False Positive | account.docusign.com

[PeterDaveHello]

What are the subjects of the false-positive (domains, URLs, or IPs)?

account.docusign.com

Why do you believe this is a false-positive?

You can verify that docusign.com is the primary domain of the famous Docusign, Inc. software company, headquartered in San Francisco. account.docusign.com is the domain of there login and account management related pages, e.g. https://account.docusign.com/oauth/auth

How did you discover this false-positive(s)?

Other (Please fill out the next box)

Where did you find this false-positive if not listed above?

By my own?

Have you requested a review from other sources?

I didn't see it been blocked by any others yet.

Do you have a screenshot?

Additional Information or Context

[phishing-database-bot]

Verification Required

@PeterDaveHello, thank you for submitting a false positive report! To help us verify your ownership of the affected domain(s), please complete the following steps:

1. Set a DNS TXT record for the domain(s) listed in this issue with the following details:

   • Record Name: _phishingdb
   • Record Value: antiphish-4afe78f4bb029b266148dd56161301a17781053a

   Your Verification ID: antiphish-4afe78f4bb029b266148dd56161301a17781053a

2. Wait for DNS propagation (this may take a few minutes to a few hours).

3. Reply to this issue once the TXT record has been set.

Important Notes

• Verification does not guarantee whitelisting. The Phishing.Database team will review your report after verifying ownership, but the decision to whitelist depends on further investigation and analysis.
• If the record cannot be set or you need alternative methods of verification, please contact us at [email protected] - preferably from the domain's official email address.

How to Check the TXT Record ?

You can verify that the TXT record is properly set using:

• Online tools like MXToolBox TXT Lookup.
• The command line:

  dig TXT _phishingdb.example.com
  

Thank you for your cooperation! We will address your issue as soon as possible after verification.

The Phishing.Database Project Team.

[phishing-database-bot]

Verification Required

@PeterDaveHello, thank you for submitting a false positive report! To help us verify your ownership of the affected domain(s), please complete the following steps:

1. Set a DNS TXT record for the domain(s) listed in this issue with the following details:

   • Record Name: _phishingdb
   • Record Value: antiphish-4afe78f4bb029b266148dd56161301a17781053a

   Your Verification ID: antiphish-4afe78f4bb029b266148dd56161301a17781053a

2. Wait for DNS propagation (this may take a few minutes to a few hours).

3. Reply to this issue once the TXT record has been set.

Important Notes

• Verification does not guarantee whitelisting. The Phishing.Database team will review your report after verifying ownership, but the decision to whitelist depends on further investigation and analysis.
• If the record cannot be set or you need alternative methods of verification, please contact us at [email protected] - preferably from the domain's official email address.

How to Check the TXT Record ?

You can verify that the TXT record is properly set using:

• Online tools like MXToolBox TXT Lookup.
• The command line:

  dig TXT _phishingdb.example.com
  

Thank you for your cooperation! We will address your issue as soon as possible after verification.

The Phishing.Database Project Team.

[PeterDaveHello]

I don't own the domain 😅

[phishing-database-bot]

Closing.

Subject(s) not found in the Phishing.Database project: 185.81.100.110, 9.9.9.9, 185.81.100.109, 185.81.101.109, 193.110.81.0, 156.154.70.2, dns0.eu, 64.207.217.76, 94.140.14.140, 195.46.39.39, 193.110.81.254, 9.9.9.10, 185.81.101.110, 64.6.64.6, 95.85.95.85, 64.207.217.77, 94.140.14.14, 192.165.9.157, docusign.com, 185.81.100.108, 76.76.2.1, 101.101.101.101, 1.1.1.2, 8.26.56.26, 1.1.1.1, 64.207.218.77, 8.8.8.8, 188.166.206.224, 64.207.216.77, 64.207.216.75, 185.228.168.9, 208.67.222.222, 77.88.8.1, 77.88.8.2, 76.76.2.2, dnsforge.de, 168.95.1.1, 176.9.93.198, 208.67.222.2.

-- We appreciate your help in refining this. Please let us know if anything seems incorrect.

[phishing-database-bot]

Closing.

Subject(s) not found in the Phishing.Database project: 176.9.93.198, 64.207.217.77, 94.140.14.14, 195.46.39.39, 64.207.216.75, 76.76.2.2, 185.81.100.110, 193.110.81.0, 188.166.206.224, 94.140.14.140, 64.207.217.76, 1.1.1.2, 9.9.9.9, dns0.eu, 185.81.101.110, 95.85.95.85, 156.154.70.2, 76.76.2.1, 208.67.222.222, 64.6.64.6, 8.8.8.8, 9.9.9.10, 193.110.81.254, 185.81.101.109, 168.95.1.1, dnsforge.de, 8.26.56.26, 101.101.101.101, 185.228.168.9, docusign.com, 77.88.8.2, 1.1.1.1, 64.207.218.77, 185.81.100.109, 77.88.8.1, 208.67.222.2, 185.81.100.108, 192.165.9.157, 64.207.216.77.

-- We appreciate your help in refining this. Please let us know if anything seems incorrect.

[phishing-database-bot]

Closing.

