input.ninja Open in urlscan Pro
72.52.217.213 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c
Submission: On February 10 via api (February 10th 2022, 4:23:48 pm UTC) from US — Scanned from DE

Summary HTTP 22 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 22 HTTP transactions. The main IP is 72.52.217.213, located in United States and belongs to LIQUIDWEB, US. The main domain is input.ninja.
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 1st 2022. Valid for: 3 months.

This is the only time input.ninja was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DocuSign (Online) GDrive and other (Online)

Domain & IP information

	IP Address	AS Autonomous System
21	72.52.217.213 72.52.217.213	32244 (LIQUIDWEB) (LIQUIDWEB)
1	104.219.248.46 104.219.248.46	22612 (NAMECHEAP...) (NAMECHEAP-NET)
22	2

21 72.52.217.213 (United States)

ASN32244 (LIQUIDWEB, US)
PTR: stargate.imagolabs.com

input.ninja	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.219.248.46 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: server139-2.web-hosting.com

shopget24.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	input.ninja input.ninja	132 KB
1	shopget24.com shopget24.com	176 B
22	2

	Domain	Requested by
21	input.ninja	input.ninja
1	shopget24.com	input.ninja
22	2

This site contains no links.

Subject Issuer	Validity	Valid
input.ninja cPanel, Inc. Certification Authority	`2022-02-01` - `2022-05-02`	3 months	crt.sh
shopget24.com Sectigo RSA Domain Validation Secure Server CA	`2021-08-27` - `2022-08-27`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c
Frame ID: 8C408BDADA9580182470E8BAA776B423
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

