Windows Analysis Report
https://docsignfile.z13.web.core.windows.net/&redirect_mongo_id=66fea70f62194c155d978939&utm_source=Springbot&utm_medium=Email&utm_campaign=66fea70f62194c155d97893a

• EGA enabled

{
"brand":["docuSign"],
"contains_trigger_text":true,
"trigger_text":"Verify Your Identity",
"prominent_button_name":"Next",
"text_input_field_labels":["Email Address"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

{
"phishing_score":8,
"brands":"docuSign",
"legit_domain":"docusign.com",
"classification":"wellknown",
"reasons":["The brand 'DocuSign' is well-known and typically associated with the domain 'docusign.com'.",
"The URL 'docsignfile.z13.web.core.windows.net' does not match the legitimate domain 'docusign.com'.",
"The URL uses a subdomain of 'web.core.windows.net',
 which is a Microsoft Azure cloud service domain. This can be legitimate if used by a verified customer,
 but it is also commonly used in phishing attempts.",
"The URL contains 'docsignfile',
 which is a partial match and could be an attempt to mimic 'DocuSign'.",
"The presence of an input field for 'Email Address' is typical for phishing sites attempting to harvest credentials."],
"brand_matches":[false],
"url_match":false,
"brand_input":"docuSign",
"input_fields":"Email Address"}

{
"brand":["ceo-pdf.com"],
"contains_trigger_text":true,
"trigger_text":"ceo-pdf.com needs to review the security of your connection before proceeding.",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":true,
"has_urgent_text":false,
"has_visible_qrcode":false}

{
"brand":["Cloudflare"],
"contains_trigger_text":true,
"trigger_text":"Verifying you are human. This may take a few seconds.",
"prominent_button_name":"Verifying...",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":true,
"has_urgent_text":false,
"has_visible_qrcode":false}

{
"phishing_score":5,
"brands":"ceo-pdf.com",
"legit_domain":"ceo-pdf.com",
"classification":"unknown",
"reasons":["The brand name 'ceo-pdf.com' is not recognized as a well-known or known brand.",
"The URL 'ceo-pdf.com' does not match any known legitimate domain associated with a recognized brand.",
"The domain name does not contain any obvious misspellings or suspicious elements,
 but it is not associated with a known brand.",
"The lack of input fields information makes it difficult to assess the site's functionality and potential phishing intent."],
"brand_matches":[false],
"url_match":false,
"brand_input":"ceo-pdf.com",
"input_fields":"unknown"}

{
"brand":["Cloudflare"],
"contains_trigger_text":true,
"trigger_text":"Verify you are human by completing the action below",
"prominent_button_name":"Verify you are human",
"text_input_field_labels":["Verify you are human"],
"pdf_icon_visible":false,
"has_visible_captcha":true,
"has_urgent_text":false,
"has_visible_qrcode":false}

{
"phishing_score":8,
"brands":"Cloudflare",
"legit_domain":"cloudflare.com",
"classification":"wellknown",
"reasons":["The brand 'Cloudflare' is a well-known internet security and performance company.",
"The URL 'ceo-pdf.com' does not match the legitimate domain 'cloudflare.com'.",
"The domain 'ceo-pdf.com' does not have any clear association with Cloudflare.",
"The presence of a generic input field 'Verify you are human' is often used in phishing sites to appear legitimate.",
"The URL 'ceo-pdf.com' is suspicious as it does not relate to Cloudflare's services or typical domain structure."],
"brand_matches":[false],
"url_match":false,
"brand_input":"Cloudflare",
"input_fields":"Verify you are human"}