icstm-ng.org Open in urlscan Pro
104.203.236.105 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/?client_id=C3VMUXJ9gwQH4ntAlGo0jv&redirect_uri=https:/...
Submission Tags: @ipnigh
Submission: On May 22 via api (May 22nd 2020, 1:06:08 am UTC) from GB

Summary HTTP 15 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 15 HTTP transactions. The main IP is 104.203.236.105, located in Dallas, United States and belongs to ENZUINC-, US. The main domain is icstm-ng.org.
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 14th 2020. Valid for: 3 months.

This is the only time icstm-ng.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Mailgun (Online)

Domain & IP information

	IP Address	AS Autonomous System
13	104.203.236.105 104.203.236.105	18978 (ENZUINC-) (ENZUINC-)
1	2a00:1450:400... 2a00:1450:4001:818::200a	15169 (GOOGLE) (GOOGLE)
1	52.222.149.118 52.222.149.118	16509 (AMAZON-02) (AMAZON-02)
15	3

13 104.203.236.105 (Dallas, United States)

ASN18978 (ENZUINC-, US)
PTR: wolf.jovehost.com.ng

icstm-ng.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:818::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.149.118 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-149-118.fra53.r.cloudfront.net

logo.clearbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	icstm-ng.org icstm-ng.org	1 MB
1	clearbit.com logo.clearbit.com	10 KB
1	googleapis.com ajax.googleapis.com	29 KB
15	3

	Domain	Requested by
13	icstm-ng.org	icstm-ng.org
1	logo.clearbit.com	icstm-ng.org
1	ajax.googleapis.com	icstm-ng.org
15	3

This site contains links to these domains. Also see Links.

Domain
www.naver.com

Subject Issuer	Validity	Valid
icstm-ng.org cPanel, Inc. Certification Authority	`2020-05-14` - `2020-08-12`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2020-05-05` - `2020-07-28`	3 months	crt.sh
clearbit.com Amazon	`2020-05-20` - `2021-06-20`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/?client_id=C3VMUXJ9gwQH4ntAlGo0jv&redirect_uri=https://www.naver.com/&protectedtoken=true&id=&Country=KR&x=dGVzdEBuYXZlci5jb20=&i=others
Frame ID: 11740FEDB9E124EE60E63B3588408128
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

15
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

1305 kB
Transfer

1748 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.naver.com/
Title: www.naver.com

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/ 8 KB
2 KB 5324ms
4551ms Document
text/html 104.203.236.105
ENZUINC-

General

Check archive.org

Show headers Download Go to

Full URL

https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/?client_id=C3VMUXJ9gwQH4ntAlGo0jv&redirect_uri=https://www.naver.com/&protectedtoken=true&id=&Country=KR&x=dGVzdEBuYXZlci5jb20=&i=others

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.203.236.105 Dallas, United States, ASN18978 (ENZUINC-, US),

Reverse DNS

wolf.jovehost.com.ng

Software

Apache /

Resource Hash

d117817ebba3bf21551e5202f4652e1d47d022043ff8d512d212e934efc6c6ea

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: icstm-ng.org
:scheme: https
:path: /wp-includes/images/smilies/genWeb/webmail/?client_id=C3VMUXJ9gwQH4ntAlGo0jv&redirect_uri=https://www.naver.com/&protectedtoken=true&id=&Country=KR&x=dGVzdEBuYXZlci5jb20=&i=others
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Fri, 22 May 2020 01:05:31 GMT
server: Apache
vary: Accept-Encoding
content-encoding: br
x-xss-protection: 1; mode=block
content-length: 1956
content-type: text/html; charset=UTF-8

GET
H2 200 api.css
icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/css/ 2 KB
603 B 132ms
131ms Stylesheet
text/css 104.203.236.105
ENZUINC-