DocuSign

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

22
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

132 kB
Transfer

140 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request index2.php Show response input.ninja/ABS/DocuSign/auth/	7 KB 1 KB	3095ms 2795ms	Document text/html	72.52.217.213 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.52.217.213 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS stargate.imagolabs.com Software Apache / Resource Hash `c9084e7f83346452d61ead5861c79fc1c486ead52cb068b8492ee6e141c0e179` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers content-encoding gzip vary Accept-Encoding cache-control max-age=3600 expires Thu, 10 Feb 2022 17:23:39 GMT content-type text/html; charset=UTF-8 date Thu, 10 Feb 2022 16:23:39 GMT server Apache
GET H2	200	mobile-style.css input.ninja/ABS/DocuSign/auth/css/	6 KB 1 KB	132ms 131ms	Stylesheet text/css	72.52.217.213 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://input.ninja/ABS/DocuSign/auth/css/mobile-style.css Requested by Host: input.ninja URL: https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.52.217.213 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS stargate.imagolabs.com Software Apache / Resource Hash `de564746f96692beb6396032c64d25d989b3cc4f4e0d62edc212678d51da4861` Request headers Accept-Language de-DE,de;q=0.9 Referer https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 10 Feb 2022 16:23:42 GMT content-encoding gzip last-modified Sat, 17 Jul 2021 04:21:50 GMT server Apache vary Accept-Encoding,User-Agent content-type text/css cache-control public, must-revalidate, proxy-revalidate accept-ranges bytes content-length 867 expires Sat, 12 Mar 2022 16:23:42 GMT
GET H2	200	dsgn.png input.ninja/ABS/DocuSign/auth/img/	7 KB 8 KB	133ms 133ms	Image image/png	72.52.217.213 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://input.ninja/ABS/DocuSign/auth/img/dsgn.png Requested by Host: input.ninja URL: https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.52.217.213 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS stargate.imagolabs.com Software Apache / Resource Hash `fa2776137cbda7fb85aaa56be710f14e5d3d18e231756cfbe283a2938e7d6620` Request headers Accept-Language de-DE,de;q=0.9 Referer https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 10 Feb 2022 16:23:42 GMT last-modified Sat, 17 Jul 2021 04:21:50 GMT server Apache vary User-Agent content-type image/png cache-control public, must-revalidate, proxy-revalidate accept-ranges bytes content-length 7635 expires Sat, 12 Mar 2022 16:23:42 GMT
GET H2	200	em.png input.ninja/ABS/DocuSign/auth/img/	517 B 573 B	131ms 129ms	Image image/png	72.52.217.213 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://input.ninja/ABS/DocuSign/auth/img/em.png Requested by Host: input.ninja URL: https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.52.217.213 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS stargate.imagolabs.com Software Apache / Resource Hash `c7b07a0440ecfbd1f32110a6a5c7e92ecfe0200a65ba5fdd5660a98cf2294c09` Request headers Accept-Language de-DE,de;q=0.9 Referer https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 10 Feb 2022 16:23:42 GMT last-modified Sat, 17 Jul 2021 04:21:52 GMT server Apache vary User-Agent content-type image/png cache-control public, must-revalidate, proxy-revalidate accept-ranges bytes content-length 517 expires Sat, 12 Mar 2022 16:23:42 GMT
GET H2	200	pl.png input.ninja/ABS/DocuSign/auth/img/	2 KB 2 KB	131ms 129ms	Image image/png	72.52.217.213 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://input.ninja/ABS/DocuSign/auth/img/pl.png Requested by Host: input.ninja URL: https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.52.217.213 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS stargate.imagolabs.com Software Apache / Resource Hash `bd4ef9821aedbe2cb59323ab96d6c55400c0fc0f56292d528a4338b4d922f47a` Request headers Accept-Language de-DE,de;q=0.9 Referer https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 10 Feb 2022 16:23:42 GMT last-modified Sat, 17 Jul 2021 04:21:52 GMT server Apache vary User-Agent content-type image/png cache-control public, must-revalidate, proxy-revalidate accept-ranges bytes content-length 1703 expires Sat, 12 Mar 2022 16:23:42 GMT
GET H2	200	d2.png input.ninja/ABS/DocuSign/auth/img/	921 B 953 B	133ms 130ms	Image image/png	72.52.217.213 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://input.ninja/ABS/DocuSign/auth/img/d2.png Requested by Host: input.ninja URL: https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.52.217.213 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS stargate.imagolabs.com Software Apache / Resource Hash `e923ccc327cca82406d93806b3b542703d1c3c9324e808d2257b0a4b72186972` Request headers Accept-Language de-DE,de;q=0.9 Referer https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 10 Feb 2022 16:23:42 GMT last-modified Sat, 17 Jul 2021 04:21:52 GMT server Apache vary User-Agent content-type image/png cache-control public, must-revalidate, proxy-revalidate accept-ranges bytes content-length 921 expires Sat, 12 Mar 2022 16:23:42 GMT
GET H2	200	s_seee.png input.ninja/ABS/DocuSign/auth/img/	2 KB 2 KB	265ms 262ms	Image image/png	72.52.217.213 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://input.ninja/ABS/DocuSign/auth/img/s_seee.png Requested by Host: input.ninja URL: https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.52.217.213 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS stargate.imagolabs.com Software Apache / Resource Hash `341dc8a2f05f363511ccd444d63a96a8879b330eda50fabb581e1776751aa38d` Request headers Accept-Language de-DE,de;q=0.9 Referer https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 10 Feb 2022 16:23:42 GMT last-modified Sat, 17 Jul 2021 04:21:52 GMT server Apache vary User-Agent content-type image/png cache-control public, must-revalidate, proxy-revalidate accept-ranges bytes content-length 1939 expires Sat, 12 Mar 2022 16:23:42 GMT
GET H2	200	owl.png input.ninja/ABS/DocuSign/auth/img/	13 KB 13 KB	133ms 130ms	Image image/png	72.52.217.213 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://input.ninja/ABS/DocuSign/auth/img/owl.png Requested by Host: input.ninja URL: https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.52.217.213 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS stargate.imagolabs.com Software Apache / Resource Hash `b7fca5ccbdbf84cc964dc316c9a4589ab77eb9fa04f0d76eb13fd79f2442e01d` Request headers Accept-Language de-DE,de;q=0.9 Referer https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 10 Feb 2022 16:23:42 GMT last-modified Sat, 17 Jul 2021 04:28:06 GMT server Apache vary User-Agent content-type image/png cache-control public, must-revalidate, proxy-revalidate accept-ranges bytes content-length 13516 expires Sat, 12 Mar 2022 16:23:42 GMT
