mithanisak.buyanzul.repl.co

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 6 HTTP transactions. The main IP is 35.201.120.147, located in Ascension Island and belongs to GOOGLE, US. The main domain is mithanisak.buyanzul.repl.co.
TLS certificate: Issued by Let's Encrypt Authority X3 on October 26th 2020. Valid for: 3 months.

This is the only time mithanisak.buyanzul.repl.co was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WeTransfer (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	167.89.115.121 167.89.115.121	11377 (SENDGRID) (SENDGRID)
4	35.201.120.147 35.201.120.147	15169 (GOOGLE) (GOOGLE)
1	35.197.18.156 35.197.18.156	15169 (GOOGLE) (GOOGLE)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:3b	20446 (HIGHWINDS3) (HIGHWINDS3)
6	4

1 167.89.115.121 (United States) 1 redirects

ASN11377 (SENDGRID, US)
PTR: o16789115x121.outbound-mail.sendgrid.net

u3880067.ct.sendgrid.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.201.120.147 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 147.120.201.35.bc.googleusercontent.com

mithanisak.buyanzul.repl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.197.18.156 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 156.18.197.35.bc.googleusercontent.com

blog.thunderbird.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:3b (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	repl.co mithanisak.buyanzul.repl.co	905 KB
1	jquery.com code.jquery.com	30 KB
1	thunderbird.net blog.thunderbird.net	4 KB
1	sendgrid.net 1 redirects u3880067.ct.sendgrid.net	322 B
6	4

	Domain	Requested by
4	mithanisak.buyanzul.repl.co	mithanisak.buyanzul.repl.co
1	code.jquery.com	mithanisak.buyanzul.repl.co
1	blog.thunderbird.net	mithanisak.buyanzul.repl.co
1	u3880067.ct.sendgrid.net	1 redirects
6	4

This site contains links to these domains. Also see Links.

Domain
wetransfer.zendesk.com
wetransfer.com

Subject Issuer	Validity	Valid
buyanzul.repl.co Let's Encrypt Authority X3	`2020-10-26` - `2021-01-24`	3 months	crt.sh
blog.thunderbird.net Let's Encrypt Authority X3	`2020-10-12` - `2021-01-10`	3 months	crt.sh
jquery.org Sectigo RSA Domain Validation Secure Server CA	`2020-10-06` - `2021-10-16`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://mithanisak.buyanzul.repl.co/mitha.html?44e3c91f3c0fce3af1010c3170601100244/7a07e2ec4
Frame ID: 5AB14F98E65A5F0104AEF5B9FB284010
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://u3880067.ct.sendgrid.net/ls/click?upn=kLVquQ5gBWr4N0s0Mi-2FvbGKr1tBfMukQTwe4K2iD91bpLtBdXdNOXAAoxjdI-... HTTP 302
https://mithanisak.buyanzul.repl.co/mitha.html?44e3c91f3c0fce3af1010c3170601100244/7a07e2ec4 Page URL

Page Statistics

6
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

939 kB
Transfer

1397 kB
Size

0
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://wetransfer.zendesk.com/
Title: help center

Search URL Search Domain Scan URL

URL: https://wetransfer.com/help
Title: Help

Search URL Search Domain Scan URL

URL: https://wetransfer.com/about
Title: About

Search URL Search Domain Scan URL

URL: https://wetransfer.com/products
Title: Products

Search URL Search Domain Scan URL

URL: https://wetransfer.com/plus?trk=WT201610_AboutPlus
Title: Plus

Search URL Search Domain Scan URL

URL: https://wetransfer.com/advertise
Title: Advertise

Search URL Search Domain Scan URL

URL: https://wetransfer.com/sign-in
Title: Got Plus?

