app.mailgun.com.325145.basewood.de Open in urlscan Pro
162.244.81.221 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://u14511229.ct.sendgrid.net/ls/click?upn=zFatHV-2BNo6M22Ykti-2BXoJCB23M6VeRqiiZNYqDkfui4pxNkLGTncWWpX08LLm0Q5F1-2BFunEU8VeJ2...
Effective URL:
http://app.mailgun.com.325145.basewood.de/en/3/8b1276c7487b59d7530458f4917d534f/bd3fe9247423c13babd663e49643b036/441767cdd761ff4c2d27d81c5...
Submission: On December 09 via api (December 9th 2020, 3:39:30 pm UTC) from US

Summary HTTP 7 Redirects Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 7 HTTP transactions. The main IP is 162.244.81.221, located in Brooklyn, United States and belongs to SERVERROOM, US. The main domain is app.mailgun.com.325145.basewood.de.

This is the only time app.mailgun.com.325145.basewood.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Mailgun (Online)

Domain & IP information

	IP Address		AS Autonomous System
1 1	167.89.115.121 167.89.115.121		11377 (SENDGRID) (SENDGRID)
1 8	162.244.81.221 162.244.81.221		19624 (SERVERROOM) (SERVERROOM)
7	1

1 167.89.115.121 (United States) 1 redirects

ASN11377 (SENDGRID, US)
PTR: o16789115x121.outbound-mail.sendgrid.net

u14511229.ct.sendgrid.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 162.244.81.221 (Brooklyn, United States) 1 redirects

ASN19624 (SERVERROOM, US)
PTR: 8.8.8.8

app.mailgun.com.4138.basewood.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.mailgun.com.325145.basewood.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	basewood.de 1 redirects app.mailgun.com.4138.basewood.de app.mailgun.com.325145.basewood.de	172 KB
1	sendgrid.net 1 redirects u14511229.ct.sendgrid.net	375 B
7	2

	Domain	Requested by
7	app.mailgun.com.325145.basewood.de	app.mailgun.com.325145.basewood.de
1	app.mailgun.com.4138.basewood.de	1 redirects
1	u14511229.ct.sendgrid.net	1 redirects
7	3

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://app.mailgun.com.325145.basewood.de/en/3/8b1276c7487b59d7530458f4917d534f/bd3fe9247423c13babd663e49643b036/441767cdd761ff4c2d27d81c54c36ed5
Frame ID: 97F9979194E0253E48B7C7CDB042F25B
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://u14511229.ct.sendgrid.net/ls/click?upn=zFatHV-2BNo6M22Ykti-2BXoJCB23M6VeRqiiZNYqDkfui4pxNkLGTncWWpX08L... HTTP 302
http://app.mailgun.com.4138.basewood.de/c4ca4238a0b923820dcc509a6f75849b/cc2f0f031d7ca968da60506db204f059/8b1276c748... HTTP 302
http://app.mailgun.com.325145.basewood.de/en/3/8b1276c7487b59d7530458f4917d534f/bd3fe9247423c13babd663e49643b036/44176... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /php\/?([\d.]+)?/i

CentOS (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /CentOS/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link [^>]+(?:\/([\d.]+)\/)?animate\.(?:min\.)?css/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

