app.mailgun.com.4134.butcha.nl

Summary

This website contacted 1 IPs in 2 countries across 3 domains to perform 7 HTTP transactions. The main IP is 37.120.206.78, located in Bucharest, Romania and belongs to M247, GB. The main domain is app.mailgun.com.4134.butcha.nl.

This is the only time app.mailgun.com.4134.butcha.nl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Mailgun (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	167.89.118.35 167.89.118.35	11377 (SENDGRID) (SENDGRID)
1 8	37.120.206.78 37.120.206.78	9009 (M247) (M247)
7	1

1 167.89.118.35 (United States) 1 redirects

ASN11377 (SENDGRID, US)
PTR: o16789118x35.outbound-mail.sendgrid.net

u723073.ct.sendgrid.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 37.120.206.78 (Bucharest, Romania) 1 redirects

ASN9009 (M247, GB)

app.mailgun.com.4134.butcha.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.mailgun.com.4134.butcha.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	butcha.nl app.mailgun.com.4134.butcha.nl	171 KB
1	butcha.net 1 redirects app.mailgun.com.4134.butcha.net	347 B
1	sendgrid.net 1 redirects u723073.ct.sendgrid.net	374 B
7	3

	Domain	Requested by
7	app.mailgun.com.4134.butcha.nl	app.mailgun.com.4134.butcha.nl
1	app.mailgun.com.4134.butcha.net	1 redirects
1	u723073.ct.sendgrid.net	1 redirects
7	3

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://app.mailgun.com.4134.butcha.nl/en/3/bbcc5a3794aa63c01e067c8ceb61e54f/1249c22a9737e2eb822564a1a3bceb84/498ddafa91279b185c16eb3dfbad903f
Frame ID: 321E47DC3687A9587D50A63939792A52
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://u723073.ct.sendgrid.net/ls/click?upn=5l0xgWif4A2Z8PYb98HgfkzpkOz3eeKJmzyQTJ0FoKQWjM8sGO3ODiRGYR2eEra... HTTP 302
http://app.mailgun.com.4134.butcha.net/c4ca4238a0b923820dcc509a6f75849b/a4eb8602edcedb0cc5e3c9492569947b/bbcc5a3794... HTTP 302
http://app.mailgun.com.4134.butcha.nl/en/3/bbcc5a3794aa63c01e067c8ceb61e54f/1249c22a9737e2eb822564a1a3bceb84/498dd... Page URL

Detected technologies

CentOS (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /CentOS/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

