Submitted URL: https://ergothioneine.xyz/bnj/confirm.php
Effective URL: https://account.docusign.com/
Submission: On January 11 via automatic, source openphish

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 11 HTTP transactions. The main IP is 185.81.100.38, located in Germany and belongs to DOCUS-6-PROD, US. The main domain is account.docusign.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on January 9th 2020. Valid for: 2 years.
This is the only time account.docusign.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 181.174.164.125 52469 (Offshore ...)
11 185.81.100.38 62856 (DOCUS-6-PROD)
11 1
Apex Domain
Subdomains
Transfer
11 docusign.com
account.docusign.com
999 KB
1 ergothioneine.xyz
ergothioneine.xyz
250 B
11 2
Domain Requested by
11 account.docusign.com account.docusign.com
1 ergothioneine.xyz 1 redirects
11 2

This site contains links to these domains. Also see Links.

Domain
www.docusign.com
Subject Issuer Validity Valid
account.docusign.com
DigiCert SHA2 Extended Validation Server CA
2020-01-09 -
2022-03-26
2 years crt.sh

This page contains 1 frames:

Primary Page: https://account.docusign.com/
Frame ID: E69C3FFC1F396C8A561547BBF321841F
Requests: 11 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://ergothioneine.xyz/bnj/confirm.php HTTP 302
    https://account.docusign.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Page Statistics

11
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

999 kB
Transfer

994 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ergothioneine.xyz/bnj/confirm.php HTTP 302
    https://account.docusign.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Cookie set /
account.docusign.com/
Redirect Chain
  • https://ergothioneine.xyz/bnj/confirm.php
  • https://account.docusign.com/
62 KB
64 KB
Document
General
Full URL
https://account.docusign.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.81.100.38 , Germany, ASN62856 (DOCUS-6-PROD, US),
Reverse DNS
Software
/
Resource Hash
984ec001423c06592defb5e23266a626390d0d30aefd151b7d76b8ab917d77cc
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self';style-src 'unsafe-inline' 'self';img-src data: https://docucdn-a.akamaihd.net 'self' https://*.docusign.com https://*.docusign.net https://www.docusign.com.au https://www.docusign.co.uk https://www.docusign.ca;font-src 'self' https://* data:;connect-src 'self' data:;object-src 'none';media-src 'none';frame-src https://docusign.sjv.io https://*.docusign.com; report-uri /client-errors/csp/enforce
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block; report=/client-errors/xss

Request headers

Host
account.docusign.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Content-Type
text/html; charset=utf-8
Expires
-1
X-DocuSign-TraceToken
699d0c08-3b73-4d50-a413-b35b0cb43090
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
script-src 'unsafe-inline' 'unsafe-eval' 'self';style-src 'unsafe-inline' 'self';img-src data: https://docucdn-a.akamaihd.net 'self' https://*.docusign.com https://*.docusign.net https://www.docusign.com.au https://www.docusign.co.uk https://www.docusign.ca;font-src 'self' https://* data:;connect-src 'self' data:;object-src 'none';media-src 'none';frame-src https://docusign.sjv.io https://*.docusign.com; report-uri /client-errors/csp/report
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self';style-src 'unsafe-inline' 'self';img-src data: https://docucdn-a.akamaihd.net 'self' https://*.docusign.com https://*.docusign.net https://www.docusign.com.au https://www.docusign.co.uk https://www.docusign.ca;font-src 'self' https://* data:;connect-src 'self' data:;object-src 'none';media-src 'none';frame-src https://docusign.sjv.io https://*.docusign.com; report-uri /client-errors/csp/enforce
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-XSS-Protection
1; mode=block; report=/client-errors/xss
Set-Cookie
__RequestVerificationToken=ARAJi1bifNAQGk9W0ur4ukoB0; path=/; secure; HttpOnly
X-DocuSign-Node
FR2FE22
Date
Mon, 11 Jan 2021 13:18:17 GMT
Content-Length
63988

