mapansales.mapangroup.com Open in urlscan Pro
217.21.72.220  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request otp.php Show response mapansales.mapangroup.com/public/loginPage/fonts/iconic/fonts/hodknkgrw/	5 KB 2 KB	80ms 75ms	Document text/html	217.21.72.220 AS-HOSTINGER
General Check archive.org Show headers Download Go to Full URL http://mapansales.mapangroup.com/public/loginPage/fonts/iconic/fonts/hodknkgrw/otp.php Protocol HTTP/1.1 Server 217.21.72.220 , Singapore, ASN47583 (AS-HOSTINGER, CY), Reverse DNS srv152.niagahoster.com Software LiteSpeed / Niagahoster Resource Hash d40b35a6478f826b5f6d722f315783251ae01ef0586fcbe2d2a6098139d16837 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 accept-language zh-SG,zh;q=0.9 Response headers Connection Keep-Alive Keep-Alive timeout=5, max=100 cache-control no-store, no-cache, must-revalidate content-encoding gzip content-length 1399 content-type text/html; charset=UTF-8 date Thu, 08 Jun 2023 03:30:17 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server LiteSpeed strict-transport-security max-age=31536000; includeSubDomains; preload vary Accept-Encoding,User-Agent x-content-type-options nosniff x-powered-by Niagahoster x-xss-protection 1; mode=block
GET H/1.1	200 OK	StyleIPhoneExistingTerminal.css mapansales.mapangroup.com/public/loginPage/fonts/iconic/fonts/hodknkgrw/css/	16 KB 4 KB	10ms 9ms	Stylesheet text/css	217.21.72.220 AS-HOSTINGER
General Check archive.org Show headers Download Go to Full URL http://mapansales.mapangroup.com/public/loginPage/fonts/iconic/fonts/hodknkgrw/css/StyleIPhoneExistingTerminal.css Requested by Host: mapansales.mapangroup.com URL: http://mapansales.mapangroup.com/public/loginPage/fonts/iconic/fonts/hodknkgrw/otp.php Protocol HTTP/1.1 Server 217.21.72.220 , Singapore, ASN47583 (AS-HOSTINGER, CY), Reverse DNS srv152.niagahoster.com Software LiteSpeed / Niagahoster Resource Hash 1b6c35a9f06ad24d8db420d664d6ba26ad3b95f626091c7e504baa45839ef3de Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language zh-SG,zh;q=0.9 Referer http://mapansales.mapangroup.com/public/loginPage/fonts/iconic/fonts/hodknkgrw/otp.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Thu, 08 Jun 2023 03:30:17 GMT content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains; preload x-powered-by Niagahoster Connection Keep-Alive content-length 3785 x-xss-protection 1; mode=block last-modified Thu, 26 Jan 2023 14:15:33 GMT server LiteSpeed vary Accept-Encoding,User-Agent content-type text/css cache-control public, max-age=604800 accept-ranges bytes Keep-Alive timeout=5, max=100 expires Thu, 15 Jun 2023 03:30:17 GMT
GET H2	200	netsTechnlogy_New.png epayment.nets.eu/terminal/Images/Mobile/	12 KB 12 KB	690ms 343ms	Image image/png	137.117.170.23 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://epayment.nets.eu/terminal/Images/Mobile/netsTechnlogy_New.png Requested by Host: mapansales.mapangroup.com URL: http://mapansales.mapangroup.com/public/loginPage/fonts/iconic/fonts/hodknkgrw/otp.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 137.117.170.23 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 3fab35f5fdcc997537fea0236e0acc6dc55d066b6da582dbbd587b817d93733f Security Headers Name Value Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://csfe.bankid.no https://csfe-preprod.bankid.no https://localhost:44399 Strict-Transport-Security max-age=7776000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language zh-SG,zh;q=0.9 Referer http://mapansales.mapangroup.