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://u3880067.ct.sendgrid.net/ls/click?upn=kLVquQ5gBWr4N0s0Mi-2FvbGKr1tBfMukQTwe4K2iD91bpLtBdXdNOXAAoxjdI-2BxS27iSiaNesL3Dg1nd36M-2FViXwa3hZWm8RaODPFmJPKyKObZtXhrYGGYFS0RJPc4iB3RUWIgfYQfG-2FwpM-2BJkFGsM29onGg5hFbkne3lc1tqrhk-3DhFkt_LzJDHOEKh7tCJD3pWDUNIdBfLvcI8EaCLUP7cnIyVq8iuAvn93IvtpndM8Uv-2BzXBadHTN1nldbK8-2BM95R1L8YU8XFhc2oYkT6hdkf70X033miIhnyZvOrYm8cK7tUt12376k1NBa95yslKi-2BAtZ6-2BXpKtrLQ9UMjcJHidG7GrfCS64fPre7Hk0DK-2F3DDLPYHKxpeLH-2BBwTR-2Fpga1yL0o4JySJ-2BewiezhI3DcGmYLSGo-3D HTTP 302
https://mithanisak.buyanzul.repl.co/mitha.html?44e3c91f3c0fce3af1010c3170601100244/7a07e2ec4 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request mitha.html Show response mithanisak.buyanzul.repl.co/ Redirect Chain https://u3880067.ct.sendgrid.net/ls/click?upn=kLVquQ5gBWr4N0s0Mi-2FvbGKr1tBfMukQTwe4K2iD91bpLtBdXdNOXAAoxjdI-2BxS27iSiaNesL3Dg1nd36M-2FViXwa3hZWm8RaODPFmJPKyKObZtXhrYGGYFS0RJPc4iB3RUWIgfYQfG-2FwpM-... https://mithanisak.buyanzul.repl.co/mitha.html?44e3c91f3c0fce3af1010c3170601100244/7a07e2ec4	905 KB 905 KB	386ms 200ms	Document text/html	35.201.120.147 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://mithanisak.buyanzul.repl.co/mitha.html?44e3c91f3c0fce3af1010c3170601100244/7a07e2ec4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.201.120.147 , Ascension Island, ASN15169 (GOOGLE, US), Reverse DNS 147.120.201.35.bc.googleusercontent.com Software / Resource Hash `3160bc803c3c034673d9ff66930650336f757725bff92922988f5ac4ce92af63` Request headers :method GET :authority mithanisak.buyanzul.repl.co :scheme https :path /mitha.html?44e3c91f3c0fce3af1010c3170601100244/7a07e2ec4 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 access-control-allow-origin * content-type text/html; charset=utf-8 expect-ct max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791" content-length 926373 date Tue, 27 Oct 2020 21:09:13 GMT Redirect headers Server nginx Date Tue, 27 Oct 2020 21:09:12 GMT Content-Type text/html; charset=utf-8 Content-Length 141 Connection keep-alive Location https://mithanisak.buyanzul.repl.co/mitha.html?44e3c91f3c0fce3af1010c3170601100244/7a07e2ec4#sgardiner@markanthony.com X-Robots-Tag noindex, nofollow
GET H2	404	jquery.min.js.download mithanisak.buyanzul.repl.co/WeTransfer_files/	0 0	202ms 202ms	Script text/html	35.201.120.147 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://mithanisak.buyanzul.repl.co/WeTransfer_files/jquery.min.js.download Requested by Host: mithanisak.buyanzul.repl.co URL: https://mithanisak.buyanzul.repl.co/mitha.html?44e3c91f3c0fce3af1010c3170601100244/7a07e2ec4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.201.120.147 , Ascension Island, ASN15169 (GOOGLE, US), Reverse DNS 147.120.201.35.bc.googleusercontent.com Software / Resource Hash Request headers Referer https://mithanisak.buyanzul.repl.co/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 404 date Tue, 27 Oct 2020 21:09:13 GMT expect-ct max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791" content-type text/html; charset=utf-8
GET H2	404	bootstrap.min.js.download mithanisak.buyanzul.repl.co/WeTransfer_files/	0 0	189ms 189ms	Script text/html	35.201.120.147 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://mithanisak.buyanzul.repl.co/WeTransfer_files/bootstrap.min.js.download Requested by Host: mithanisak.buyanzul.repl.co URL: https://mithanisak.buyanzul.repl.co/mitha.html?44e3c91f3c0fce3af1010c3170601100244/7a07e2ec4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.201.120.147 , Ascension Island, ASN15169 (GOOGLE, US), Reverse DNS 147.120.201.35.bc.googleusercontent.com Software / Resource Hash Request headers Referer https://mithanisak.buyanzul.repl.co/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 404 date Tue, 27 Oct 2020 21:09:13 GMT expect-ct max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791" content-type text/html; charset=utf-8
GET DATA	200 OK	truncated /	404 KB 0		Stylesheet text/css