Redirect headers

Date
Mon, 11 Jan 2021 13:18:17 GMT
Server
Apache
Location
https://account.docusign.com/#/username
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
app
account.docusign.com/LoginAppNext/styles/olive/and/
236 KB
237 KB
Stylesheet
General
Full URL
https://account.docusign.com/LoginAppNext/styles/olive/and/app?v=7_dKAUfFq_HQdBnGB4k7hYZKoOae-bgnT30ORlEXHEk1
Requested by
Host: account.docusign.com
URL: https://account.docusign.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.81.100.38 , Germany, ASN62856 (DOCUS-6-PROD, US),
Reverse DNS
Software
/
Resource Hash
f39daa36e62d2902109b1971bcd36cee542b3c0a67d27fa7388ef7e12923594c

Request headers

Referer
https://account.docusign.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 11 Jan 2021 13:18:18 GMT
Last-Modified
Mon, 11 Jan 2021 13:18:18 GMT
X-DocuSign-Node
FR1FE21
Vary
User-Agent
Content-Type
text/css; charset=utf-8
Cache-Control
public
Content-Length
241976
Expires
Tue, 11 Jan 2022 13:18:18 GMT
core_via_npm
account.docusign.com/LoginAppNext/
367 KB
367 KB
Script
General
Full URL
https://account.docusign.com/LoginAppNext/core_via_npm?v=HmqVrseATw9A8eLx4-PxjAKYi3QSWgFzyC0R2L_sc9Q1
Requested by
Host: account.docusign.com
URL: https://account.docusign.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.81.100.38 , Germany, ASN62856 (DOCUS-6-PROD, US),
Reverse DNS
Software
/
Resource Hash
6be83f132e3b23c96ec90857636dabb56f323891c67bf16d70bd6919a894140f

Request headers

Referer
https://account.docusign.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 11 Jan 2021 13:18:18 GMT
Last-Modified
Mon, 11 Jan 2021 13:18:18 GMT
X-DocuSign-Node
FR1FE21
Vary
User-Agent
Content-Type
text/javascript; charset=utf-8
Cache-Control
public
Content-Length
375684
Expires
Tue, 11 Jan 2022 13:18:18 GMT
templates
account.docusign.com/LoginAppNext/
102 KB
102 KB
Script
General
Full URL
https://account.docusign.com/LoginAppNext/templates?v=IVfFjLGjkTiii9cBKbhQ_LTkqNG3c5vrtOuidn34NuY1
Requested by
Host: account.docusign.com
URL: https://account.docusign.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.81.100.38 , Germany, ASN62856 (DOCUS-6-PROD, US),
Reverse DNS
Software
/
Resource Hash
37e74b92bd330137a56e9996c1f52f88af7ce747e2c58ceec1b7bef2cb24cd1c

Request headers

Referer
https://account.docusign.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 11 Jan 2021 13:18:18 GMT
Last-Modified
Mon, 11 Jan 2021 13:18:18 GMT
X-DocuSign-Node
FR2FE21
Vary
User-Agent
Content-Type
text/javascript; charset=utf-8
Cache-Control
public
Content-Length
104059
Expires
Tue, 11 Jan 2022 13:18:18 GMT
app
account.docusign.com/Scripts/
125 KB
125 KB
Script
General
Full URL
https://account.docusign.com/Scripts/app?v=A8ZVrOIIGPmHS86BU_lGqZk2rnco2ta95dH5YbRaGco1
Requested by
Host: account.docusign.com
URL: https://account.docusign.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.81.100.38 , Germany, ASN62856 (DOCUS-6-PROD, US),
Reverse DNS
Software
/
Resource Hash
5f16783706334c3df183e9c1b7ddeb0a8c7a7fa66386201ded7354b82ce5fbd3

Request headers

Referer
https://account.docusign.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 11 Jan 2021 13:18:18 GMT
Last-Modified
Mon, 11 Jan 2021 13:18:18 GMT
X-DocuSign-Node
FR2FE22
Vary
User-Agent
Content-Type
text/javascript; charset=utf-8
Cache-Control
public
Content-Length
127843
Expires
Tue, 11 Jan 2022 13:18:18 GMT
HelveticaNeueW01-55Roma.woff
account.docusign.com/LoginAppNext/styles/olive/fonts/
47 KB
47 KB
Font
General
Full URL
https://account.docusign.com/LoginAppNext/styles/olive/fonts/HelveticaNeueW01-55Roma.woff
Requested by
Host: account.docusign.com
URL: https://account.docusign.com/LoginAppNext/styles/olive/and/app?v=7_dKAUfFq_HQdBnGB4k7hYZKoOae-bgnT30ORlEXHEk1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.81.100.38 , Germany, ASN62856 (DOCUS-6-PROD, US),
Reverse DNS
Software
/
Resource Hash
dac5803d6cbe40244dfd39661406239f83e94e86c976e7229a4e35305a9b5efe

