app.mailgun.com.4134.butcha.nl

Summary

This website contacted 1 IPs in 2 countries across 3 domains to perform 7 HTTP transactions. The main IP is 37.120.206.78, located in Bucharest, Romania and belongs to M247, GB. The main domain is app.mailgun.com.4134.butcha.nl.

This is the only time app.mailgun.com.4134.butcha.nl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Mailgun (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	167.89.115.121 167.89.115.121	11377 (SENDGRID) (SENDGRID)
1 8	37.120.206.78 37.120.206.78	9009 (M247) (M247)
7	1

1 167.89.115.121 (United States) 1 redirects

ASN11377 (SENDGRID, US)
PTR: o16789115x121.outbound-mail.sendgrid.net

u723073.ct.sendgrid.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 37.120.206.78 (Bucharest, Romania) 1 redirects

ASN9009 (M247, GB)

app.mailgun.com.4134.butcha.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.mailgun.com.4134.butcha.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	butcha.nl app.mailgun.com.4134.butcha.nl	171 KB
1	butcha.net 1 redirects app.mailgun.com.4134.butcha.net	347 B
1	sendgrid.net 1 redirects u723073.ct.sendgrid.net	374 B
7	3

	Domain	Requested by
7	app.mailgun.com.4134.butcha.nl	app.mailgun.com.4134.butcha.nl
1	app.mailgun.com.4134.butcha.net	1 redirects
1	u723073.ct.sendgrid.net	1 redirects
7	3

This site contains links to these domains. Also see Links.

Domain
login.mailgun.com
signup.mailgun.com
www.mailgun.com
help.mailgun.com
twitter.com

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://app.mailgun.com.4134.butcha.nl/en/3/39075e5512458891ec23812830cff04c/33ddfb75c923326076da6e11207e3b4b/25f8f4cad48078f905cda07c404a7137
Frame ID: 4D0AD58607CB2F759673DEB7893B1C0C
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://u723073.ct.sendgrid.net/ls/click?upn=5l0xgWif4A2Z8PYb98HgfkzpkOz3eeKJmzyQTJ0FoKQWjM8sGO3ODiRGYR2eEra... HTTP 302
http://app.mailgun.com.4134.butcha.net/c4ca4238a0b923820dcc509a6f75849b/a4eb8602edcedb0cc5e3c9492569947b/39075e5512... HTTP 302
http://app.mailgun.com.4134.butcha.nl/en/3/39075e5512458891ec23812830cff04c/33ddfb75c923326076da6e11207e3b4b/25f8f... Page URL

Detected technologies

CentOS (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /CentOS/i

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link [^>]+(?:\/([\d.]+)\/)?animate\.(?:min\.)?css/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

7
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

1
IPs

2
Countries

171 kB
Transfer

170 kB
Size

0
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://login.mailgun.com/recovery/new
Title: Forgot password?