7
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

1
IPs

2
Countries

171 kB
Transfer

170 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://u723073.ct.sendgrid.net/ls/click?upn=5l0xgWif4A2Z8PYb98HgfkzpkOz3eeKJmzyQTJ0FoKQWjM8sGO3ODiRGYR2eEraJLxtk-2Bl6GiBr6N2mXvh1SHNO9ks29mojVJ3JIqMutHzclU-2B-2F8aWhNSaym2ZndXiNcCK2W0L4HpcNQLDfHM1-2FJBOoSkafYKRMdhGToRF1HWZiDJ8cYfJJOPGEJEwCY-2BdVwWpdQ7RtLlxgivByAvGRZspY3oySxGdis6avy0bAqoH-2FBRPF8NjK-2FkpAwfodxnWuGR4Cm_JI-2FduFhACLSuPXb-2BQomH8i9z1ueTyDyinoUYJmGxvaUg9aPKvWHGYyi7fUJe8C4IbVf96fwowxXGwRa2atMajEnfmgfIp-2FbetfBWMJXeaTJQBBrJOn-2F0GH-2Bb8g6LcO-2F10Qkm2IDYe7lpa9ruo2pK0NAg1XO0TQQkh-2BJWQYgTm3h0aPTqVWJMrWr1aSWNNdeS9ErHup40MsyzqlXm2pl2NQ-3D-3D HTTP 302
http://app.mailgun.com.4134.butcha.net/c4ca4238a0b923820dcc509a6f75849b/a4eb8602edcedb0cc5e3c9492569947b/bbcc5a3794aa63c01e067c8ceb61e54f/ffc5e01f578535fd6f95f889cb31939d HTTP 302
http://app.mailgun.com.4134.butcha.nl/en/3/bbcc5a3794aa63c01e067c8ceb61e54f/1249c22a9737e2eb822564a1a3bceb84/498ddafa91279b185c16eb3dfbad903f Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request 498ddafa91279b185c16eb3dfbad903f Show response app.mailgun.com.4134.butcha.nl/en/3/bbcc5a3794aa63c01e067c8ceb61e54f/1249c22a9737e2eb822564a1a3bceb84/ Redirect Chain https://u723073.ct.sendgrid.net/ls/click?upn=5l0xgWif4A2Z8PYb98HgfkzpkOz3eeKJmzyQTJ0FoKQWjM8sGO3ODiRGYR2eEraJLxtk-2Bl6GiBr6N2mXvh1SHNO9ks29mojVJ3JIqMutHzclU-2B-2F8aWhNSaym2ZndXiNcCK2W0L4HpcNQLDfHM1... http://app.mailgun.com.4134.butcha.net/c4ca4238a0b923820dcc509a6f75849b/a4eb8602edcedb0cc5e3c9492569947b/bbcc5a3794aa63c01e067c8ceb61e54f/ffc5e01f578535fd6f95f889cb31939d http://app.mailgun.com.4134.butcha.nl/en/3/bbcc5a3794aa63c01e067c8ceb61e54f/1249c22a9737e2eb822564a1a3bceb84/498ddafa91279b185c16eb3dfbad903f	10 KB 11 KB	263ms 178ms	Document text/html	37.120.206.78 M247
General Check archive.org Show headers Download Go to Full URL http://app.mailgun.com.4134.butcha.nl/en/3/bbcc5a3794aa63c01e067c8ceb61e54f/1249c22a9737e2eb822564a1a3bceb84/498ddafa91279b185c16eb3dfbad903f Protocol HTTP/1.1 Server 37.120.206.78 Bucharest, Romania, ASN9009 (M247, GB), Reverse DNS Software Apache/2.2.15 (CentOS) / PHP/5.3.3 Resource Hash `e2b270606ca0bef5a336522750304afafab0d9227944105b26d54cca05724915` Request headers Host app.mailgun.com.4134.butcha.nl Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 23 Oct 2020 19:19:39 GMT Server Apache/2.2.15 (CentOS) X-Powered-By PHP/5.3.3 Connection close Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Redirect headers Date Fri, 23 Oct 2020 19:19:38 GMT Server Apache/2.2.15 (CentOS) X-Powered-By PHP/5.3.3 Location http://app.mailgun.com.4134.butcha.nl/en/3/bbcc5a3794aa63c01e067c8ceb61e54f/1249c22a9737e2eb822564a1a3bceb84/498ddafa91279b185c16eb3dfbad903f Content-Length 0 Connection close Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	animate.min.css app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/	57 KB 57 KB	232ms 183ms	Stylesheet text/css	37.120.206.78 M247
General Check archive.org Show headers Download Go to Full URL http://app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/animate.min.css Requested by Host: app.mailgun.com.4134.butcha.nl URL: http://app.mailgun.com.4134.butcha.nl/en/3/bbcc5a3794aa63c01e067c8ceb61e54f/1249c22a9737e2eb822564a1a3bceb84/498ddafa91279b185c16eb3dfbad903f Protocol HTTP/1.1 Server 37.120.206.78 Bucharest, Romania, ASN9009 (M247, GB), Reverse DNS Software Apache/2.2.15 (CentOS) / Resource Hash `3c770e90f98eb21b0c042fafb49755af93306fbaf42e449524f94fae9fc83295` Request headers Referer http://app.mailgun.com.4134.butcha.nl/en/3/bbcc5a3794aa63c01e067c8ceb61e54f/1249c22a9737e2eb822564a1a3bceb84/498ddafa91279b185c16eb3dfbad903f User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 23 Oct 2020 19:19:39 GMT Last-Modified Tue, 08 Oct 2019 17:13:49 GMT Server Apache/2.2.15 (CentOS) ETag "400c9-e311-594694aaecd40" Content-Type text/css Connection close Accept-Ranges bytes Content-Length 58129
GET H/1.1	200 OK	style.css app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/	6 KB 7 KB	240ms 191ms	Stylesheet text/css	37.120.206.78 M247
General Check archive.org Show headers Download Go to Full URL http://app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/style.css?v=1.0.0 Requested by Host: app.mailgun.com.4134.butcha.nl URL: http://app.mailgun.com.4134.butcha.nl/en/3/bbcc5a3794aa63c01e067c8ceb61e54f/1249c22a9737e2eb822564a1a3bceb84/498ddafa91279b185c16eb3dfbad903f Protocol HTTP/1.1 Server 37.120.206.78 Bucharest, Romania, ASN9009 (M247, GB), Reverse DNS Software Apache/2.2.15 (CentOS) / Resource Hash `824f0244a925128825fb4b73920ffc4edf9f02db39520db886ff1886455f023b` Request headers Referer http://app.mailgun.com.4134.butcha.nl/en/3/bbcc5a3794aa63c01e067c8ceb61e54f/1249c22a9737e2eb822564a1a3bceb84/498ddafa91279b185c16eb3dfbad903f User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 23 Oct 2020 19:19:39 GMT Last-Modified Tue, 08 Oct 2019 17:14:24 GMT Server Apache/2.2.15 (CentOS) ETag "400cf-1952-594694cc4dc00" Content-Type text/css Connection close Accept-Ranges bytes Content-Length 6482