General

Check archive.org

Show headers Download Go to

Full URL

https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/css/api.css

Requested by

Host: icstm-ng.org
URL: https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/?client_id=C3VMUXJ9gwQH4ntAlGo0jv&redirect_uri=https://www.naver.com/&protectedtoken=true&id=&Country=KR&x=dGVzdEBuYXZlci5jb20=&i=others

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.203.236.105 Dallas, United States, ASN18978 (ENZUINC-, US),

Reverse DNS

wolf.jovehost.com.ng

Software

Apache /

Resource Hash

63a602d76f364623cb6477ff9237f60df0bd2c5948658207974864c1c2275793

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/?client_id=C3VMUXJ9gwQH4ntAlGo0jv&redirect_uri=https://www.naver.com/&protectedtoken=true&id=&Country=KR&x=dGVzdEBuYXZlci5jb20=&i=others
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 22 May 2020 01:05:35 GMT
content-encoding: br
last-modified: Thu, 21 May 2020 00:04:07 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public
accept-ranges: bytes
content-length: 568
x-xss-protection: 1; mode=block
expires: Sat, 24 Jan 2015 16:00:00 GMT

GET
H2 200 config.js Show response
icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/js/ 43 B
172 B 131ms
130ms Script
application/javascript 104.203.236.105
ENZUINC-

General

Check archive.org

Show headers Download Go to

Full URL

https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/js/config.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.203.236.105 Dallas, United States, ASN18978 (ENZUINC-, US),

Reverse DNS

wolf.jovehost.com.ng

Software

Apache /

Resource Hash

e530ef443c682ca02cab15d939402ead8c7c060fcf676164efd4078508e510e6

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/?client_id=C3VMUXJ9gwQH4ntAlGo0jv&redirect_uri=https://www.naver.com/&protectedtoken=true&id=&Country=KR&x=dGVzdEBuYXZlci5jb20=&i=others
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 22 May 2020 01:05:35 GMT
content-encoding: br
last-modified: Thu, 21 May 2020 00:04:07 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public
accept-ranges: bytes
content-length: 41
x-xss-protection: 1; mode=block
expires: Sat, 24 Jan 2015 16:00:00 GMT

GET
H2 200 style.css
icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/css/ 46 KB
8 KB 134ms
133ms Stylesheet
text/css 104.203.236.105
ENZUINC-

General

Check archive.org

Show headers Download Go to

Full URL

https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/css/style.css

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.203.236.105 Dallas, United States, ASN18978 (ENZUINC-, US),

Reverse DNS

wolf.jovehost.com.ng

Software

Apache /

Resource Hash

b40eea5338ffb4de44b8ced4bb257cf7ca0296537f8ce4772323c38c961eea80

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/?client_id=C3VMUXJ9gwQH4ntAlGo0jv&redirect_uri=https://www.naver.com/&protectedtoken=true&id=&Country=KR&x=dGVzdEBuYXZlci5jb20=&i=others
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 22 May 2020 01:05:35 GMT
content-encoding: br
last-modified: Thu, 21 May 2020 00:04:07 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public
accept-ranges: bytes
content-length: 8368
x-xss-protection: 1; mode=block
expires: Sat, 24 Jan 2015 16:00:00 GMT

GET
H2 200 pikaday.css
icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/css/ 3 KB
1 KB 131ms
131ms Stylesheet
text/css 104.203.236.105
ENZUINC-

General

Check archive.org

Show headers Download Go to

Full URL

https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/css/pikaday.css

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.203.236.105 Dallas, United States, ASN18978 (ENZUINC-, US),