Subject(s) not found in the Phishing.Database project: 76.76.2.1, 208.67.222.222, 64.207.217.77, 176.9.93.198, 192.165.9.157, 185.228.168.9, 64.207.218.77, 1.1.1.1, 64.6.64.6, 101.101.101.101, 8.26.56.26, docusign.com, 95.85.95.85, 185.81.100.109, 9.9.9.10, 8.8.8.8, 64.207.216.77, 193.110.81.254, 1.1.1.2, 193.110.81.0, 156.154.70.2, 94.140.14.14, 94.140.14.140, 188.166.206.224, 195.46.39.39, 77.88.8.1, 76.76.2.2, 185.81.101.110, 185.81.100.108, 64.207.217.76, 77.88.8.2, 208.67.222.2, 185.81.100.110, 9.9.9.9, dns0.eu, 64.207.216.75, dnsforge.de, 185.81.101.109, 168.95.1.1.

-- We appreciate your help in refining this. Please let us know if anything seems incorrect.

[PeterDaveHello]

@funilrys @mitchellkrogza I need your help here 😅

[phishing-database-bot]

Closing.

Subject(s) not found in the Phishing.Database project: 185.81.100.110, docusign.com, 208.67.222.222, 64.207.217.77, 1.1.1.2, 76.76.2.2, dns0.eu, 64.6.64.6, 76.76.2.1, 94.140.14.14, 77.88.8.1, 1.1.1.1, 64.207.217.76, 94.140.14.140, 208.67.222.2, 64.207.216.77, 185.228.168.9, 193.110.81.254, dnsforge.de, 64.207.216.75, 195.46.39.39, 156.154.70.2, 95.85.95.85, 185.81.100.109, 8.8.8.8, 192.165.9.157, 168.95.1.1, 185.81.101.110, 193.110.81.0, 8.26.56.26, 185.81.101.109, 64.207.218.77, 185.81.100.108, 9.9.9.9, 9.9.9.10, 188.166.206.224, 176.9.93.198, 77.88.8.2, 101.101.101.101.

-- We appreciate your help in refining this. Please let us know if anything seems incorrect.

[phishing-database-bot]

Closing.

Subject(s) not found in the Phishing.Database project: 193.110.81.0, 188.166.206.224, 1.1.1.1, 76.76.2.1, 101.101.101.101, docusign.com, 195.46.39.39, 9.9.9.9, 192.165.9.157, 95.85.95.85, 185.228.168.9, 64.207.217.77, 76.76.2.2, 64.207.218.77, 77.88.8.2, 208.67.222.2, 156.154.70.2, 8.8.8.8, 77.88.8.1, 185.81.100.108, 64.207.217.76, 185.81.100.109, 64.6.64.6, 1.1.1.2, 185.81.101.109, 9.9.9.10, dns0.eu, 94.140.14.140, 168.95.1.1, 185.81.101.110, 176.9.93.198, 64.207.216.75, dnsforge.de, 193.110.81.254, 64.207.216.77, 185.81.100.110, 94.140.14.14, 208.67.222.222, 8.26.56.26.

-- We appreciate your help in refining this. Please let us know if anything seems incorrect.

[phishing-database-bot]

Closing.

Subject(s) not found in the Phishing.Database project: 168.95.1.1, 185.81.100.110, 193.110.81.0, 76.76.2.2, 176.9.93.198, 64.207.218.77, 101.101.101.101, 185.81.101.110, 192.165.9.157, 208.67.222.2, 64.207.217.77, 188.166.206.224, 64.207.216.75, 77.88.8.2, dnsforge.de, 185.81.100.109, 185.81.101.109, 1.1.1.1, 9.9.9.10, 8.8.8.8, 77.88.8.1, 94.140.14.140, 1.1.1.2, 193.110.81.254, account.docusign.com, 64.6.64.6, docusign.com, 156.154.70.2, 185.228.168.9, 64.207.217.76, 8.26.56.26, 9.9.9.9, 94.140.14.14, 95.85.95.85, 76.76.2.1, dns0.eu, 185.81.100.108, 195.46.39.39, 64.207.216.77, 208.67.222.222.

-- We appreciate your help in refining this. Please let us know if anything seems incorrect.

[phishing-database-bot]

Closing.

Subject(s) not found in the Phishing.Database project: 9.9.9.10, 95.85.95.85, 193.110.81.254, 64.207.216.75, 185.81.100.109, 64.207.217.76, dns0.eu, 185.81.100.110, 76.76.2.1, 1.1.1.2, docusign.com, account.docusign.com, 1.1.1.1, 156.154.70.2, 208.67.222.2, 8.26.56.26, 101.101.101.101, 185.81.100.108, dnsforge.de, 94.140.14.140, 64.207.216.77, 195.46.39.39, 64.207.218.77, 76.76.2.2, 77.88.8.1, 8.8.8.8, 77.88.8.2, 185.81.101.109, 64.207.217.77, 94.140.14.14, 185.81.101.110, 185.228.168.9, 208.67.222.222, 168.95.1.1, 176.9.93.198, 192.165.9.157, 64.6.64.6, 9.9.9.9, 188.166.206.224, 193.110.81.0.