Request headers

Origin
https://account.docusign.com
Referer
https://account.docusign.com/LoginAppNext/styles/olive/and/app?v=7_dKAUfFq_HQdBnGB4k7hYZKoOae-bgnT30ORlEXHEk1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 11 Jan 2021 13:18:18 GMT
ETag
"3f6c962061ddd61:0"
Last-Modified
Mon, 28 Dec 2020 21:33:48 GMT
Accept-Ranges
bytes
X-DocuSign-Node
FR2FE22
Content-Length
47748
Content-Type
application/x-font-woff
docusign_logo_old_small.png
account.docusign.com/LoginAppNext/images/
5 KB
5 KB
Image
General
Full URL
https://account.docusign.com/LoginAppNext/images/docusign_logo_old_small.png
Requested by
Host: account.docusign.com
URL: https://account.docusign.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.81.100.38 , Germany, ASN62856 (DOCUS-6-PROD, US),
Reverse DNS
Software
/
Resource Hash
ee3cec3c33913424b8a94f2ba811277a4aaf0a8476d61653769c5d953ddeecbd

Request headers

Referer
https://account.docusign.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 11 Jan 2021 13:18:19 GMT
ETag
"306e872061ddd61:0"
Last-Modified
Mon, 28 Dec 2020 21:33:48 GMT
Accept-Ranges
bytes
X-DocuSign-Node
FR1FE21
Content-Length
5352
Content-Type
image/png
docusign_logo_small.png
account.docusign.com/LoginAppNext/images/
4 KB
4 KB
Image
General
Full URL
https://account.docusign.com/LoginAppNext/images/docusign_logo_small.png
Requested by
Host: account.docusign.com
URL: https://account.docusign.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.81.100.38 , Germany, ASN62856 (DOCUS-6-PROD, US),
Reverse DNS
Software
/
Resource Hash
e83f8d0b4a78d14185abfca96ee2fbaf18e396a047f725d944ff27a845787279

Request headers

Referer
https://account.docusign.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 11 Jan 2021 13:18:18 GMT
ETag
"306e872061ddd61:0"
Last-Modified
Mon, 28 Dec 2020 21:33:48 GMT
Accept-Ranges
bytes
X-DocuSign-Node
FR2FE22
Content-Length
4064
Content-Type
image/png
maven_pro_bold.woff
account.docusign.com/LoginAppNext/styles/olive/fonts/
33 KB
33 KB
Font
General
Full URL
https://account.docusign.com/LoginAppNext/styles/olive/fonts/maven_pro_bold.woff
Requested by
Host: account.docusign.com
URL: https://account.docusign.com/LoginAppNext/styles/olive/and/app?v=7_dKAUfFq_HQdBnGB4k7hYZKoOae-bgnT30ORlEXHEk1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.81.100.38 , Germany, ASN62856 (DOCUS-6-PROD, US),
Reverse DNS
Software
/
Resource Hash
8f6a520a392ff62149e5fc5aa87bfab9b3816cd6010d4d4fca194e8683ca498b

Request headers

Origin
https://account.docusign.com
Referer
https://account.docusign.com/LoginAppNext/styles/olive/and/app?v=7_dKAUfFq_HQdBnGB4k7hYZKoOae-bgnT30ORlEXHEk1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 11 Jan 2021 13:18:18 GMT
ETag
"6026ab2061ddd61:0"
Last-Modified
Mon, 28 Dec 2020 21:33:48 GMT
Accept-Ranges
bytes
X-DocuSign-Node
FR1FE22
Content-Length
33752
Content-Type
application/x-font-woff
olive-icons.woff
account.docusign.com/LoginAppNext/styles/olive/fonts/
13 KB
13 KB
Font
General
Full URL
https://account.docusign.com/LoginAppNext/styles/olive/fonts/olive-icons.woff
Requested by
Host: account.docusign.com
URL: https://account.docusign.com/LoginAppNext/styles/olive/and/app?v=7_dKAUfFq_HQdBnGB4k7hYZKoOae-bgnT30ORlEXHEk1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.81.100.38 , Germany, ASN62856 (DOCUS-6-PROD, US),
Reverse DNS
Software
/
Resource Hash
e335d0fea78a01565a4dca5f26503d15170ef4b6c9a855f5f1d5cac3ee6e9e6d