GET H2	200	look.png input.ninja/ABS/DocuSign/auth/img/	2 KB 2 KB	133ms 131ms	Image image/png	72.52.217.213 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://input.ninja/ABS/DocuSign/auth/img/look.png Requested by Host: input.ninja URL: https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.52.217.213 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS stargate.imagolabs.com Software Apache / Resource Hash `b43adb2cb8d9e0b37b8b965b86dac2831c24bc938ff2a0f6e7898c9fa3785b01` Request headers Accept-Language de-DE,de;q=0.9 Referer https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 10 Feb 2022 16:23:42 GMT last-modified Sat, 17 Jul 2021 04:21:50 GMT server Apache vary User-Agent content-type image/png cache-control public, must-revalidate, proxy-revalidate accept-ranges bytes content-length 1732 expires Sat, 12 Mar 2022 16:23:42 GMT
GET H2	200	a_o_l.png input.ninja/ABS/DocuSign/auth/img/	16 KB 17 KB	262ms 260ms	Image image/png	72.52.217.213 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://input.ninja/ABS/DocuSign/auth/img/a_o_l.png Requested by Host: input.ninja URL: https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.52.217.213 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS stargate.imagolabs.com Software Apache / Resource Hash `0585f4a7ff97d36a7df69409bcc81c809f0e94723a89a32194cd432fe85358fb` Request headers Accept-Language de-DE,de;q=0.9 Referer https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 10 Feb 2022 16:23:42 GMT last-modified Sat, 17 Jul 2021 06:20:04 GMT server Apache vary User-Agent content-type image/png cache-control public, must-revalidate, proxy-revalidate accept-ranges bytes content-length 16746 expires Sat, 12 Mar 2022 16:23:42 GMT
GET H2	200	a_l.png input.ninja/ABS/DocuSign/auth/img/	2 KB 2 KB	263ms 261ms	Image image/png	72.52.217.213 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://input.ninja/ABS/DocuSign/auth/img/a_l.png Requested by Host: input.ninja URL: https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.52.217.213 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS stargate.imagolabs.com Software Apache / Resource Hash `33f2eb65d5f07650ebd9de0121bea52909d8d22dcc73342f584bb6ca017216f9` Request headers Accept-Language de-DE,de;q=0.9 Referer https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 10 Feb 2022 16:23:42 GMT last-modified Sat, 17 Jul 2021 04:21:50 GMT server Apache vary User-Agent content-type image/png cache-control public, must-revalidate, proxy-revalidate accept-ranges bytes content-length 1959 expires Sat, 12 Mar 2022 16:23:42 GMT
GET H2	200	y_m.png input.ninja/ABS/DocuSign/auth/img/	29 KB 29 KB	264ms 262ms	Image image/png	72.52.217.213 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://input.ninja/ABS/DocuSign/auth/img/y_m.png Requested by Host: input.ninja URL: https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.52.217.213 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS stargate.imagolabs.com Software Apache / Resource Hash `80a9e683a71c219894ce54a3642712b2e4a15e89fe5503d8ee3636bb21f782fa` Request headers Accept-Language de-DE,de;q=0.9 Referer https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 10 Feb 2022 16:23:42 GMT last-modified Fri, 16 Jul 2021 21:02:26 GMT server Apache vary User-Agent content-type image/png cache-control public, must-revalidate, proxy-revalidate accept-ranges bytes content-length 29481 expires Sat, 12 Mar 2022 16:23:42 GMT
GET H2	200	y.png input.ninja/ABS/DocuSign/auth/img/	2 KB 2 KB	262ms 261ms	Image image/png	72.52.217.213 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://input.ninja/ABS/DocuSign/auth/img/y.png Requested by Host: input.ninja URL: https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.52.217.213 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS stargate.imagolabs.com Software Apache / Resource Hash `9af35f4bc12f609b907e306abdb1f1d702829402f99a3f7d1d860de8ec08b10e` Request headers Accept-Language de-DE,de;q=0.9 Referer https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 10 Feb 2022 16:23:42 GMT last-modified Sat, 17 Jul 2021 04:21:52 GMT server Apache vary User-Agent content-type image/png cache-control public, must-revalidate, proxy-revalidate accept-ranges bytes content-length 1936 expires Sat, 12 Mar 2022 16:23:42 GMT
GET H2	200	index.png input.ninja/ABS/DocuSign/auth/img/	8 KB 8 KB	390ms 388ms	Image image/png	72.52.217.213 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://input.ninja/ABS/DocuSign/auth/img/index.png Requested by Host: input.ninja URL: https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.52.217.213 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS stargate.imagolabs.com Software Apache / Resource Hash `9baa2501d93fcecd045572478652f3f5cf99d8dce4e53c2a074dde60bcb22f59` Request headers Accept-Language de-DE,de;q=0.9 Referer https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 10 Feb 2022 16:23:42 GMT last-modified Sat, 17 Jul 2021 04:21:50 GMT server Apache vary User-Agent content-type image/png cache-control public, must-revalidate, proxy-revalidate accept-ranges bytes content-length 8196 expires Sat, 12 Mar 2022 16:23:42 GMT
GET H2	200	go.png input.ninja/ABS/DocuSign/auth/img/	2 KB 2 KB	393ms 391ms	Image image/png	72.52.217.213 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://input.ninja/ABS/DocuSign/auth/img/go.png Requested by Host: input.ninja URL: https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.52.217.213 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS stargate.imagolabs.com Software Apache / Resource Hash `d54889fee19017fe0fb248c07574250db3da567029868732074d3e450281c27c` Request headers Accept-Language de-DE,de;q=0.9 Referer https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 10 Feb 2022 16:23:42 GMT last-modified Sat, 17 Jul 2021 04:21:52 GMT server Apache vary User-Agent content-type image/png cache-control public, must-revalidate, proxy-revalidate accept-ranges bytes content-length 2039 expires Sat, 12 Mar 2022 16:23:42 GMT