Search URL Search Domain Scan URL

URL: https://signup.mailgun.com/
Title: Sign up Here

Search URL Search Domain Scan URL

URL: https://www.mailgun.com/terms
Title: Terms of service

Search URL Search Domain Scan URL

URL: https://www.mailgun.com/privacy-policy
Title: Privacy policy

Search URL Search Domain Scan URL

URL: https://www.mailgun.com/jobs
Title: Jobs

Search URL Search Domain Scan URL

URL: http://help.mailgun.com/
Title: Help center

Search URL Search Domain Scan URL

URL: https://www.mailgun.com/blog
Title: Blog

Search URL Search Domain Scan URL

URL: https://www.mailgun.com/team
Title: Team

Search URL Search Domain Scan URL

URL: http://twitter.com/Mail_Gun
Title: Twitter

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://u723073.ct.sendgrid.net/ls/click?upn=5l0xgWif4A2Z8PYb98HgfkzpkOz3eeKJmzyQTJ0FoKQWjM8sGO3ODiRGYR2eEraJLxtk-2Bl6GiBr6N2mXvh1SHNO9ks29mojVJ3JIqMutHzclU-2B-2F8aWhNSaym2ZndXiNcCK2W0L4HpcNQLDfHM1-2FJBLaI5qxPtGT1rz67MqoOeey-2FcRB-2FYpYTmH3xZJWp0-2F8JJ582DfxS6GjpMTi-2F96FdwwKON3Xt3zLETY5p2JKGMho2B4lQxNnW3qKuMwmBtd2tlW-R_7jr05Bs9CFIjRmKLu606UujYJzxW6Lryp5i0PB-2FZRFrNC-2FJbdk-2B3XRNjeOuMgXDMk9L8532GFrNXyUktRS9qDanezWd2LWYx318-2Fiqi2KkG5qrPO842vXva2-2F0-2BI5Y6Fes2aAq1g8WaXzywY917U-2Fh4sBymnlT0Ygp8Mq31mOFv2ylm11ijRJsQYBu7Jh92ugsbBJmnPQLZUOYmDkrqSmueU3m9UqWCVQa-2FKXVp3KMw-3D HTTP 302
http://app.mailgun.com.4134.butcha.net/c4ca4238a0b923820dcc509a6f75849b/a4eb8602edcedb0cc5e3c9492569947b/39075e5512458891ec23812830cff04c/ffc5e01f578535fd6f95f889cb31939d HTTP 302
http://app.mailgun.com.4134.butcha.nl/en/3/39075e5512458891ec23812830cff04c/33ddfb75c923326076da6e11207e3b4b/25f8f4cad48078f905cda07c404a7137 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request 25f8f4cad48078f905cda07c404a7137 Show response app.mailgun.com.4134.butcha.nl/en/3/39075e5512458891ec23812830cff04c/33ddfb75c923326076da6e11207e3b4b/ Redirect Chain https://u723073.ct.sendgrid.net/ls/click?upn=5l0xgWif4A2Z8PYb98HgfkzpkOz3eeKJmzyQTJ0FoKQWjM8sGO3ODiRGYR2eEraJLxtk-2Bl6GiBr6N2mXvh1SHNO9ks29mojVJ3JIqMutHzclU-2B-2F8aWhNSaym2ZndXiNcCK2W0L4HpcNQLDfHM1... http://app.mailgun.com.4134.butcha.net/c4ca4238a0b923820dcc509a6f75849b/a4eb8602edcedb0cc5e3c9492569947b/39075e5512458891ec23812830cff04c/ffc5e01f578535fd6f95f889cb31939d http://app.mailgun.com.4134.butcha.nl/en/3/39075e5512458891ec23812830cff04c/33ddfb75c923326076da6e11207e3b4b/25f8f4cad48078f905cda07c404a7137	10 KB 11 KB	182ms 137ms	Document text/html	37.120.206.78 M247
General Check archive.org Show headers Download Go to Full URL http://app.mailgun.com.4134.butcha.nl/en/3/39075e5512458891ec23812830cff04c/33ddfb75c923326076da6e11207e3b4b/25f8f4cad48078f905cda07c404a7137 Protocol HTTP/1.1 Server 37.120.206.78 Bucharest, Romania, ASN9009 (M247, GB), Reverse DNS Software Apache/2.2.15 (CentOS) / PHP/5.3.3 Resource Hash `9fbb43a807af3f38dba687ba5a94dc42d42c4caf5b98450bbd762a02311a13aa` Request headers Host app.mailgun.com.4134.butcha.nl Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 23 Oct 2020 20:38:57 GMT Server Apache/2.2.15 (CentOS) X-Powered-By PHP/5.3.3 Connection close Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Redirect headers Date Fri, 23 Oct 2020 20:38:57 GMT Server Apache/2.2.15 (CentOS) X-Powered-By PHP/5.3.3 Location http://app.mailgun.com.4134.butcha.nl/en/3/39075e5512458891ec23812830cff04c/33ddfb75c923326076da6e11207e3b4b/25f8f4cad48078f905cda07c404a7137 Content-Length 0 Connection close Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	animate.min.css app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/	57 KB 57 KB	205ms 174ms	Stylesheet text/css	37.120.206.78 M247