Request headers

Origin
https://account.docusign.com
Referer
https://account.docusign.com/LoginAppNext/styles/olive/and/app?v=7_dKAUfFq_HQdBnGB4k7hYZKoOae-bgnT30ORlEXHEk1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 11 Jan 2021 13:18:18 GMT
ETag
"7594ab2061ddd61:0"
Last-Modified
Mon, 28 Dec 2020 21:33:48 GMT
Accept-Ranges
bytes
X-DocuSign-Node
FR2FE21
Content-Length
13472
Content-Type
application/x-font-woff
client-perf
account.docusign.com/
0
1 KB
XHR
General
Full URL
https://account.docusign.com/client-perf
Requested by
Host: account.docusign.com
URL: https://account.docusign.com/LoginAppNext/core_via_npm?v=HmqVrseATw9A8eLx4-PxjAKYi3QSWgFzyC0R2L_sc9Q1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.81.100.38 , Germany, ASN62856 (DOCUS-6-PROD, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self';style-src 'unsafe-inline' 'self';img-src data: https://docucdn-a.akamaihd.net 'self' https://*.docusign.com https://*.docusign.net https://www.docusign.com.au https://www.docusign.co.uk https://www.docusign.ca;font-src 'self' https://* data:;connect-src 'self' data:;object-src 'none';media-src 'none';frame-src https://docusign.sjv.io https://*.docusign.com; report-uri /client-errors/csp/enforce
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block; report=/client-errors/xss

Request headers

Accept
application/json, text/plain, */*
Referer
https://account.docusign.com/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self';style-src 'unsafe-inline' 'self';img-src data: https://docucdn-a.akamaihd.net 'self' https://*.docusign.com https://*.docusign.net https://www.docusign.com.au https://www.docusign.co.uk https://www.docusign.ca;font-src 'self' https://* data:;connect-src 'self' data:;object-src 'none';media-src 'none';frame-src https://docusign.sjv.io https://*.docusign.com; report-uri /client-errors/csp/enforce
X-Content-Type-Options
nosniff
X-DocuSign-TraceToken
6e19e016-96b5-43a5-8750-6aae8c3416d7
X-DocuSign-Node
FR1FE21
X-Frame-Options
SAMEORIGIN
Cache-Control
no-cache, no-store, must-revalidate
Date
Mon, 11 Jan 2021 13:18:19 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy-Report-Only
script-src 'unsafe-inline' 'unsafe-eval' 'self';style-src 'unsafe-inline' 'self';img-src data: https://docucdn-a.akamaihd.net 'self' https://*.docusign.com https://*.docusign.net https://www.docusign.com.au https://www.docusign.co.uk https://www.docusign.ca;font-src 'self' https://* data:;connect-src 'self' data:;object-src 'none';media-src 'none';frame-src https://docusign.sjv.io https://*.docusign.com; report-uri /client-errors/csp/report
Content-Length
0
X-XSS-Protection
1; mode=block; report=/client-errors/xss
Expires
-1

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| htmlAttributeDecode object| fixtureInput object| fixture object| xsrfInputs object| xsrfFormTokenElement object| angular object| i18nlink object| localePolicy object| dsi18nlayer function| GDPRUtils object| LoginAppNext number| ng339

1 Cookies

Domain/Path Name / Value
account.docusign.com/ Name: __RequestVerificationToken
Value: ARAJi1bifNAQGk9W0ur4ukoB0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self';style-src 'unsafe-inline' 'self';img-src data: https://docucdn-a.akamaihd.net 'self' https://*.docusign.com https://*.docusign.net https://www.docusign.com.au https://www.docusign.co.uk https://www.docusign.ca;font-src 'self' https://* data:;connect-src 'self' data:;object-src 'none';media-src 'none';frame-src https://docusign.sjv.io https://*.docusign.com; report-uri /client-errors/csp/enforce
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block; report=/client-errors/xss