web.mail-mann.name.ng
Open in
urlscan Pro
92.38.163.136
Malicious Activity!
Public Scan
Submission: On October 13 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by R3 on October 13th 2021. Valid for: 3 months.
This is the only time web.mail-mann.name.ng was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Säästöpankki (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 92.38.163.136 92.38.163.136 | 199524 (GCORE) (GCORE) | |
4 | 185.251.48.79 185.251.48.79 | 28883 (SAMLINK-AS) (SAMLINK-AS) | |
4 7 | 37.157.6.245 37.157.6.245 | 198622 (ADFORM) (ADFORM) | |
1 | 37.157.6.235 37.157.6.235 | 198622 (ADFORM) (ADFORM) | |
3 | 2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3 | 32934 (FACEBOOK) (FACEBOOK) | |
3 | 2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de | 32934 (FACEBOOK) (FACEBOOK) | |
19 | 6 |
ASN199524 (GCORE, LU)
PTR: kingclaudia87.example.com
web.mail-mann.name.ng |
ASN32934 (FACEBOOK, US)
connect.facebook.net |
ASN32934 (FACEBOOK, US)
www.facebook.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
adform.net
4 redirects
track.adform.net s2.adform.net |
32 KB |
5 |
mail-mann.name.ng
web.mail-mann.name.ng |
48 KB |
4 |
saastopankki.fi
www4.saastopankki.fi |
525 KB |
3 |
facebook.com
www.facebook.com |
561 B |
3 |
facebook.net
connect.facebook.net |
237 KB |
19 | 5 |
Domain | Requested by | |
---|---|---|
7 | track.adform.net |
4 redirects
web.mail-mann.name.ng
|
5 | web.mail-mann.name.ng |
web.mail-mann.name.ng
|
4 | www4.saastopankki.fi |
web.mail-mann.name.ng
|
3 | www.facebook.com |
web.mail-mann.name.ng
|
3 | connect.facebook.net |
web.mail-mann.name.ng
connect.facebook.net |
1 | s2.adform.net |
web.mail-mann.name.ng
|
19 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
web.mail-mann.name.ng R3 |
2021-10-13 - 2022-01-11 |
3 months | crt.sh |
www4.saastopankki.fi DigiCert SHA2 Extended Validation Server CA |
2021-04-30 - 2022-05-20 |
a year | crt.sh |
track.adform.net DigiCert TLS RSA SHA256 2020 CA1 |
2021-09-06 - 2022-10-07 |
a year | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2021-07-23 - 2021-10-21 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://web.mail-mann.name.ng/secure/
Frame ID: FBBCE7093863C8142DDC3E33A5593CAB
Requests: 19 HTTP requests in this frame
Screenshot
Page Title
SäästöpankkiDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <style>\s+/\*!\s+\* Bootstrap v(\d\.\d\.\d)
Facebook (Widgets) Expand
Detected patterns
- //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 6- https://track.adform.net/serving/scripts/trackpoint/async/ HTTP 301
- https://s2.adform.net/banners/scripts/st/trackpoint-async.js
- https://track.adform.net/Serving/TrackPoint/?pm=31078&ADFdivider=%7C&ord=283636533906&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F HTTP 302
- https://track.adform.net/Serving/TrackPoint/?CC=1&pm=31078&ADFdivider=%7C&ord=283636533906&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F
- https://track.adform.net/Serving/TrackPoint/?pm=572705&ADFdivider=%7C&ord=2312810754&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F HTTP 302
- https://track.adform.net/Serving/TrackPoint/?CC=1&pm=572705&ADFdivider=%7C&ord=2312810754&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F
- https://track.adform.net/Serving/TrackPoint/?pm=31078&ADFPageName=Saastopankki.fi%7CVerkkopankki-kirjautumissivu&ADFdivider=%7C&ord=502265785179&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F HTTP 302
- https://track.adform.net/Serving/TrackPoint/?CC=1&pm=31078&ADFPageName=Saastopankki.fi%7CVerkkopankki-kirjautumissivu&ADFdivider=%7C&ord=502265785179&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
web.mail-mann.name.ng/secure/ |
285 KB 48 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