7
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

1
IPs

1
Countries

171 kB
Transfer

170 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://u14511229.ct.sendgrid.net/ls/click?upn=zFatHV-2BNo6M22Ykti-2BXoJCB23M6VeRqiiZNYqDkfui4pxNkLGTncWWpX08LLm0Q5F1-2BFunEU8VeJ2ADOMJIBB03S-2FA6ViUe5bq0EPbHiB1EVJAoUew-2FrbZzpI9y2FM4VRo6mskVAxIhd2G0S2Fk2nBc9Hihi9I6-2BGiO9-2BCiygrKTjMQp75zATGV-2FfT2BJ3TRL4fPVDh-2Bi-2BaOfDtrUQfL1KXklsg6EAcYq7PIgLpcw4g5lb2DDnlfpcrC94iEq2jEA_4P_0pg8-2FkkoUjr3xH-2B4BEW7wvHCLg9OM-2FZwH0bT4wwm8ppT8rhn90rBKC7d37pc05okzkLvbytUs7OXIQx-2Bi24y5g87RB0mAxxPvTp4LErkHDfeV2RfRNngm75q5Gz-2Bfi8lL7yd4vTY5lpdtypiDD3h9oeuignbJtePIFx9swkSjOCrd0kO6fefNl84PXOaeaBHu8Gn2JwyWDXu-2FxOBkxkzy9cM0wUM9oYXob8Iq3J38w0-3D HTTP 302
http://app.mailgun.com.4138.basewood.de/c4ca4238a0b923820dcc509a6f75849b/cc2f0f031d7ca968da60506db204f059/8b1276c7487b59d7530458f4917d534f/ffc5e01f578535fd6f95f889cb31939d HTTP 302
http://app.mailgun.com.325145.basewood.de/en/3/8b1276c7487b59d7530458f4917d534f/bd3fe9247423c13babd663e49643b036/441767cdd761ff4c2d27d81c54c36ed5 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request 441767cdd761ff4c2d27d81c54c36ed5 Show response app.mailgun.com.325145.basewood.de/en/3/8b1276c7487b59d7530458f4917d534f/bd3fe9247423c13babd663e49643b036/ Redirect Chain https://u14511229.ct.sendgrid.net/ls/click?upn=zFatHV-2BNo6M22Ykti-2BXoJCB23M6VeRqiiZNYqDkfui4pxNkLGTncWWpX08LLm0Q5F1-2BFunEU8VeJ2ADOMJIBB03S-2FA6ViUe5bq0EPbHiB1EVJAoUew-2FrbZzpI9y2FM4VRo6mskVAxIhd... http://app.mailgun.com.4138.basewood.de/c4ca4238a0b923820dcc509a6f75849b/cc2f0f031d7ca968da60506db204f059/8b1276c7487b59d7530458f4917d534f/ffc5e01f578535fd6f95f889cb31939d http://app.mailgun.com.325145.basewood.de/en/3/8b1276c7487b59d7530458f4917d534f/bd3fe9247423c13babd663e49643b036/441767cdd761ff4c2d27d81c54c36ed5	10 KB 10 KB	258ms 241ms	Document text/html	162.244.81.221 SERVERROOM
General Check archive.org Show headers Download Go to Full URL http://app.mailgun.com.325145.basewood.de/en/3/8b1276c7487b59d7530458f4917d534f/bd3fe9247423c13babd663e49643b036/441767cdd761ff4c2d27d81c54c36ed5 Protocol HTTP/1.1 Server 162.244.81.221 Brooklyn, United States, ASN19624 (SERVERROOM, US), Reverse DNS 8.8.8.8 Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 / PHP/5.4.16 Resource Hash `e526effcc268ff2a113acf5c67f7dcf5ac3c1811e57b5cf03e8f70c1ccc07786` Request headers Host app.mailgun.com.325145.basewood.de Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 09 Dec 2020 15:39:14 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 X-Powered-By PHP/5.4.16 Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Redirect headers Date Wed, 09 Dec 2020 15:39:12 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 X-Powered-By PHP/5.4.16 Location http://app.mailgun.com.325145.basewood.de/en/3/8b1276c7487b59d7530458f4917d534f/bd3fe9247423c13babd663e49643b036/441767cdd761ff4c2d27d81c54c36ed5 Content-Length 0 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	animate.min.css app.mailgun.com.325145.basewood.de/mailgun.com/com/assets/	57 KB 57 KB	144ms 136ms	Stylesheet text/css	162.244.81.221 SERVERROOM
