Phish Impersonating DocuSign
195 domains registered and used for credential phishing
We spotted 195 domains registered and used for credential phishing pulled from a phish impersonating DocuSign using a click thru URL obfuscator.
The initial domain was qi6kd[.]com which showed a google workspace login, off a DocuSign-impersonating email with a link to a malicious site.