-- We appreciate your help in refining this. Please let us know if anything seems incorrect.

[PeterDaveHello]

I have to remove the additional context from the main comment, and see if this will prevent the bot behavior...

Multi DNS resolving result using my side project chkdomain, it's not blocked by any of them:

$ ./chkdm account.docusign.com
You are checking domain: account.docusign.com

Running dig/nslookup over 10 nofilter DNS:
 - AdGuard (94.140.14.140) ... OK! (account-geo.docusign.com.akadns.net. account-na.docusign.com.akadns.net. 64.207.216.77)
 - Cloudflare (1.1.1.1) ... OK! (account-geo.docusign.com.akadns.net. account-na.docusign.com.akadns.net. 64.207.217.76)
 - dns0.eu (193.110.81.254) ... OK! (account-geo.docusign.com.akadns.net. account-eu.docusign.com.akadns.net. 185.81.101.109)
 - Gcore (95.85.95.85) ... OK! (account-geo.docusign.com.akadns.net. account-jp.docusign.com.akadns.net. 185.81.100.110)
 - Google (8.8.8.8) ... OK! (account-geo.docusign.com.akadns.net. account-na.docusign.com.akadns.net. 64.207.217.76)
 - Hinet (168.95.1.1) ... OK! (account-geo.docusign.com.akadns.net. account-na.docusign.com.akadns.net. 64.207.217.76)
 - OpenDNS (208.67.222.2) ... OK! (account-geo.docusign.com.akadns.net. account-jp.docusign.com.akadns.net. 185.81.101.109)
 - Quad9 (9.9.9.10) ... OK! (account-geo.docusign.com.akadns.net. account-na.docusign.com.akadns.net. 64.207.218.77)
 - UltraDNS (64.6.64.6) ... OK! (account-geo.docusign.com.akadns.net. account-na.docusign.com.akadns.net. 64.207.217.76)
 - Yandex (77.88.8.1) ... OK! (account-geo.docusign.com.akadns.net. account-eu.docusign.com.akadns.net. 185.81.101.110)

Running dig/nslookup over 11 secure DNS:
 - CleanBrowsing (185.228.168.9) ... OK! (account-geo.docusign.com.akadns.net. account-jp.docusign.com.akadns.net. 185.81.101.109)
 - Cloudflare (1.1.1.2) ... OK! (account-geo.docusign.com.akadns.net. account-na.docusign.com.akadns.net. 64.207.217.76)
 - Comodo (8.26.56.26) ... OK! (account-geo.docusign.com.akadns.net. account-na.docusign.com.akadns.net. 64.207.217.77)
 - CONTROL D (76.76.2.1) ... OK! (account-geo.docusign.com.akadns.net. account-jp.docusign.com.akadns.net. 185.81.101.109)
 - dns0.eu (193.110.81.0) ... OK! (account-geo.docusign.com.akadns.net. account-eu.docusign.com.akadns.net. 185.81.101.109)
 - OpenDNS (208.67.222.222) ... OK! (account-geo.docusign.com.akadns.net. account-jp.docusign.com.akadns.net. 185.81.100.109)
 - Quad101 (101.101.101.101) ... OK! (account-geo.docusign.com.akadns.net. account-na.docusign.com.akadns.net. 64.207.216.75)
 - Quad9 (9.9.9.9) ... OK! (account-geo.docusign.com.akadns.net. account-na.docusign.com.akadns.net. 64.207.218.77)
 - SafeDNS (195.46.39.39) ... OK! (account-geo.docusign.com.akadns.net. account-jp.docusign.com.akadns.net. 185.81.100.108)
 - UltraDNS (156.154.70.2) ... OK! (account-geo.docusign.com.akadns.net. account-na.docusign.com.akadns.net. 64.207.216.75)
 - Yandex (77.88.8.2) ... OK! (account-geo.docusign.com.akadns.net. account-eu.docusign.com.akadns.net. 185.81.100.109)

Running dig/nslookup over 5 AD(and tracker)-blocking DNS:
 - AdGuard (94.140.14.14) ... OK! (account-geo.docusign.com.akadns.net. account-na.docusign.com.akadns.net. 64.207.218.77)
 - CONTROL D (76.76.2.2) ... OK! (account-geo.docusign.com.akadns.net. account-jp.docusign.com.akadns.net. 185.81.101.109)
 - dnsforge.de (176.9.93.198) ... OK! (account-geo.docusign.com.akadns.net. account-eu.docusign.com.akadns.net. 185.81.100.109)
 - OVPN (192.165.9.157) ... OK! (account-geo.docusign.com.akadns.net. account-eu.docusign.com.akadns.net. 185.81.101.110)
 - Tiarap (188.166.206.224) ... OK! (account-geo.docusign.com.akadns.net. account-na.docusign.com.akadns.net. 64.207.217.76)

[phishing-database-bot]

Closing.

Subject(s) not found in the Phishing.Database project: docusign.com, account.docusign.com.

-- We appreciate your help in refining this. Please let us know if anything seems incorrect.