General Check archive.org Show headers Download Go to Full URL http://app.mailgun.com.325145.basewood.de/mailgun.com/com/assets/animate.min.css Requested by Host: app.mailgun.com.325145.basewood.de URL: http://app.mailgun.com.325145.basewood.de/en/3/8b1276c7487b59d7530458f4917d534f/bd3fe9247423c13babd663e49643b036/441767cdd761ff4c2d27d81c54c36ed5 Protocol HTTP/1.1 Server 162.244.81.221 Brooklyn, United States, ASN19624 (SERVERROOM, US), Reverse DNS 8.8.8.8 Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 / Resource Hash `3c770e90f98eb21b0c042fafb49755af93306fbaf42e449524f94fae9fc83295` Request headers Referer http://app.mailgun.com.325145.basewood.de/en/3/8b1276c7487b59d7530458f4917d534f/bd3fe9247423c13babd663e49643b036/441767cdd761ff4c2d27d81c54c36ed5 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 09 Dec 2020 15:39:14 GMT Last-Modified Tue, 08 Oct 2019 17:13:49 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 ETag "e311-594694aaecd40" Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 58129
GET H/1.1	200 OK	style.css app.mailgun.com.325145.basewood.de/mailgun.com/com/assets/	6 KB 7 KB	221ms 206ms	Stylesheet text/css	162.244.81.221 SERVERROOM
General Check archive.org Show headers Download Go to Full URL http://app.mailgun.com.325145.basewood.de/mailgun.com/com/assets/style.css?v=1.0.0 Requested by Host: app.mailgun.com.325145.basewood.de URL: http://app.mailgun.com.325145.basewood.de/en/3/8b1276c7487b59d7530458f4917d534f/bd3fe9247423c13babd663e49643b036/441767cdd761ff4c2d27d81c54c36ed5 Protocol HTTP/1.1 Server 162.244.81.221 Brooklyn, United States, ASN19624 (SERVERROOM, US), Reverse DNS 8.8.8.8 Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 / Resource Hash `824f0244a925128825fb4b73920ffc4edf9f02db39520db886ff1886455f023b` Request headers Referer http://app.mailgun.com.325145.basewood.de/en/3/8b1276c7487b59d7530458f4917d534f/bd3fe9247423c13babd663e49643b036/441767cdd761ff4c2d27d81c54c36ed5 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 09 Dec 2020 15:39:14 GMT Last-Modified Tue, 08 Oct 2019 17:14:24 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 ETag "1952-594694cc4dc00" Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 6482
GET H/1.1	200 OK	logo.svg app.mailgun.com.325145.basewood.de/mailgun.com/com/assets/	3 KB 3 KB	223ms 209ms	Image image/svg+xml	162.244.81.221 SERVERROOM
General Check archive.org Show headers Download Go to Show image Full URL http://app.mailgun.com.325145.basewood.de/mailgun.com/com/assets/logo.svg Requested by Host: app.mailgun.com.325145.basewood.de URL: http://app.mailgun.com.325145.basewood.de/en/3/8b1276c7487b59d7530458f4917d534f/bd3fe9247423c13babd663e49643b036/441767cdd761ff4c2d27d81c54c36ed5 Protocol HTTP/1.1 Server 162.244.81.221 Brooklyn, United States, ASN19624 (SERVERROOM, US), Reverse DNS 8.8.8.8 Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 / Resource Hash `0cb6073e831562296a2e8f3d1d7ce806012be39c2110dd42fa213d86d65c65c9` Request headers Referer http://app.mailgun.com.325145.basewood.de/en/3/8b1276c7487b59d7530458f4917d534f/bd3fe9247423c13babd663e49643b036/441767cdd761ff4c2d27d81c54c36ed5 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 09 Dec 2020 15:39:14 GMT Last-Modified Tue, 08 Oct 2019 17:15:23 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 ETag "ab2-59469504920c0" Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 2738
GET H/1.1	200 OK	jquery.min.js Show response app.mailgun.com.325145.basewood.de/mailgun.com/com/assets/	94 KB 94 KB	222ms 207ms	Script application/javascript	162.244.81.221 SERVERROOM
