ngmail.ctnm.de Open in urlscan Pro
212.72.173.252 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://ngmail.ctnm.de/
Effective URL:
http://ngmail.ctnm.de/src/login.php
Submission Tags: phishingcatcher certstream Search All
Submission: On July 10 via api (July 10th 2020, 7:24:56 pm UTC) from CH

Summary HTTP 5 Redirects Links 1 Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 5 HTTP transactions. The main IP is 212.72.173.252, located in Hamburg, Germany and belongs to ARTFILES-AS Zirkusweg 1, DE. The main domain is ngmail.ctnm.de.

This is the only time ngmail.ctnm.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
1 6	212.72.173.252 212.72.173.252		8893 (ARTFILES-...) (ARTFILES-AS Zirkusweg 1)
5	1

6 212.72.173.252 (Hamburg, Germany) 1 redirects

ASN8893 (ARTFILES-AS Zirkusweg 1, DE)
PTR: ngmail.ctnm.de

ngmail.ctnm.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	ctnm.de 1 redirects ngmail.ctnm.de	59 KB
5	1

	Domain	Requested by
6	ngmail.ctnm.de	1 redirects ngmail.ctnm.de
5	1

This site contains links to these domains. Also see Links.

Domain
www.ctnm.de

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://ngmail.ctnm.de/src/login.php
Frame ID: 4CFC69A2E9258DE1604E8DFD70717A5C
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://ngmail.ctnm.de/ HTTP 302
http://ngmail.ctnm.de/src/login.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /php\/?([\d.]+)?/i

UNIX (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Unix/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

mod_ssl (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /mod_ssl(?:\/([\d.]+))?/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
headers server /mod_ssl(?:\/([\d.]+))?/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

5
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

59 kB
Transfer

57 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://www.ctnm.de/
Title: Powered by CTNM