GET H2	200	365.png input.ninja/ABS/DocuSign/auth/img/	2 KB 2 KB	393ms 391ms	Image image/png	72.52.217.213 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://input.ninja/ABS/DocuSign/auth/img/365.png Requested by Host: input.ninja URL: https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.52.217.213 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS stargate.imagolabs.com Software Apache / Resource Hash `8720a28a7f66196e39de136fb8ccbbf8c192391d78442ccc54a5796dcddfcae2` Request headers Accept-Language de-DE,de;q=0.9 Referer https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 10 Feb 2022 16:23:42 GMT last-modified Sat, 17 Jul 2021 04:21:52 GMT server Apache vary User-Agent content-type image/png cache-control public, must-revalidate, proxy-revalidate accept-ranges bytes content-length 2290 expires Sat, 12 Mar 2022 16:23:42 GMT
GET H2	200	off.png input.ninja/ABS/DocuSign/auth/img/	2 KB 2 KB	393ms 391ms	Image image/png	72.52.217.213 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://input.ninja/ABS/DocuSign/auth/img/off.png Requested by Host: input.ninja URL: https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.52.217.213 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS stargate.imagolabs.com Software Apache / Resource Hash `09be398f7896ac38fa91056bfc3dc45d4845b328cfe0e71607b7aaac0fc569c2` Request headers Accept-Language de-DE,de;q=0.9 Referer https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 10 Feb 2022 16:23:42 GMT last-modified Sat, 17 Jul 2021 04:21:52 GMT server Apache vary User-Agent content-type image/png cache-control public, must-revalidate, proxy-revalidate accept-ranges bytes content-length 1744 expires Sat, 12 Mar 2022 16:23:42 GMT
GET H2	200	spr.png input.ninja/ABS/DocuSign/auth/img/	4 KB 4 KB	393ms 392ms	Image image/png	72.52.217.213 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://input.ninja/ABS/DocuSign/auth/img/spr.png Requested by Host: input.ninja URL: https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.52.217.213 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS stargate.imagolabs.com Software Apache / Resource Hash `2c851b274e54497e6290ce4e37686a435dfe7aa9a6f5380db0fdf5ae00481746` Request headers Accept-Language de-DE,de;q=0.9 Referer https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 10 Feb 2022 16:23:42 GMT last-modified Sat, 17 Jul 2021 04:21:52 GMT server Apache vary User-Agent content-type image/png cache-control public, must-revalidate, proxy-revalidate accept-ranges bytes content-length 3667 expires Sat, 12 Mar 2022 16:23:42 GMT
GET H2	200	gm.png input.ninja/ABS/DocuSign/auth/img/	2 KB 2 KB	393ms 392ms	Image image/png	72.52.217.213 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://input.ninja/ABS/DocuSign/auth/img/gm.png Requested by Host: input.ninja URL: https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.52.217.213 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS stargate.imagolabs.com Software Apache / Resource Hash `4ecd1784399d6be5b0b70e1ccbdeaf187a6c7a16b6d55c13f57da78950bc185a` Request headers Accept-Language de-DE,de;q=0.9 Referer https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 10 Feb 2022 16:23:42 GMT last-modified Sat, 17 Jul 2021 04:21:52 GMT server Apache vary User-Agent content-type image/png cache-control public, must-revalidate, proxy-revalidate accept-ranges bytes content-length 2087 expires Sat, 12 Mar 2022 16:23:42 GMT
GET H2	200	f.png input.ninja/ABS/DocuSign/auth/img/	4 KB 4 KB	389ms 388ms	Image image/png	72.52.217.213 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://input.ninja/ABS/DocuSign/auth/img/f.png Requested by Host: input.ninja URL: https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.52.217.213 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS stargate.imagolabs.com Software Apache / Resource Hash `7b97b79b30f061007e3facc87d2b18059f2e4fd114a749273e6d9e41e09cd197` Request headers Accept-Language de-DE,de;q=0.9 Referer https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 10 Feb 2022 16:23:42 GMT last-modified Sat, 17 Jul 2021 07:56:20 GMT server Apache vary User-Agent content-type image/png cache-control public, must-revalidate, proxy-revalidate accept-ranges bytes content-length 4351 expires Sat, 12 Mar 2022 16:23:42 GMT
GET H2	200	hack-run.png shopget24.com/images/sampledata/	0 176 B	532ms 192ms	Image image/png	104.219.248.46 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://shopget24.com/images/sampledata/hack-run.png Requested by Host: input.ninja URL: https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.219.248.46 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server139-2.web-hosting.com Software LiteSpeed / PHP/7.2.34 Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language de-DE,de;q=0.9 Referer https://input.ninja/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 10 Feb 2022 16:23:44 GMT server LiteSpeed x-powered-by PHP/7.2.34 content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed content-length 0 expires Thu, 17 Feb 2022 16:23:44 GMT
GET H2	200	c.png input.ninja/ABS/DocuSign/auth/css/	28 KB 28 KB	388ms 388ms	Image image/png	72.52.217.213 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://input.ninja/ABS/DocuSign/auth/css/c.png Requested by Host: input.ninja URL: https://input.ninja/ABS/DocuSign/auth/css/mobile-style.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.52.217.213 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS stargate.imagolabs.com Software Apache / Resource Hash `cc9ea448c8aab3d483e370221f8766c9b1686610a76997cbcc711feee32de804` Request headers Accept-Language de-DE,de;q=0.9 Referer https://input.ninja/ABS/DocuSign/auth/css/mobile-style.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 10 Feb 2022 16:23:42 GMT last-modified Sat, 17 Jul 2021 07:53:20 GMT server Apache vary User-Agent content-type image/png cache-control public, must-revalidate, proxy-revalidate accept-ranges bytes content-length 28620 expires Sat, 12 Mar 2022 16:23:42 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DocuSign (Online) GDrive and other (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c Message: Mixed Content: The page at 'https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c' was loaded over HTTPS, but requested an insecure element 'http://shopget24.com/images/sampledata/hack-run.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c Message: Mixed Content: The page at 'https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c' was loaded over HTTPS, but requested an insecure element 'http://shopget24.com/images/sampledata/hack-run.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