General Check archive.org Show headers Download Go to Full URL http://app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/animate.min.css Requested by Host: app.mailgun.com.4134.butcha.nl URL: http://app.mailgun.com.4134.butcha.nl/en/3/39075e5512458891ec23812830cff04c/33ddfb75c923326076da6e11207e3b4b/25f8f4cad48078f905cda07c404a7137 Protocol HTTP/1.1 Server 37.120.206.78 Bucharest, Romania, ASN9009 (M247, GB), Reverse DNS Software Apache/2.2.15 (CentOS) / Resource Hash `3c770e90f98eb21b0c042fafb49755af93306fbaf42e449524f94fae9fc83295` Request headers Referer http://app.mailgun.com.4134.butcha.nl/en/3/39075e5512458891ec23812830cff04c/33ddfb75c923326076da6e11207e3b4b/25f8f4cad48078f905cda07c404a7137 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 23 Oct 2020 20:38:57 GMT Last-Modified Tue, 08 Oct 2019 17:13:49 GMT Server Apache/2.2.15 (CentOS) ETag "400c9-e311-594694aaecd40" Content-Type text/css Connection close Accept-Ranges bytes Content-Length 58129
GET H/1.1	200 OK	style.css app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/	6 KB 7 KB	196ms 165ms	Stylesheet text/css	37.120.206.78 M247
General Check archive.org Show headers Download Go to Full URL http://app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/style.css?v=1.0.0 Requested by Host: app.mailgun.com.4134.butcha.nl URL: http://app.mailgun.com.4134.butcha.nl/en/3/39075e5512458891ec23812830cff04c/33ddfb75c923326076da6e11207e3b4b/25f8f4cad48078f905cda07c404a7137 Protocol HTTP/1.1 Server 37.120.206.78 Bucharest, Romania, ASN9009 (M247, GB), Reverse DNS Software Apache/2.2.15 (CentOS) / Resource Hash `824f0244a925128825fb4b73920ffc4edf9f02db39520db886ff1886455f023b` Request headers Referer http://app.mailgun.com.4134.butcha.nl/en/3/39075e5512458891ec23812830cff04c/33ddfb75c923326076da6e11207e3b4b/25f8f4cad48078f905cda07c404a7137 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 23 Oct 2020 20:38:57 GMT Last-Modified Tue, 08 Oct 2019 17:14:24 GMT Server Apache/2.2.15 (CentOS) ETag "400cf-1952-594694cc4dc00" Content-Type text/css Connection close Accept-Ranges bytes Content-Length 6482
GET H/1.1	200 OK	logo.svg app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/	3 KB 3 KB	197ms 166ms	Image image/svg+xml	37.120.206.78 M247
General Check archive.org Show headers Download Go to Show image Full URL http://app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/logo.svg Requested by Host: app.mailgun.com.4134.butcha.nl URL: http://app.mailgun.com.4134.butcha.nl/en/3/39075e5512458891ec23812830cff04c/33ddfb75c923326076da6e11207e3b4b/25f8f4cad48078f905cda07c404a7137 Protocol HTTP/1.1 Server 37.120.206.78 Bucharest, Romania, ASN9009 (M247, GB), Reverse DNS Software Apache/2.2.15 (CentOS) / Resource Hash `0cb6073e831562296a2e8f3d1d7ce806012be39c2110dd42fa213d86d65c65c9` Request headers Referer http://app.mailgun.com.4134.butcha.nl/en/3/39075e5512458891ec23812830cff04c/33ddfb75c923326076da6e11207e3b4b/25f8f4cad48078f905cda07c404a7137 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 23 Oct 2020 20:38:57 GMT Last-Modified Tue, 08 Oct 2019 17:15:23 GMT Server Apache/2.2.15 (CentOS) ETag "400ce-ab2-59469504920c0" Content-Type image/svg+xml Connection close Accept-Ranges bytes Content-Length 2738
GET H/1.1	200 OK	jquery.min.js Show response app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/	94 KB 94 KB	202ms 171ms	Script text/javascript	37.120.206.78 M247