GET H/1.1	200 OK	logo.svg app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/	3 KB 3 KB	233ms 184ms	Image image/svg+xml	37.120.206.78 M247
General Check archive.org Show headers Download Go to Show image Full URL http://app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/logo.svg Requested by Host: app.mailgun.com.4134.butcha.nl URL: http://app.mailgun.com.4134.butcha.nl/en/3/bbcc5a3794aa63c01e067c8ceb61e54f/1249c22a9737e2eb822564a1a3bceb84/498ddafa91279b185c16eb3dfbad903f Protocol HTTP/1.1 Server 37.120.206.78 Bucharest, Romania, ASN9009 (M247, GB), Reverse DNS Software Apache/2.2.15 (CentOS) / Resource Hash `0cb6073e831562296a2e8f3d1d7ce806012be39c2110dd42fa213d86d65c65c9` Request headers Referer http://app.mailgun.com.4134.butcha.nl/en/3/bbcc5a3794aa63c01e067c8ceb61e54f/1249c22a9737e2eb822564a1a3bceb84/498ddafa91279b185c16eb3dfbad903f User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 23 Oct 2020 19:19:39 GMT Last-Modified Tue, 08 Oct 2019 17:15:23 GMT Server Apache/2.2.15 (CentOS) ETag "400ce-ab2-59469504920c0" Content-Type image/svg+xml Connection close Accept-Ranges bytes Content-Length 2738
GET H/1.1	200 OK	jquery.min.js Show response app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/	94 KB 94 KB	236ms 187ms	Script text/javascript	37.120.206.78 M247
General Check archive.org Show headers Download Go to Full URL http://app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/jquery.min.js Requested by Host: app.mailgun.com.4134.butcha.nl URL: http://app.mailgun.com.4134.butcha.nl/en/3/bbcc5a3794aa63c01e067c8ceb61e54f/1249c22a9737e2eb822564a1a3bceb84/498ddafa91279b185c16eb3dfbad903f Protocol HTTP/1.1 Server 37.120.206.78 Bucharest, Romania, ASN9009 (M247, GB), Reverse DNS Software Apache/2.2.15 (CentOS) / Resource Hash `100a135d8e7d5ebf1fe83b0b16da1d8d8b2321acdc4d5c24a1f9a7df53b23cf1` Request headers Referer http://app.mailgun.com.4134.butcha.nl/en/3/bbcc5a3794aa63c01e067c8ceb61e54f/1249c22a9737e2eb822564a1a3bceb84/498ddafa91279b185c16eb3dfbad903f User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 23 Oct 2020 19:19:39 GMT Last-Modified Tue, 08 Oct 2019 17:35:48 GMT Server Apache/2.2.15 (CentOS) ETag "400cd-176bd-59469994d2500" Content-Type text/javascript Connection close Accept-Ranges bytes Content-Length 95933
GET H/1.1	404 Not Found	blue_bg.png app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/	328 B 328 B	204ms 155ms	Image text/html	37.120.206.78 M247
General Check archive.org Show headers Download Go to Show image Full URL http://app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/blue_bg.png Requested by Host: app.mailgun.com.4134.butcha.nl URL: http://app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/style.css?v=1.0.0 Protocol HTTP/1.1 Server 37.120.206.78 Bucharest, Romania, ASN9009 (M247, GB), Reverse DNS Software Apache/2.2.15 (CentOS) / Resource Hash `d1b460ef4f053fde665e2ada9bf25e2eada9f14c9d9259b60fc4b171d29cdbdb` Request headers Referer http://app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/style.css?v=1.0.0 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 23 Oct 2020 19:19:39 GMT Server Apache/2.2.15 (CentOS) Connection close Content-Length 328 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	inter.woff app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/	0 0	209ms 161ms	Font text/html	37.120.206.78 M247
General Check archive.org Show headers Download Go to Full URL http://app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/inter.woff Requested by Host: app.mailgun.com.4134.butcha.nl URL: http://app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/style.css?v=1.0.0 Protocol HTTP/1.1 Server 37.120.206.78 Bucharest, Romania, ASN9009 (M247, GB), Reverse DNS Software Apache/2.2.15 (CentOS) / Resource Hash Request headers Origin http://app.mailgun.com.4134.butcha.nl Referer http://app.mailgun.com.4134.butcha.nl/mailgun.com/com/assets/style.css?v=1.0.0 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 23 Oct 2020 19:19:39 GMT Server Apache/2.2.15 (CentOS) Connection close Content-Length 327 Content-Type text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Mailgun (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.mailgun.com.4134.butcha.net
app.mailgun.com.4134.butcha.nl
u723073.ct.sendgrid.net
167.89.118.35
37.120.206.78
0cb6073e831562296a2e8f3d1d7ce806012be39c2110dd42fa213d86d65c65c9
100a135d8e7d5ebf1fe83b0b16da1d8d8b2321acdc4d5c24a1f9a7df53b23cf1
3c770e90f98eb21b0c042fafb49755af93306fbaf42e449524f94fae9fc83295
824f0244a925128825fb4b73920ffc4edf9f02db39520db886ff1886455f023b
d1b460ef4f053fde665e2ada9bf25e2eada9f14c9d9259b60fc4b171d29cdbdb
e2b270606ca0bef5a336522750304afafab0d9227944105b26d54cca05724915

app.mailgun.com.4134.butcha.nl Open in urlscan Pro 37.120.206.78 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

0 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

1 IPs

2 Countries

171 kBTransfer

170 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

app.mailgun.com.4134.butcha.nl Open in urlscan Pro
37.120.206.78 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

1
IPs

2
Countries

171 kB
Transfer

170 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!