Reverse DNS

wolf.jovehost.com.ng

Software

Apache /

Resource Hash

0bf6bc6e7e66c9cfacaf824c257a091e908f00a134213c5c433e024729eddb3a

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/?client_id=C3VMUXJ9gwQH4ntAlGo0jv&redirect_uri=https://www.naver.com/&protectedtoken=true&id=&Country=KR&x=dGVzdEBuYXZlci5jb20=&i=others
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 22 May 2020 01:05:35 GMT
content-encoding: br
last-modified: Thu, 21 May 2020 00:04:07 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public
accept-ranges: bytes
content-length: 1234
x-xss-protection: 1; mode=block
expires: Sat, 24 Jan 2015 16:00:00 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ 82 KB
29 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:818::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/?client_id=C3VMUXJ9gwQH4ntAlGo0jv&redirect_uri=https://www.naver.com/&protectedtoken=true&id=&Country=KR&x=dGVzdEBuYXZlci5jb20=&i=others
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 19 May 2020 14:00:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 212710
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29671
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 May 2021 14:00:25 GMT

GET
H2 200 mailgun.com
logo.clearbit.com/ 10 KB
10 KB 83ms
27ms Image
image/png 52.222.149.118
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://logo.clearbit.com/mailgun.com
Requested by: Host: icstm-ng.org
URL: https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/?client_id=C3VMUXJ9gwQH4ntAlGo0jv&redirect_uri=https://www.naver.com/&protectedtoken=true&id=&Country=KR&x=dGVzdEBuYXZlci5jb20=&i=others
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.149.118 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-149-118.fra53.r.cloudfront.net
Software: envoy /
Resource Hash: 8b323a5fa66c69064f04bfaba00b9bb443ee3996d9590fee4e7cdbcd063c1f57

Request headers

Referer: https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/?client_id=C3VMUXJ9gwQH4ntAlGo0jv&redirect_uri=https://www.naver.com/&protectedtoken=true&id=&Country=KR&x=dGVzdEBuYXZlci5jb20=&i=others
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 20:12:58 GMT
via: 1.1 67284fcf464f6f1529cc1e521669622c.cloudfront.net (CloudFront)
server: envoy
age: 1054357
status: 200
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA53
x-amz-cf-id: nF9BhIh7JyCXpwJArVyJ9UhOYAvrWjMZw26kwodC5WjqP0wwohf-zg==

GET
H2 200 information.png
icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/images/icons/ 2 KB
2 KB 124ms
123ms Image
image/png 104.203.236.105
ENZUINC-

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/images/icons/information.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.203.236.105 Dallas, United States, ASN18978 (ENZUINC-, US),

Reverse DNS

wolf.jovehost.com.ng

Software

Apache /

Resource Hash

672d27ddb45d37f5f0439d89d736bada062e9385c0f89042769996650edac194

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/?client_id=C3VMUXJ9gwQH4ntAlGo0jv&redirect_uri=https://www.naver.com/&protectedtoken=true&id=&Country=KR&x=dGVzdEBuYXZlci5jb20=&i=others
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 22 May 2020 01:05:35 GMT
last-modified: Thu, 21 May 2020 00:04:07 GMT
server: Apache
content-type: image/png
status: 200
cache-control: max-age=3600, public
accept-ranges: bytes
content-length: 1550
x-xss-protection: 1; mode=block

GET
H2 200 framework.min.js Show response
icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/js/ 33 KB
9 KB 138ms
138ms Script
application/javascript 104.203.236.105
ENZUINC-

General

Check archive.org

Show headers Download Go to

Full URL

https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/js/framework.min.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.203.236.105 Dallas, United States, ASN18978 (ENZUINC-, US),

Reverse DNS

wolf.jovehost.com.ng

Software

Apache /

Resource Hash

687c54662b84844c54be2a5a39421290e7ccc05bc8298983d304f28af7e11083

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/?client_id=C3VMUXJ9gwQH4ntAlGo0jv&redirect_uri=https://www.naver.com/&protectedtoken=true&id=&Country=KR&x=dGVzdEBuYXZlci5jb20=&i=others
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 22 May 2020 01:05:35 GMT
content-encoding: br
last-modified: Thu, 21 May 2020 00:04:07 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public
accept-ranges: bytes
content-length: 9506
x-xss-protection: 1; mode=block
expires: Sat, 24 Jan 2015 16:00:00 GMT

