mithanisak.buyanzul.repl.co
Open in
urlscan Pro
35.201.120.147
Malicious Activity!
Public Scan
Effective URL: https://mithanisak.buyanzul.repl.co/mitha.html?44e3c91f3c0fce3af1010c3170601100244/7a07e2ec4
Submission Tags: falconsandbox
Submission: On October 27 via api from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on October 26th 2020. Valid for: 3 months.
This is the only time mithanisak.buyanzul.repl.co was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: WeTransfer (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 167.89.115.121 167.89.115.121 | 11377 (SENDGRID) (SENDGRID) | |
4 | 35.201.120.147 35.201.120.147 | 15169 (GOOGLE) (GOOGLE) | |
1 | 35.197.18.156 35.197.18.156 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:3b | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
6 | 4 |
ASN11377 (SENDGRID, US)
PTR: o16789115x121.outbound-mail.sendgrid.net
u3880067.ct.sendgrid.net |
ASN15169 (GOOGLE, US)
PTR: 147.120.201.35.bc.googleusercontent.com
mithanisak.buyanzul.repl.co |
ASN15169 (GOOGLE, US)
PTR: 156.18.197.35.bc.googleusercontent.com
blog.thunderbird.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
repl.co
mithanisak.buyanzul.repl.co |
905 KB |
1 |
jquery.com
code.jquery.com |
30 KB |
1 |
thunderbird.net
blog.thunderbird.net |
4 KB |
1 |
sendgrid.net
1 redirects
u3880067.ct.sendgrid.net |
322 B |
6 | 4 |
Domain | Requested by | |
---|---|---|
4 | mithanisak.buyanzul.repl.co |
mithanisak.buyanzul.repl.co
|
1 | code.jquery.com |
mithanisak.buyanzul.repl.co
|
1 | blog.thunderbird.net |
mithanisak.buyanzul.repl.co
|
1 | u3880067.ct.sendgrid.net | 1 redirects |
6 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
wetransfer.zendesk.com |
wetransfer.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
buyanzul.repl.co Let's Encrypt Authority X3 |
2020-10-26 - 2021-01-24 |
3 months | crt.sh |
blog.thunderbird.net Let's Encrypt Authority X3 |
2020-10-12 - 2021-01-10 |
3 months | crt.sh |
jquery.org Sectigo RSA Domain Validation Secure Server CA |
2020-10-06 - 2021-10-16 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://mithanisak.buyanzul.repl.co/mitha.html?44e3c91f3c0fce3af1010c3170601100244/7a07e2ec4
Frame ID: 5AB14F98E65A5F0104AEF5B9FB284010
Requests: 7 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://u3880067.ct.sendgrid.net/ls/click?upn=kLVquQ5gBWr4N0s0Mi-2FvbGKr1tBfMukQTwe4K2iD91bpLtBdXdNOXAAoxjdI-...
HTTP 302
https://mithanisak.buyanzul.repl.co/mitha.html?44e3c91f3c0fce3af1010c3170601100244/7a07e2ec4 Page URL
Page Statistics
7 Outgoing links
These are links going to different origins than the main page.
Title: help center
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Title: About
Search URL Search Domain Scan URL
Title: Products
Search URL Search Domain Scan URL
Title: Plus
Search URL Search Domain Scan URL
Title: Advertise
Search URL Search Domain Scan URL
Title: Got Plus?
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://u3880067.ct.sendgrid.net/ls/click?upn=kLVquQ5gBWr4N0s0Mi-2FvbGKr1tBfMukQTwe4K2iD91bpLtBdXdNOXAAoxjdI-2BxS27iSiaNesL3Dg1nd36M-2FViXwa3hZWm8RaODPFmJPKyKObZtXhrYGGYFS0RJPc4iB3RUWIgfYQfG-2FwpM-2BJkFGsM29onGg5hFbkne3lc1tqrhk-3DhFkt_LzJDHOEKh7tCJD3pWDUNIdBfLvcI8EaCLUP7cnIyVq8iuAvn93IvtpndM8Uv-2BzXBadHTN1nldbK8-2BM95R1L8YU8XFhc2oYkT6hdkf70X033miIhnyZvOrYm8cK7tUt12376k1NBa95yslKi-2BAtZ6-2BXpKtrLQ9UMjcJHidG7GrfCS64fPre7Hk0DK-2F3DDLPYHKxpeLH-2BBwTR-2Fpga1yL0o4JySJ-2BewiezhI3DcGmYLSGo-3D
HTTP 302
https://mithanisak.buyanzul.repl.co/mitha.html?44e3c91f3c0fce3af1010c3170601100244/7a07e2ec4 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
mitha.html
mithanisak.buyanzul.repl.co/ Redirect Chain
|
905 KB 905 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js.download
mithanisak.buyanzul.repl.co/WeTransfer_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js.download
mithanisak.buyanzul.repl.co/WeTransfer_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
404 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wetransfer-workmark-website.png
blog.thunderbird.net/files/2019/05/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js.download
mithanisak.buyanzul.repl.co/WeTransfer_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.1.1.min.js
code.jquery.com/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: WeTransfer (Online)22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes object| _preloaded_transfer_ function| validateForm undefined| ctx undefined| al undefined| start undefined| cw undefined| ch undefined| diff undefined| sim function| progressSim function| triggerError function| closeModal function| reset object| Wallpapers function| $ function| jQuery function| true_email0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
blog.thunderbird.net
code.jquery.com
mithanisak.buyanzul.repl.co
u3880067.ct.sendgrid.net
167.89.115.121
2001:4de0:ac19::1:b:3b
35.197.18.156
35.201.120.147
3160bc803c3c034673d9ff66930650336f757725bff92922988f5ac4ce92af63
33068b31229eafcb20e2d8679d02ac8697f0b74fc659648591ceed3711a66bbf
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
d427514a08d01168a2d132a8cc9ae70ec0a4e95f8e4f905fa50e2a70b34ef575