General Check archive.org Show headers Download Go to Full URL http://app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/jquery.min.js Requested by Host: app.mailgun.com.4134.butcha.nl URL: http://app.mailgun.com.4134.butcha.nl/en/3/39075e5512458891ec23812830cff04c/33ddfb75c923326076da6e11207e3b4b/25f8f4cad48078f905cda07c404a7137 Protocol HTTP/1.1 Server 37.120.206.78 Bucharest, Romania, ASN9009 (M247, GB), Reverse DNS Software Apache/2.2.15 (CentOS) / Resource Hash `100a135d8e7d5ebf1fe83b0b16da1d8d8b2321acdc4d5c24a1f9a7df53b23cf1` Request headers Referer http://app.mailgun.com.4134.butcha.nl/en/3/39075e5512458891ec23812830cff04c/33ddfb75c923326076da6e11207e3b4b/25f8f4cad48078f905cda07c404a7137 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 23 Oct 2020 20:38:57 GMT Last-Modified Tue, 08 Oct 2019 17:35:48 GMT Server Apache/2.2.15 (CentOS) ETag "400cd-176bd-59469994d2500" Content-Type text/javascript Connection close Accept-Ranges bytes Content-Length 95933
GET H/1.1	404 Not Found	blue_bg.png app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/	328 B 328 B	1163ms 133ms	Image text/html	37.120.206.78 M247
General Check archive.org Show headers Download Go to Show image Full URL http://app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/blue_bg.png Requested by Host: app.mailgun.com.4134.butcha.nl URL: http://app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/style.css?v=1.0.0 Protocol HTTP/1.1 Server 37.120.206.78 Bucharest, Romania, ASN9009 (M247, GB), Reverse DNS Software Apache/2.2.15 (CentOS) / Resource Hash `d1b460ef4f053fde665e2ada9bf25e2eada9f14c9d9259b60fc4b171d29cdbdb` Request headers Referer http://app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/style.css?v=1.0.0 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 23 Oct 2020 20:38:59 GMT Server Apache/2.2.15 (CentOS) Connection close Content-Length 328 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	inter.woff app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/	0 0	172ms 139ms	Font text/html	37.120.206.78 M247
General Check archive.org Show headers Download Go to Full URL http://app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/inter.woff Requested by Host: app.mailgun.com.4134.butcha.nl URL: http://app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/style.css?v=1.0.0 Protocol HTTP/1.1 Server 37.120.206.78 Bucharest, Romania, ASN9009 (M247, GB), Reverse DNS Software Apache/2.2.15 (CentOS) / Resource Hash Request headers Origin http://app.mailgun.com.4134.butcha.nl Referer http://app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/style.css?v=1.0.0 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 23 Oct 2020 20:38:58 GMT Server Apache/2.2.15 (CentOS) Connection close Content-Length 327 Content-Type text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Mailgun (Online)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.mailgun.com.4134.butcha.net
app.mailgun.com.4134.butcha.nl
u723073.ct.sendgrid.net
167.89.115.121
37.120.206.78
0cb6073e831562296a2e8f3d1d7ce806012be39c2110dd42fa213d86d65c65c9
100a135d8e7d5ebf1fe83b0b16da1d8d8b2321acdc4d5c24a1f9a7df53b23cf1
3c770e90f98eb21b0c042fafb49755af93306fbaf42e449524f94fae9fc83295
824f0244a925128825fb4b73920ffc4edf9f02db39520db886ff1886455f023b
9fbb43a807af3f38dba687ba5a94dc42d42c4caf5b98450bbd762a02311a13aa
d1b460ef4f053fde665e2ada9bf25e2eada9f14c9d9259b60fc4b171d29cdbdb

app.mailgun.com.4134.butcha.nl Open in urlscan Pro 37.120.206.78 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

0 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

1 IPs

2 Countries

171 kBTransfer

170 kBSize

0 Cookies

9 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

18 JavaScript Global Variables

0 Cookies

Indicators

app.mailgun.com.4134.butcha.nl Open in urlscan Pro
37.120.206.78 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

1
IPs

2
Countries

171 kB
Transfer

170 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!