GET
H2 200 bundle.min.js Show response
icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/js/ 402 KB
93 KB 352ms
352ms Script
application/javascript 104.203.236.105
ENZUINC-

General

Check archive.org

Show headers Download Go to

Full URL

https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/js/bundle.min.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.203.236.105 Dallas, United States, ASN18978 (ENZUINC-, US),

Reverse DNS

wolf.jovehost.com.ng

Software

Apache /

Resource Hash

43c812e91778bed6e73a73a0fde5fda61b793930ada817126abc015587f53a50

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/?client_id=C3VMUXJ9gwQH4ntAlGo0jv&redirect_uri=https://www.naver.com/&protectedtoken=true&id=&Country=KR&x=dGVzdEBuYXZlci5jb20=&i=others
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 22 May 2020 01:05:35 GMT
content-encoding: br
last-modified: Thu, 21 May 2020 00:04:07 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public
accept-ranges: bytes
content-length: 94738
x-xss-protection: 1; mode=block
expires: Sat, 24 Jan 2015 16:00:00 GMT

GET
H2 404 icons.svg
icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/images/icons/ 0
0 341ms
341ms Other
text/html 104.203.236.105
ENZUINC-

General

Check archive.org

Show headers Download Go to

Full URL

https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/images/icons/icons.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.203.236.105 Dallas, United States, ASN18978 (ENZUINC-, US),

Reverse DNS

wolf.jovehost.com.ng

Software

Apache /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/?client_id=C3VMUXJ9gwQH4ntAlGo0jv&redirect_uri=https://www.naver.com/&protectedtoken=true&id=&Country=KR&x=dGVzdEBuYXZlci5jb20=&i=others
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 22 May 2020 01:05:35 GMT
content-encoding: br
server: Apache
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404
cache-control: no-cache, must-revalidate, max-age=0
link: <https://icstm-ng.org/wp-json/>; rel="https://api.w.org/"
content-length: 5207
x-xss-protection: 1; mode=block
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 background.jpg
icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/images/ 1013 KB
1019 KB 126ms
125ms Image
image/jpeg 104.203.236.105
ENZUINC-

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/images/background.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.203.236.105 Dallas, United States, ASN18978 (ENZUINC-, US),

Reverse DNS

wolf.jovehost.com.ng

Software

Apache /

Resource Hash

7245d9fa1bfc1cabea3545d42b4333bec825f868a4f758cb66a02a0901dd12a9

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/?client_id=C3VMUXJ9gwQH4ntAlGo0jv&redirect_uri=https://www.naver.com/&protectedtoken=true&id=&Country=KR&x=dGVzdEBuYXZlci5jb20=&i=others
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 22 May 2020 01:05:35 GMT
last-modified: Thu, 21 May 2020 00:04:07 GMT
server: Apache
content-type: image/jpeg
status: 200
accept-ranges: bytes
content-length: 1037184
x-xss-protection: 1; mode=block

GET
H2 200 Roboto-Regular.woff2
icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/fonts/ 62 KB
62 KB 452ms
452ms Font
font/woff2 104.203.236.105
ENZUINC-

General

Check archive.org

Show headers Download Go to

Full URL

https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/fonts/Roboto-Regular.woff2

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.203.236.105 Dallas, United States, ASN18978 (ENZUINC-, US),

Reverse DNS

wolf.jovehost.com.ng

Software

Apache /

Resource Hash

65de8a3e5c4e0307b538ebe97df4dbcae0303b7a7afc5753aba95c218ae33a8e

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/css/style.css
Origin: https://icstm-ng.org

Response headers

date: Fri, 22 May 2020 01:05:35 GMT
content-encoding: br
last-modified: Thu, 21 May 2020 00:04:07 GMT
server: Apache
vary: Accept-Encoding
content-type: font/woff2
status: 200
accept-ranges: bytes
content-length: 63160
x-xss-protection: 1; mode=block

GET
H2 200 Roboto-Medium.woff2
icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/fonts/ 62 KB
63 KB 442ms
442ms Font
font/woff2 104.203.236.105
ENZUINC-