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Thu, 08 Jun 2023 03:30:18 GMT content-security-policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://csfe.bankid.no https://csfe-preprod.bankid.no https://localhost:44399 referrer-policy origin-when-cross-origin strict-transport-security max-age=7776000 last-modified Tue, 06 Jun 2023 08:17:36 GMT x-content-type-options nosniff etag "010c4594f98d91:0" content-type image/png accept-ranges bytes x-robots-tag noindex content-length 11965 x-xss-protection 1; mode=block
GET H/1.1	200 OK	pinstripes.png mapansales.mapangroup.com/public/loginPage/fonts/iconic/fonts/hodknkgrw/css/Images/	117 B 625 B	36ms 36ms	Image image/png	217.21.72.220 AS-HOSTINGER
General Check archive.org Show headers Download Go to Show image Full URL http://mapansales.mapangroup.com/public/loginPage/fonts/iconic/fonts/hodknkgrw/css/Images/pinstripes.png Requested by Host: mapansales.mapangroup.com URL: http://mapansales.mapangroup.com/public/loginPage/fonts/iconic/fonts/hodknkgrw/css/StyleIPhoneExistingTerminal.css Protocol HTTP/1.1 Server 217.21.72.220 , Singapore, ASN47583 (AS-HOSTINGER, CY), Reverse DNS srv152.niagahoster.com Software LiteSpeed / Niagahoster Resource Hash f7b1d9b7874c2d61cde2043a51acb7ac1a179471fd84152eafe7daa425d2e94f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language zh-SG,zh;q=0.9 Referer http://mapansales.mapangroup.com/public/loginPage/fonts/iconic/fonts/hodknkgrw/css/StyleIPhoneExistingTerminal.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Thu, 08 Jun 2023 03:30:17 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff last-modified Thu, 26 Jan 2023 14:16:03 GMT server LiteSpeed x-powered-by Niagahoster vary User-Agent content-type image/png cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 117 x-xss-protection 1; mode=block expires Thu, 15 Jun 2023 03:30:17 GMT
GET H/1.1	200 OK	toolbar.png mapansales.mapangroup.com/public/loginPage/fonts/iconic/fonts/hodknkgrw/css/Images/	168 B 676 B	42ms 38ms	Image image/png	217.21.72.220 AS-HOSTINGER
General Check archive.org Show headers Download Go to Show image Full URL http://mapansales.mapangroup.com/public/loginPage/fonts/iconic/fonts/hodknkgrw/css/Images/toolbar.png Requested by Host: mapansales.mapangroup.com URL: http://mapansales.mapangroup.com/public/loginPage/fonts/iconic/fonts/hodknkgrw/css/StyleIPhoneExistingTerminal.css Protocol HTTP/1.1 Server 217.21.72.220 , Singapore, ASN47583 (AS-HOSTINGER, CY), Reverse DNS srv152.niagahoster.com Software LiteSpeed / Niagahoster Resource Hash 4d5af69cae0f1a439e42e670013d3d0c59a0c1da7a1a5f46ee306f1c21dc5585 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language zh-SG,zh;q=0.9 Referer http://mapansales.mapangroup.com/public/loginPage/fonts/iconic/fonts/hodknkgrw/css/StyleIPhoneExistingTerminal.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Thu, 08 Jun 2023 03:30:17 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff last-modified Thu, 26 Jan 2023 14:17:40 GMT server LiteSpeed x-powered-by Niagahoster vary User-Agent content-type image/png cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 168 x-xss-protection 1; mode=block expires Thu, 15 Jun 2023 03:30:17 GMT
GET H/1.1	200 OK	backButton.png mapansales.mapangroup.com/public/loginPage/fonts/iconic/fonts/hodknkgrw/css/Images/	783 B 1 KB	45ms 42ms	Image image/png	217.21.72.220 AS-HOSTINGER
