Windows Analysis Report
FW+Review_&_sign_Docu+#31617+Contract_Agreement+Docusign+Licensing+Board+Of+Directors.pdf.eml

• EGA enabled

• Found application associated with file extension: .eml

{
    "explanation": [
        "The email contains suspicious formatting in the subject line with underscores and unusual capitalization typical of phishing attempts",
        "The sender claims to be DocuSign but uses an unusual email format 'dse_na2@docusign.net' and includes a suspicious security code format",
        "The email contains multiple redirected links through protection.sophos.com, which is unusual for legitimate DocuSign communications"
    ],
    "phishing": true,
    "confidence": 9
}

{
    "date": "Tue, 05 Nov 2024 22:26:49 +0000", 
    "subject": "FW: Review_&_sign_Docu: #31617 Contract_Agreement: Docusign Licensing Board Of Directors.pdf", 
    "communications": [
        "Ce message a t envoy de l'extrieur de l'organisation - This message was sent from outside your organization.\n\nI believe that the email that David received and forwarded to me is Spam.  Please confirm.\n\nHeather Gordon, (she/her) CA, CPA., MAcc.\nManaging Principal, Finance & Administration\n\n286 Sanford Ave. N.                           905.526.6700 x245\nWestinghouse HQ, 2nd Floor           416.723.9886\nHamilton, ON L8L 6A1                       heatherg@mccallumsather.com\nmcCallumSather.com<https://eu-west-1.protection.sophos.com?d=mccallumsather.com&u=aHR0cDovL3d3dy5tY2NhbGx1bXNhdGhlci5jb20v&p=m&i=NjEwYjE2Y2U0Zjc0MWMwZTk2MmNlZjk5&t=NmsxendTVkNDU1MrQkVRR0JSUC9hMUI3WUJpbXlFVEkwMGIrZTRvVTN4Yz0=&h=f21097c3ff21461ca24d2bc9ab68e812&s=AVNPUEhUT0NFTkNSWVBUSVZepRahezh_GIycWZDQIVhBnwg07hL9dOfaurSPlgiveA>\n[cid:image002.png@01DB2FA7.E492A020]\n\n", 
        "From: David Riley <davidr@mccallumsather.com>\nSent: November 5, 2024 12:49 PM\nTo: Heather Gordon <heatherg@mccallumsather.com>\nSubject: FW: Review_&_sign_Docu: #31617 Contract_Agreement: Docusign Licensing Board Of Directors.pdf\n\nFYI below is what was sent my way.\n\nCheers,\n\n\n\n\nDavid Riley, P. Eng., PMP, LEED AP BD+C\nSenior Associate, Mechanical Engineer\n\n286 Sanford Ave. N.                           905.526.6700 x263\nWestinghouse HQ, 2nd Floor           905.516.0666\nHamilton, ON L8L 6A1                       davidr@mccallumsather.com\n\nmcCallumSather.com<https://eu-west-1.protection.sophos.com?d=mcallumsather.com&u=aHR0cDovL3d3dy5tY2FsbHVtc2F0aGVyLmNvbS8=&p=m&i=NjEwYjE2Y2U0Zjc0MWMwZTk2MmNlZjk5&t=TFpsckJFVi94Q2F2VWNiQXhjV0dXM0hBa2lBMkdhbjA1d3Nsby9Sa1h3Yz0=&h=f21097c3ff21461ca24d2bc9ab68e812&s=AVNPUEhUT0NFTkNSWVBUSVZepRahezh_GIycWZDQIVhBnwg07hL9dOfaurSPlgiveA>\n\n[cid:image001.png@01DB2F81.0C1040C0]\n\n", 