General

Check archive.org

Show headers Download Go to

Full URL

https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/fonts/Roboto-Medium.woff2

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.203.236.105 Dallas, United States, ASN18978 (ENZUINC-, US),

Reverse DNS

wolf.jovehost.com.ng

Software

Apache /

Resource Hash

2fea2f2aa913b7aa163f45c897a463ba47a00fba670f747ead3d73c44c0d61bd

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/css/style.css
Origin: https://icstm-ng.org

Response headers

date: Fri, 22 May 2020 01:05:35 GMT
content-encoding: br
last-modified: Thu, 21 May 2020 00:04:07 GMT
server: Apache
vary: Accept-Encoding
content-type: font/woff2
status: 200
accept-ranges: bytes
content-length: 63804
x-xss-protection: 1; mode=block

POST
H2 404 / Show response
icstm-ng.org/icewarpapi/ 23 KB
5 KB 191ms
191ms XHR
text/html 104.203.236.105
ENZUINC-

General

Check archive.org

Show headers Download Go to

Full URL

https://icstm-ng.org/icewarpapi/

Requested by

Host: icstm-ng.org
URL: https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/js/framework.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.203.236.105 Dallas, United States, ASN18978 (ENZUINC-, US),

Reverse DNS

wolf.jovehost.com.ng

Software

Apache /

Resource Hash

7f048a1aa70d16270b8803060ab38de92a91aa6ced754f7bf3eb00288a1cf46d

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://icstm-ng.org/wp-includes/images/smilies/genWeb/webmail/?client_id=C3VMUXJ9gwQH4ntAlGo0jv&redirect_uri=https://www.naver.com/&protectedtoken=true&id=&Country=KR&x=dGVzdEBuYXZlci5jb20=&i=others
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 22 May 2020 01:05:36 GMT
content-encoding: br
server: Apache
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404
cache-control: no-cache, must-revalidate, max-age=0
link: <https://icstm-ng.org/wp-json/>; rel="https://api.w.org/"
content-length: 5207
x-xss-protection: 1; mode=block
expires: Wed, 11 Jan 1984 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Mailgun (Online)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
icstm-ng.org
logo.clearbit.com
104.203.236.105
2a00:1450:4001:818::200a
52.222.149.118
0bf6bc6e7e66c9cfacaf824c257a091e908f00a134213c5c433e024729eddb3a
2fea2f2aa913b7aa163f45c897a463ba47a00fba670f747ead3d73c44c0d61bd
43c812e91778bed6e73a73a0fde5fda61b793930ada817126abc015587f53a50
63a602d76f364623cb6477ff9237f60df0bd2c5948658207974864c1c2275793
65de8a3e5c4e0307b538ebe97df4dbcae0303b7a7afc5753aba95c218ae33a8e
672d27ddb45d37f5f0439d89d736bada062e9385c0f89042769996650edac194
687c54662b84844c54be2a5a39421290e7ccc05bc8298983d304f28af7e11083
7245d9fa1bfc1cabea3545d42b4333bec825f868a4f758cb66a02a0901dd12a9
7f048a1aa70d16270b8803060ab38de92a91aa6ced754f7bf3eb00288a1cf46d
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
8b323a5fa66c69064f04bfaba00b9bb443ee3996d9590fee4e7cdbcd063c1f57
b40eea5338ffb4de44b8ced4bb257cf7ca0296537f8ce4772323c38c961eea80
d117817ebba3bf21551e5202f4652e1d47d022043ff8d512d212e934efc6c6ea
e530ef443c682ca02cab15d939402ead8c7c060fcf676164efd4078508e510e6

icstm-ng.org Open in urlscan Pro 104.203.236.105 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

1305 kBTransfer

1748 kBSize

0 Cookies

1 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

icstm-ng.org Open in urlscan Pro
104.203.236.105 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

1305 kB
Transfer

1748 kB
Size

0
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!