General Check archive.org Show headers Download Go to Show image Full URL http://mapansales.mapangroup.com/public/loginPage/fonts/iconic/fonts/hodknkgrw/css/Images/backButton.png Requested by Host: mapansales.mapangroup.com URL: http://mapansales.mapangroup.com/public/loginPage/fonts/iconic/fonts/hodknkgrw/css/StyleIPhoneExistingTerminal.css Protocol HTTP/1.1 Server 217.21.72.220 , Singapore, ASN47583 (AS-HOSTINGER, CY), Reverse DNS srv152.niagahoster.com Software LiteSpeed / Niagahoster Resource Hash 11a3cd8750243a969866727e190836c34d28eb5caadfaa695301017a0cea9336 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language zh-SG,zh;q=0.9 Referer http://mapansales.mapangroup.com/public/loginPage/fonts/iconic/fonts/hodknkgrw/css/StyleIPhoneExistingTerminal.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Thu, 08 Jun 2023 03:30:17 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff last-modified Thu, 26 Jan 2023 14:17:54 GMT server LiteSpeed x-powered-by Niagahoster vary User-Agent content-type image/png cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 783 x-xss-protection 1; mode=block expires Thu, 15 Jun 2023 03:30:17 GMT
GET H/1.1	200 OK	greenButton.png mapansales.mapangroup.com/public/loginPage/fonts/iconic/fonts/hodknkgrw/css/Images/	2 KB 2 KB	13ms 9ms	Image image/png	217.21.72.220 AS-HOSTINGER
General Check archive.org Show headers Download Go to Show image Full URL http://mapansales.mapangroup.com/public/loginPage/fonts/iconic/fonts/hodknkgrw/css/Images/greenButton.png Requested by Host: mapansales.mapangroup.com URL: http://mapansales.mapangroup.com/public/loginPage/fonts/iconic/fonts/hodknkgrw/css/StyleIPhoneExistingTerminal.css Protocol HTTP/1.1 Server 217.21.72.220 , Singapore, ASN47583 (AS-HOSTINGER, CY), Reverse DNS srv152.niagahoster.com Software LiteSpeed / Niagahoster Resource Hash e4c4c3ce81202eeeb53d98d87a9d9bceaacf54216404a8835009fde7718005fc Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language zh-SG,zh;q=0.9 Referer http://mapansales.mapangroup.com/public/loginPage/fonts/iconic/fonts/hodknkgrw/css/StyleIPhoneExistingTerminal.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Thu, 08 Jun 2023 03:30:17 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff last-modified Thu, 26 Jan 2023 14:18:40 GMT server LiteSpeed x-powered-by Niagahoster vary User-Agent content-type image/png cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 1935 x-xss-protection 1; mode=block expires Thu, 15 Jun 2023 03:30:17 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nexi (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			mapansales.mapangroup.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: hboj3vbhgvfk113q20kqvaqbbl

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: http://mapansales.mapangroup.com/public/loginPage/fonts/iconic/fonts/hodknkgrw/otp.php(Line 3) Message: Error parsing a meta element's content: ';' is not a valid key-value pair separator. Please use ',' instead.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

epayment.nets.eu
mapansales.mapangroup.com
137.117.170.23
217.21.72.220
11a3cd8750243a969866727e190836c34d28eb5caadfaa695301017a0cea9336
1b6c35a9f06ad24d8db420d664d6ba26ad3b95f626091c7e504baa45839ef3de
3fab35f5fdcc997537fea0236e0acc6dc55d066b6da582dbbd587b817d93733f
4d5af69cae0f1a439e42e670013d3d0c59a0c1da7a1a5f46ee306f1c21dc5585
d40b35a6478f826b5f6d722f315783251ae01ef0586fcbe2d2a6098139d16837
e4c4c3ce81202eeeb53d98d87a9d9bceaacf54216404a8835009fde7718005fc
f7b1d9b7874c2d61cde2043a51acb7ac1a179471fd84152eafe7daa425d2e94f