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d427514a08d01168a2d132a8cc9ae70ec0a4e95f8e4f905fa50e2a70b34ef575` Request headers Referer https://mithanisak.buyanzul.repl.co/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type text/css
GET H2	200	wetransfer-workmark-website.png blog.thunderbird.net/files/2019/05/	4 KB 4 KB	647ms 307ms	Image image/png	35.197.18.156 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://blog.thunderbird.net/files/2019/05/wetransfer-workmark-website.png Requested by Host: mithanisak.buyanzul.repl.co URL: https://mithanisak.buyanzul.repl.co/mitha.html?44e3c91f3c0fce3af1010c3170601100244/7a07e2ec4 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 35.197.18.156 Mountain View, United States, ASN15169 (GOOGLE, US), Reverse DNS 156.18.197.35.bc.googleusercontent.com Software nginx / Resource Hash `33068b31229eafcb20e2d8679d02ac8697f0b74fc659648591ceed3711a66bbf` Request headers Referer https://mithanisak.buyanzul.repl.co/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 27 Oct 2020 21:09:13 GMT last-modified Tue, 07 May 2019 16:12:15 GMT server nginx status 200 etag "5cd1ae5f-1103" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 4355
GET H2	404	bootstrap.min.js.download mithanisak.buyanzul.repl.co/WeTransfer_files/	0 0	176ms 175ms	Script text/html	35.201.120.147 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://mithanisak.buyanzul.repl.co/WeTransfer_files/bootstrap.min.js.download Requested by Host: mithanisak.buyanzul.repl.co URL: https://mithanisak.buyanzul.repl.co/mitha.html?44e3c91f3c0fce3af1010c3170601100244/7a07e2ec4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.201.120.147 , Ascension Island, ASN15169 (GOOGLE, US), Reverse DNS 147.120.201.35.bc.googleusercontent.com Software / Resource Hash Request headers Referer https://mithanisak.buyanzul.repl.co/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 404 date Tue, 27 Oct 2020 21:09:13 GMT expect-ct max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791" content-type text/html; charset=utf-8
GET H2	200	jquery-3.1.1.min.js Show response code.jquery.com/	85 KB 30 KB	3203ms 11ms	Script application/javascript	2001:4de0:ac19::1:b:3b HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.1.1.min.js Requested by Host: mithanisak.buyanzul.repl.co URL: https://mithanisak.buyanzul.repl.co/mitha.html?44e3c91f3c0fce3af1010c3170601100244/7a07e2ec4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4de0:ac19::1:b:3b , Netherlands, ASN20446 (HIGHWINDS3, US), Reverse DNS Software nginx / Resource Hash `85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf` Request headers Referer https://mithanisak.buyanzul.repl.co/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Tue, 27 Oct 2020 21:09:17 GMT content-encoding gzip last-modified Thu, 22 Sep 2016 22:32:34 GMT server nginx status 200 etag W/"57e45c02-152b5" vary Accept-Encoding x-hw 1603832957.dop148.fr8.t,1603832957.cds277.fr8.hc,1603832957.cds012.fr8.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 30070

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WeTransfer (Online)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blog.thunderbird.net
code.jquery.com
mithanisak.buyanzul.repl.co
u3880067.ct.sendgrid.net
167.89.115.121
2001:4de0:ac19::1:b:3b
35.197.18.156
35.201.120.147
3160bc803c3c034673d9ff66930650336f757725bff92922988f5ac4ce92af63
33068b31229eafcb20e2d8679d02ac8697f0b74fc659648591ceed3711a66bbf
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
d427514a08d01168a2d132a8cc9ae70ec0a4e95f8e4f905fa50e2a70b34ef575

mithanisak.buyanzul.repl.co Open in urlscan Pro 35.201.120.147 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

6 Requests

100 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

939 kBTransfer

1397 kBSize

0 Cookies

7 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

22 JavaScript Global Variables

0 Cookies

Indicators

mithanisak.buyanzul.repl.co Open in urlscan Pro
35.201.120.147 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

939 kB
Transfer

1397 kB
Size

0
Cookies

6 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!