        "From: DocuSign System <dse_na2@docusign.net<mailto:dse_na2@docusign.net>>\nSent: October 31, 2024 1:12 PM\nTo: David Riley <davidr@mccallumsather.com<mailto:davidr@mccallumsather.com>>\nSubject: Review_&_sign_Docu: #31617 Contract_Agreement: Docusign Licensing Board Of Directors.pdf\n\n\n[Image removed by sender. DocuSign]\n[Image removed by sender.]\nDocusign - Licensing Board Of Directors sent you a document to review and sign.\n\n       REVIEW DOCUMENT       <https://us-east-2.protection.sophos.com?d=docusign.net&u=aHR0cHM6Ly9uYTIuZG9jdXNpZ24ubmV0L1NpZ25pbmcvRW1haWxTdGFydC5hc3B4P2E9MDY5NzQ0M2QtYzdhZi00NTZjLTg5OWItNjAzNTE0MGE2YmNmJmV0dGk9MjQmYWNjdD1lOTgzNzk5Ny03MTA2LTQxMDQtODA5OS1jZTlkNjJkMmEzNWImZXI9YmE0YzJlYjItODA0Mi00YzE2LWI3MmItNDliMzUwNTM1YWFi&p=m&i=NjAwMDRkYmNjNzQ1NDY0ODkyYTNlZmQw&t=UWg3cytBZTBvSnBHaXkvMDFhSjIzaE1iNEx4NmNneHBwSjkrRVZNOXg3dz0=&h=e31e2a87bb4847f999cfc79b960b4445&s=AVNPUEhUT0NFTkNSWVBUSVaRXvLxh7UTuVLmlaqXvLZH__URHKprSyEr4bUyaFsVWg>\n[Image removed by sender. Picture of Docusign - Licensing Board Of Directors]\nDocusign - Licensing Board Of Directors\nrenee@placementsource.com<mailto:renee@placementsource.com>\nDocusign Licensing Board Of Directors\n\nDo Not Share This Email\nThis email contains a secure link to Docusign. Please do not share this email, link, or access code with others.\n\nAlternate Signing Method\nVisit Docusign.com, click 'Access Documents', and enter the security code:\n0697443DC7AF456C899B6035140A6BCF2\n\nAbout Docusign\nSign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go -- or even across the globe -- Docusign provides a professional trusted solution for Digital Transaction Management.\n\nQuestions about the Document?\nIf you need to modify the document or have questions about the details in the document, please reach out to the sender by emailing them directly.\n\nStop receiving this email\nReport this email<https://us-east-2.protection.sophos.com?d=docusign.net&u=aHR0cHM6Ly9wcm90ZWN0LmRvY3VzaWduLm5ldC9yZXBvcnQtYWJ1c2U_ZT1BVXRvbWpwRmFrOUdsYlBMMHpGRmkxM1hvZTVVMEx4ODRFdmpsMnJaM0hJejlPMkpOWlZRc1AzYUlKWV85YkhGMmVacG9BUmdKUGJkV2RCeEFUb0JQWldRQVJaLUp3SDRwZW5uNzdsbk85OGR0OHB2YUZVRldjSi04WnpZVVZpaXRUaXRRdVFVc3A2akd4LUZKM2trX0ZqU3NMZ2pQMmhyckZ0YUpTSEhqNmY3SE44eVRINVQyOXRNNkNUdDlvSENsR0JIdUpJaFhocl9hSkcxVDR1N3RyLVF2bk5GV2IzUDBEZ1ZFTWVFeDJJa0NiNFdtbEd6NTh1XzBldFFaY0ZYeGt1VlBJMS02VHJicFZuOVREUF9zYUlURGIyQkZZSlpvSUs3V2dwLW56MVExdDlMVU96dU9kejQxLW9YSGNXdDdwSEw0Z0hDaTEyV01Ld1JncWtINjNIcmljcmdqT3BVZXFvYWdDY0JXS2R5UkJ0MXZ2R3NwXzZMcm9HeWZQOTctb25ZLVZiQTVHRHhicE5SVGdwSTRFSlM0TTFJa3JHWk5yTHEzalVQejlydlJCNUs3eEsycWQ3Y0NHRGR2RW13RkEmbGFuZz1lbg==&p=m&i=NjAwMDRkYmNjNzQ1NDY0ODkyYTNlZmQw&t=QldqMGgrWmpTSk4zUElPbTNFUWJZSHBtL0gySy9FNGYwaTRSaWFpUDg0OD0=&h=e31e2a87bb4847f999cfc79b960b4445&s=AVNPUEhUT0NFTkNSWVBUSVaRXvLxh7UTuVLmlaqXvLZH__URHKprSyEr4bUyaFsVWg> or read more about Declining to sign<https://us-east-2.protection.sophos.com?d=docusign.com&u=aHR0cHM6Ly9zdXBwb3J0LmRvY3VzaWduLmNvbS9lbi9ndWlkZXMvRGVjbGluaW5nLXRvLXNpZ24tRG9jdVNpZ24tU2lnbmVyLUd1aWRl&p=m&i=NjAwMDRkYmNjNzQ1NDY0ODkyYTNlZmQw&t=VEtMeDlKNEM1bUdmTUdZeE9kT3FFWERsQklWbWJSSU8xR1RHN2lFdTB0ND0=&h=e31e2a87bb4847f999cfc79b960b4445&s=AVNPUEhUT0NFTkNSWVBUSVaRXvLxh7UTuVLmlaqXvLZH__URHKprSyEr4bUyaFsVWg> and Managing notifications<https://us-east-2.protection.sophos.com?d=docusign.com&u=aHR0cHM6Ly9zdXBwb3J0LmRvY3VzaWduLmNvbS9lbi9hcnRpY2xlcy9Ib3ctZG8tSS1tYW5hZ2UtbXktZW1haWwtbm90aWZpY2F0aW9ucw==&p=m&i=NjAwMDRkYmNjNzQ1NDY0ODkyYTNlZmQw&t=RDBwdi9hVGJ0K1N4S1pvVlR3R3RHUTd6cEtwVXR0NmhWQlRnUFNvTDlxWT0=&h=e31e2a87bb4847f999cfc79b960b4445&s=AVNPUEhUT0NFTkNSWVBUSVaRXvLxh7UTuVLmlaqXvLZH__URHKprSyEr4bUyaFsVWg>.