input.ninja
shopget24.com
104.219.248.46
72.52.217.213
0585f4a7ff97d36a7df69409bcc81c809f0e94723a89a32194cd432fe85358fb
09be398f7896ac38fa91056bfc3dc45d4845b328cfe0e71607b7aaac0fc569c2
2c851b274e54497e6290ce4e37686a435dfe7aa9a6f5380db0fdf5ae00481746
33f2eb65d5f07650ebd9de0121bea52909d8d22dcc73342f584bb6ca017216f9
341dc8a2f05f363511ccd444d63a96a8879b330eda50fabb581e1776751aa38d
4ecd1784399d6be5b0b70e1ccbdeaf187a6c7a16b6d55c13f57da78950bc185a
7b97b79b30f061007e3facc87d2b18059f2e4fd114a749273e6d9e41e09cd197
80a9e683a71c219894ce54a3642712b2e4a15e89fe5503d8ee3636bb21f782fa
8720a28a7f66196e39de136fb8ccbbf8c192391d78442ccc54a5796dcddfcae2
9af35f4bc12f609b907e306abdb1f1d702829402f99a3f7d1d860de8ec08b10e
9baa2501d93fcecd045572478652f3f5cf99d8dce4e53c2a074dde60bcb22f59
b43adb2cb8d9e0b37b8b965b86dac2831c24bc938ff2a0f6e7898c9fa3785b01
b7fca5ccbdbf84cc964dc316c9a4589ab77eb9fa04f0d76eb13fd79f2442e01d
bd4ef9821aedbe2cb59323ab96d6c55400c0fc0f56292d528a4338b4d922f47a
c7b07a0440ecfbd1f32110a6a5c7e92ecfe0200a65ba5fdd5660a98cf2294c09
c9084e7f83346452d61ead5861c79fc1c486ead52cb068b8492ee6e141c0e179
cc9ea448c8aab3d483e370221f8766c9b1686610a76997cbcc711feee32de804
d54889fee19017fe0fb248c07574250db3da567029868732074d3e450281c27c
de564746f96692beb6396032c64d25d989b3cc4f4e0d62edc212678d51da4861
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e923ccc327cca82406d93806b3b542703d1c3c9324e808d2257b0a4b72186972
fa2776137cbda7fb85aaa56be710f14e5d3d18e231756cfbe283a2938e7d6620

input.ninja Open in urlscan Pro 72.52.217.213 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

22 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

132 kBTransfer

140 kBSize

0 Cookies

0 Outgoing links

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

input.ninja Open in urlscan Pro
72.52.217.213 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

132 kB
Transfer

140 kB
Size

0
Cookies

22 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!