General Check archive.org Show headers Download Go to Full URL http://app.mailgun.com.325145.basewood.de/mailgun.com/com/assets/jquery.min.js Requested by Host: app.mailgun.com.325145.basewood.de URL: http://app.mailgun.com.325145.basewood.de/en/3/8b1276c7487b59d7530458f4917d534f/bd3fe9247423c13babd663e49643b036/441767cdd761ff4c2d27d81c54c36ed5 Protocol HTTP/1.1 Server 162.244.81.221 Brooklyn, United States, ASN19624 (SERVERROOM, US), Reverse DNS 8.8.8.8 Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 / Resource Hash `100a135d8e7d5ebf1fe83b0b16da1d8d8b2321acdc4d5c24a1f9a7df53b23cf1` Request headers Referer http://app.mailgun.com.325145.basewood.de/en/3/8b1276c7487b59d7530458f4917d534f/bd3fe9247423c13babd663e49643b036/441767cdd761ff4c2d27d81c54c36ed5 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 09 Dec 2020 15:39:14 GMT Last-Modified Tue, 08 Oct 2019 17:35:48 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 ETag "176bd-59469994d2500" Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 95933
GET H/1.1	404 Not Found	blue_bg.png app.mailgun.com.325145.basewood.de/mailgun.com/com/assets/	232 B 232 B	136ms 135ms	Image text/html	162.244.81.221 SERVERROOM
General Check archive.org Show headers Download Go to Show image Full URL http://app.mailgun.com.325145.basewood.de/mailgun.com/com/assets/blue_bg.png Requested by Host: app.mailgun.com.325145.basewood.de URL: http://app.mailgun.com.325145.basewood.de/mailgun.com/com/assets/style.css?v=1.0.0 Protocol HTTP/1.1 Server 162.244.81.221 Brooklyn, United States, ASN19624 (SERVERROOM, US), Reverse DNS 8.8.8.8 Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 / Resource Hash `04fd8e6022b76e4d4402996402862308907058cc73da102ee469c132d5beac76` Request headers Referer http://app.mailgun.com.325145.basewood.de/mailgun.com/com/assets/style.css?v=1.0.0 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 09 Dec 2020 15:39:14 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 232 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	inter.woff app.mailgun.com.325145.basewood.de/mailgun.com/com/assets/	0 0	135ms 134ms	Font text/html	162.244.81.221 SERVERROOM
General Check archive.org Show headers Download Go to Full URL http://app.mailgun.com.325145.basewood.de/mailgun.com/com/assets/inter.woff Requested by Host: app.mailgun.com.325145.basewood.de URL: http://app.mailgun.com.325145.basewood.de/mailgun.com/com/assets/style.css?v=1.0.0 Protocol HTTP/1.1 Server 162.244.81.221 Brooklyn, United States, ASN19624 (SERVERROOM, US), Reverse DNS 8.8.8.8 Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 / Resource Hash Request headers Origin http://app.mailgun.com.325145.basewood.de Referer http://app.mailgun.com.325145.basewood.de/mailgun.com/com/assets/style.css?v=1.0.0 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 09 Dec 2020 15:39:14 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 Connection Keep-Alive Keep-Alive timeout=5, max=98 Content-Length 231 Content-Type text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Mailgun (Online)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| showMessage object| date string| currentStepSelector function| qriousOpts function| nextStep function| showError function| next function| currentStep function| checkUsername function| checkPassword function| getSecretFromOTP function| complete2fa function| check2fa function| confirm2fa function| post

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.mailgun.com.325145.basewood.de
app.mailgun.com.4138.basewood.de
u14511229.ct.sendgrid.net
162.244.81.221
167.89.115.121
04fd8e6022b76e4d4402996402862308907058cc73da102ee469c132d5beac76
0cb6073e831562296a2e8f3d1d7ce806012be39c2110dd42fa213d86d65c65c9
100a135d8e7d5ebf1fe83b0b16da1d8d8b2321acdc4d5c24a1f9a7df53b23cf1
3c770e90f98eb21b0c042fafb49755af93306fbaf42e449524f94fae9fc83295
824f0244a925128825fb4b73920ffc4edf9f02db39520db886ff1886455f023b
e526effcc268ff2a113acf5c67f7dcf5ac3c1811e57b5cf03e8f70c1ccc07786