image
www4.saastopankki.fi/pankki/cms/ |
14 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
image
www4.saastopankki.fi/pankki/cms/ |
113 KB 115 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
image
www4.saastopankki.fi/pankki/cms/ |
181 KB 183 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sp_sininen_tausta.png
www4.saastopankki.fi/pankki/assets/sp/img/ |
211 KB 212 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DINWeb.woff
web.mail-mann.name.ng/netbank/font/dino/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DINWeb-Bold.woff
web.mail-mann.name.ng/netbank/font/dino/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
trackpoint-async.js
s2.adform.net/banners/scripts/st/ Redirect Chain
|
79 KB 28 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fbevents.js
connect.facebook.net/en_US/ |
98 KB 26 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DINWeb.ttf
web.mail-mann.name.ng/netbank/font/dino/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DINWeb-Bold.ttf
web.mail-mann.name.ng/netbank/font/dino/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1764267177124905
connect.facebook.net/signals/config/ |
489 KB 143 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
137264003492099
connect.facebook.net/signals/config/ |
223 KB 67 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.facebook.com/tr/ |
44 B 313 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
track.adform.net/Serving/TrackPoint/ Redirect Chain
|
130 B 608 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
track.adform.net/Serving/TrackPoint/ Redirect Chain
|
130 B 607 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
track.adform.net/Serving/TrackPoint/ Redirect Chain
|
144 B 617 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.facebook.com/tr/ |
44 B 101 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.facebook.com/tr/ |
44 B 147 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Säästöpankki (Banking)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster object| _adftrack function| fbq function| _fbq object| regeneratorRuntime object| JSON3 object| Adform object| KJUR object| adf5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www4.saastopankki.fi/pankki | Name: lbsession Value: !iiu8xlqkY+jEY1OZIKMTSSLmWrpfjicy9Ylkyu8U8njaTRm5wiaN+CSQDryK3aAMdoQESb4sn3NtH8k= |
|
.mail-mann.name.ng/ | Name: _fbp Value: fb.2.1634131677354.94805420 |
|
.www4.saastopankki.fi/ | Name: smlsession Value: e7a795d44247e2c1f4c82165b1cb7a80 |
|
.adform.net/ | Name: C Value: 1 |
|
.adform.net/ | Name: uid Value: 2713578332385415241 |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
connect.facebook.net
s2.adform.net
track.adform.net
web.mail-mann.name.ng
www.facebook.com
www4.saastopankki.fi
185.251.48.79
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
37.157.6.235
37.157.6.245
92.38.163.136
04d2ade1d7b3db8eb904ecb81d2e83727479f68054e7f36e5be7f0fa2951630d
0b6ee815005e308fb4ed57e68792ac193f50b8228669a96e74fd143ceb09660e
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
2bc2179dbcac09de834853fc91b815d3bea8112276b7b789f610078d399bcb47
37122eb04de0282dc047d1bd62fa33a383a21f44cf45b31c4ed12575f60a539a
41028e419af79b3b6846eb637e4ec2d087a97d83f649ac0c5382e333a9ce1351
835d6f8e28b3fd57475b57892c66dccd24ae8827d35cc822cff16b7252d340b1
84e3fb667af0953e19e5cd538786e7c6fb238717bcec384c9c30601a401a7e80
98394ec3d0db54025138e12818356ca3a119cc0c9582f5a50b775f695ba89634
9a7fc7f23386198b46103b632cd43e7b80866e4e1572517b720372354cf43757
abfd8de945b3ccfcb7459ee221441693326558025c8b04ae7f5f42a37d9de0e1
d445c2b4ce9f1bd211025bd0e1532efb0596f69e4100cd9098a3f2bcc8eeedec
f6e113d392b7188245e48cc96d836f8b2b7780ef01626687c783586288b99c38