

694 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

1 Cookies

3 Console Messages

Security Headers

Indicators

exfrrjqpif-988094.docusignininauthshare.workers.dev Open in urlscan Pro
2606:4700:3036::6815:20e5 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

100 %
HTTPS

31 %
IPv6

12
Domains

12
Subdomains

13
IPs

6
Countries

502 kB
Transfer

694 kB
Size

1
Cookies

19 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!