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://ngmail.ctnm.de/ HTTP 302
http://ngmail.ctnm.de/src/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set login.php Show response ngmail.ctnm.de/src/ Redirect Chain http://ngmail.ctnm.de/ http://ngmail.ctnm.de/src/login.php	3 KB 4 KB	43ms 43ms	Document text/html	212.72.173.252 ARTFILES-AS Zirku...
General Check archive.org Show headers Download Go to Full URL http://ngmail.ctnm.de/src/login.php Protocol HTTP/1.1 Server 212.72.173.252 Hamburg, Germany, ASN8893 (ARTFILES-AS Zirkusweg 1, DE), Reverse DNS ngmail.ctnm.de Software Apache/1.3.41 (Unix) PHP/5.2.6 mod_ssl/2.8.31 OpenSSL/0.9.8e / PHP/5.2.6 Resource Hash `6c8ece0b457393c6d07d0a7ce2db4586f1d9377468643dcdf6a14c7cd94f026c` Request headers Host ngmail.ctnm.de Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 10 Jul 2020 19:24:40 GMT Server Apache/1.3.41 (Unix) PHP/5.2.6 mod_ssl/2.8.31 OpenSSL/0.9.8e X-Powered-By PHP/5.2.6 Set-Cookie SQMSESSID=jilrbjrouumu0etfsjg9aelno0; path=/ SQMSESSID=uqdub18ufm7dqntjn7k4o4boi7; path=/ Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma no-cache Keep-Alive timeout=15, max=99 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=iso-8859-1 Redirect headers Date Fri, 10 Jul 2020 19:24:40 GMT Server Apache/1.3.41 (Unix) PHP/5.2.6 mod_ssl/2.8.31 OpenSSL/0.9.8e X-Powered-By PHP/5.2.6 Location src/login.php Keep-Alive timeout=15, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html
GET H/1.1	200 OK	XP_Silver.css ngmail.ctnm.de/themes/css/	16 KB 16 KB	29ms 28ms	Stylesheet text/css	212.72.173.252 ARTFILES-AS Zirku...
General Check archive.org Show headers Download Go to Full URL http://ngmail.ctnm.de/themes/css/XP_Silver.css Requested by Host: ngmail.ctnm.de URL: http://ngmail.ctnm.de/src/login.php Protocol HTTP/1.1 Server 212.72.173.252 Hamburg, Germany, ASN8893 (ARTFILES-AS Zirkusweg 1, DE), Reverse DNS ngmail.ctnm.de Software Apache/1.3.41 (Unix) PHP/5.2.6 mod_ssl/2.8.31 OpenSSL/0.9.8e / Resource Hash `0febb5208a8010cd59f29d52952494298a3a6f181f7f5d472b718338dbc8710a` Request headers Referer http://ngmail.ctnm.de/src/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 10 Jul 2020 19:24:40 GMT Last-Modified Tue, 08 Jul 2008 12:57:26 GMT Server Apache/1.3.41 (Unix) PHP/5.2.6 mod_ssl/2.8.31 OpenSSL/0.9.8e ETag "32508b4-40a7-48736436" Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=15, max=98 Content-Length 16551
GET H/1.1	200 OK	jquery.js Show response ngmail.ctnm.de/functions/	27 KB 27 KB	58ms 45ms	Script application/javascript	212.72.173.252 ARTFILES-AS Zirku...
General Check archive.org Show headers Download Go to Full URL http://ngmail.ctnm.de/functions/jquery.js Requested by Host: ngmail.ctnm.de URL: http://ngmail.ctnm.de/src/login.php Protocol HTTP/1.1 Server 212.72.173.252 Hamburg, Germany, ASN8893 (ARTFILES-AS Zirkusweg 1, DE), Reverse DNS ngmail.ctnm.de Software Apache/1.3.41 (Unix) PHP/5.2.6 mod_ssl/2.8.31 OpenSSL/0.9.8e / Resource Hash `675a68ab60ce5068044d9a49a989dbf7cf5f051eece9f9d8f32faa1e89dc3912` Request headers Referer http://ngmail.ctnm.de/src/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 10 Jul 2020 19:24:40 GMT Last-Modified Mon, 08 Oct 2007 20:40:10 GMT Server Apache/1.3.41 (Unix) PHP/5.2.6 mod_ssl/2.8.31 OpenSSL/0.9.8e ETag "324b403-6a0b-470a95aa" Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=15, max=100 Content-Length 27147
GET H/1.1	200 OK	logo-ctnm.png ngmail.ctnm.de/images/	2 KB 2 KB	29ms 28ms	Image image/png	212.72.173.252 ARTFILES-AS Zirku...
General Check archive.org Show headers Download Go to Show image Full URL http://ngmail.ctnm.de/images/logo-ctnm.png Requested by Host: ngmail.ctnm.de URL: http://ngmail.ctnm.de/src/login.php Protocol HTTP/1.1 Server 212.72.173.252 Hamburg, Germany, ASN8893 (ARTFILES-AS Zirkusweg 1, DE), Reverse DNS ngmail.ctnm.de Software Apache/1.3.41 (Unix) PHP/5.2.6 mod_ssl/2.8.31 OpenSSL/0.9.8e / Resource Hash `0bd110df0c3c4b6ae0fff5d0e5484c60e751fc3cb387088a12ff1f1c311d0d6a` Request headers Referer http://ngmail.ctnm.de/src/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 10 Jul 2020 19:24:40 GMT Last-Modified Mon, 25 Feb 2008 16:18:27 GMT Server Apache/1.3.41 (Unix) PHP/5.2.6 mod_ssl/2.8.31 OpenSSL/0.9.8e ETag "324b0a4-7a4-47c2ea53" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=15, max=97 Content-Length 1956
GET H/1.1	200 OK	bg.png ngmail.ctnm.de/skins/XP_Silver/	9 KB 10 KB	29ms 29ms	Image image/png	212.72.173.252 ARTFILES-AS Zirku...
General Check archive.org Show headers Download Go to Show image Full URL http://ngmail.ctnm.de/skins/XP_Silver/bg.png Requested by Host: ngmail.ctnm.de URL: http://ngmail.ctnm.de/src/login.php Protocol HTTP/1.1 Server 212.72.173.252 Hamburg, Germany, ASN8893 (ARTFILES-AS Zirkusweg 1, DE), Reverse DNS ngmail.ctnm.de Software Apache/1.3.41 (Unix) PHP/5.2.6 mod_ssl/2.8.31 OpenSSL/0.9.8e / Resource Hash `3cc7fd57faaabff66133d3f03ddfc70b81fd2bf9830c3d41c345904ba58f852f` Request headers Referer http://ngmail.ctnm.de/themes/css/XP_Silver.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 10 Jul 2020 19:24:40 GMT Last-Modified Wed, 02 Aug 2006 08:02:00 GMT Server Apache/1.3.41 (Unix) PHP/5.2.6 mod_ssl/2.8.31 OpenSSL/0.9.8e ETag "3250734-25d2-44d05bf8" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=15, max=99 Content-Length 9682

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| alreadyFocused function| squirrelmail_loginpage_onload function| jQuery function| $

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			ngmail.ctnm.de/	1969-12-31 23:59:59	Name: SQMSESSID Value: uqdub18ufm7dqntjn7k4o4boi7

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ngmail.ctnm.de
212.72.173.252
0bd110df0c3c4b6ae0fff5d0e5484c60e751fc3cb387088a12ff1f1c311d0d6a
0febb5208a8010cd59f29d52952494298a3a6f181f7f5d472b718338dbc8710a
3cc7fd57faaabff66133d3f03ddfc70b81fd2bf9830c3d41c345904ba58f852f
675a68ab60ce5068044d9a49a989dbf7cf5f051eece9f9d8f32faa1e89dc3912
6c8ece0b457393c6d07d0a7ce2db4586f1d9377468643dcdf6a14c7cd94f026c