\n\nIf you have trouble signing, visit \"How to Sign a Document<https://us-east-2.protection.sophos.com?d=docusign.com&u=aHR0cHM6Ly9zdXBwb3J0LmRvY3VzaWduLmNvbS9zL2FydGljbGVzL0hvdy1kby1JLXNpZ24tYS1Eb2N1U2lnbi1kb2N1bWVudC1CYXNpYy1TaWduaW5nP2xhbmd1YWdlPWVuX1VTJnV0bV9jYW1wYWlnbj1HQkxfWFhfREJVX1VQU18yMjExX1NpZ25Ob3RpZmljYXRpb25FbWFpbEZvb3RlciZ1dG1fbWVkaXVtPXByb2R1Y3QmdXRtX3NvdXJjZT1wb3N0c2VuZA==&p=m&i=NjAwMDRkYmNjNzQ1NDY0ODkyYTNlZmQw&t=Zm4rUWtjVlVQbjBHbUVWVHJsNnI0WmgrdFRWd3YxMnd4Nlk1SlVQU1NjND0=&h=e31e2a87bb4847f999cfc79b960b4445&s=AVNPUEhUT0NFTkNSWVBUSVaRXvLxh7UTuVLmlaqXvLZH__URHKprSyEr4bUyaFsVWg>\" on our Docusign Support Center<https://us-east-2.protection.sophos.com?d=docusign.com&u=aHR0cHM6Ly9zdXBwb3J0LmRvY3VzaWduLmNvbS8=&p=m&i=NjAwMDRkYmNjNzQ1NDY0ODkyYTNlZmQw&t=K0dHSXgwbitTRm0vWkVhWExkU1h2bXpydTBNNnVaRXhiNVhPdnFTZWdMZz0=&h=e31e2a87bb4847f999cfc79b960b4445&s=AVNPUEhUT0NFTkNSWVBUSVaRXvLxh7UTuVLmlaqXvLZH__URHKprSyEr4bUyaFsVWg>, or browse our Docusign Community<https://us-east-2.protection.sophos.com?d=docusign.com&u=aHR0cHM6Ly9jb21tdW5pdHkuZG9jdXNpZ24uY29tL2VzaWduYXR1cmUtMTExP3V0bV9jYW1wYWlnbj1HQkxfVVNfUFJEX0FXQV8yNDA1X0NvbW11bml0eUNUQSZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9zb3VyY2U9cG9zdHNlbmQ=&p=m&i=NjAwMDRkYmNjNzQ1NDY0ODkyYTNlZmQw&t=bVd0RCswbE1XaWRlMjhYYmVSR1JyWm4zS3ArWFVTOGlyOUZheU4xNUJvYz0=&h=e31e2a87bb4847f999cfc79b960b4445&s=AVNPUEhUT0NFTkNSWVBUSVaRXvLxh7UTuVLmlaqXvLZH__URHKprSyEr4bUyaFsVWg> for more information.\n\n[Image removed by sender.]Download the Docusign App <https://us-east-2.protection.sophos.com?d=docusign.com&u=aHR0cHM6Ly93d3cuZG9jdXNpZ24uY29tL2ZlYXR1cmVzLWFuZC1iZW5lZml0cy9tb2JpbGU_dXRtX2NhbXBhaWduPUdCTF9YWF9EQlVfVVBTXzIyMTFfU2lnbk5vdGlmaWNhdGlvbkVtYWlsRm9vdGVyJnV0bV9tZWRpdW09cHJvZHVjdCZ1dG1fc291cmNlPXBvc3RzZW5k&p=m&i=NjAwMDRkYmNjNzQ1NDY0ODkyYTNlZmQw&t=SVRMR1ErZmFkTmN6NUhZc2NYK1JyN0xwR2ZRZDBqcmlTOTgrMysrMXRYcz0=&h=e31e2a87bb4847f999cfc79b960b4445&s=AVNPUEhUT0NFTkNSWVBUSVaRXvLxh7UTuVLmlaqXvLZH__URHKprSyEr4bUyaFsVWg>\n\nThis message was sent to you by Docusign - Licensing Board Of Directors who is using the Docusign Electronic Signature Service. If you would rather not receive email from this sender you may contact the sender with your request.\n\n"
    ], 
    "from": "Heather Gordon <heatherg@mccallumsather.com>", 
    "to": "Quadbridge Support <support@quadbridge.com>", 
    "attachements": [
        "~WRD0000.jpg", 
        "image001.png", 
        "image002.png"
    ]
}

```json
{
  "contains_trigger_text": true,
  "trigger_text": "Review_& _sign_Doc#:31617 Contract_Agreement: Docusign Licensing Board Of Directors.pdf",
  "prominent_button_name": "unknown",
  "text_input_field_labels": [
    "To: Heather Gordon <heather@mccallumsather.com>",
    "Subject: FW: Review_& _sign_Doc#:31617 Contract_Agreement: Docusign Licensing Board Of Directors.pdf"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}

```json
{
  "brands": [
    "McCallumSather"
  ]
}

```json
{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: URL: https://na2.docusign.net

```json
{
  "brands": [
    "Docusign"
  ]
}