web.mail-mann.name.ng Open in urlscan Pro
92.38.163.136  Malicious Activity! Public Scan

URL: https://web.mail-mann.name.ng/secure/
Submission: On October 13 via automatic, source openphish — Scanned from DE

Summary

This website contacted 6 IPs in 4 countries across 5 domains to perform 19 HTTP transactions. The main IP is 92.38.163.136, located in Luxembourg, Luxembourg and belongs to GCORE, LU. The main domain is web.mail-mann.name.ng.
TLS certificate: Issued by R3 on October 13th 2021. Valid for: 3 months.
This is the only time web.mail-mann.name.ng was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Säästöpankki (Banking)

Domain & IP information

IP Address AS Autonomous System
5 92.38.163.136 199524 (GCORE)
4 185.251.48.79 28883 (SAMLINK-AS)
4 7 37.157.6.245 198622 (ADFORM)
1 37.157.6.235 198622 (ADFORM)
3 2a03:2880:f01... 32934 (FACEBOOK)
3 2a03:2880:f11... 32934 (FACEBOOK)
19 6
Domain Requested by
7 track.adform.net 4 redirects web.mail-mann.name.ng
5 web.mail-mann.name.ng web.mail-mann.name.ng
4 www4.saastopankki.fi web.mail-mann.name.ng
3 www.facebook.com web.mail-mann.name.ng
3 connect.facebook.net web.mail-mann.name.ng
connect.facebook.net
1 s2.adform.net web.mail-mann.name.ng
19 6

This site contains no links.

Subject Issuer Validity Valid
web.mail-mann.name.ng
R3
2021-10-13 -
2022-01-11
3 months crt.sh
www4.saastopankki.fi
DigiCert SHA2 Extended Validation Server CA
2021-04-30 -
2022-05-20
a year crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1
2021-09-06 -
2022-10-07
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2021-07-23 -
2021-10-21
3 months crt.sh

This page contains 1 frames:

Primary Page: https://web.mail-mann.name.ng/secure/
Frame ID: FBBCE7093863C8142DDC3E33A5593CAB
Requests: 19 HTTP requests in this frame

Screenshot

Page Title

Säästöpankki

Detected technologies

Overall confidence: 100%
Detected patterns
  • <style>\s+/\*!\s+\* Bootstrap v(\d\.\d\.\d)

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Page Statistics

19
Requests

100 %
HTTPS

33 %
IPv6

5
Domains

6
Subdomains

6
IPs

4
Countries

841 kB
Transfer

1695 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://track.adform.net/serving/scripts/trackpoint/async/ HTTP 301
  • https://s2.adform.net/banners/scripts/st/trackpoint-async.js
Request Chain 13
  • https://track.adform.net/Serving/TrackPoint/?pm=31078&ADFdivider=%7C&ord=283636533906&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F HTTP 302
  • https://track.adform.net/Serving/TrackPoint/?CC=1&pm=31078&ADFdivider=%7C&ord=283636533906&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F
Request Chain 14
  • https://track.adform.net/Serving/TrackPoint/?pm=572705&ADFdivider=%7C&ord=2312810754&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F HTTP 302
  • https://track.adform.net/Serving/TrackPoint/?CC=1&pm=572705&ADFdivider=%7C&ord=2312810754&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F
Request Chain 15
  • https://track.adform.net/Serving/TrackPoint/?pm=31078&ADFPageName=Saastopankki.fi%7CVerkkopankki-kirjautumissivu&ADFdivider=%7C&ord=502265785179&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F HTTP 302
  • https://track.adform.net/Serving/TrackPoint/?CC=1&pm=31078&ADFPageName=Saastopankki.fi%7CVerkkopankki-kirjautumissivu&ADFdivider=%7C&ord=502265785179&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F

19 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
web.mail-mann.name.ng/secure/
285 KB
48 KB
Document
General
Full URL
https://web.mail-mann.name.ng/secure/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
92.38.163.136 Luxembourg, Luxembourg, ASN199524 (GCORE, LU),
Reverse DNS
kingclaudia87.example.com
Software
Apache /
Resource Hash
98394ec3d0db54025138e12818356ca3a119cc0c9582f5a50b775f695ba89634

Request headers

Host
web.mail-mann.name.ng
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Wed, 13 Oct 2021 13:27:57 GMT
Server
Apache
Vary
Accept-Encoding
Content-Encoding
gzip
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
image
www4.saastopankki.fi/pankki/cms/
14 KB
15 KB
Image
General
Full URL
https://www4.saastopankki.fi/pankki/cms/image?uuid=444c17be-356f-4f7b-a201-a88a9d10c4e0&groupId=10475&t=1528786107912
Requested by
Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.251.48.79 , Finland, ASN28883 (SAMLINK-AS, FI),
Reverse DNS
Software
/
Resource Hash
84e3fb667af0953e19e5cd538786e7c6fb238717bcec384c9c30601a401a7e80
Security Headers
Name Value
Content-Security-Policy frame-src https://www4.saastopankki.fi;default-src 'none';connect-src https://ccaas.service.tieto.com 'self';font-src data: https://fonts.gstatic.com https://fonts.googleapis.com 'self';img-src https://www4.saastopankki.fi https://www.google-analytics.com 'self' data:;style-src https://fonts.googleapis.com 'self' 'unsafe-inline';script-src https://www4.saastopankki.fi https://www.googletagmanager.com https://www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://web.mail-mann.name.ng/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Security-Policy
frame-src https://www4.saastopankki.fi;default-src 'none';connect-src https://ccaas.service.tieto.com 'self';font-src data: https://fonts.gstatic.com https://fonts.googleapis.com 'self';img-src https://www4.saastopankki.fi https://www.google-analytics.com 'self' data:;style-src https://fonts.googleapis.com 'self' 'unsafe-inline';script-src https://www4.saastopankki.fi https://www.googletagmanager.com https://www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
X-Content-Type-Options
nosniff
Date
Wed, 13 Oct 2021 13:27:57 GMT
X-Frame-Options
DENY
Connection
Keep-Alive
Content-Type
image/png
Cache-Control
max-age=7200, public
Strict-Transport-Security
max-age=31536000;
Keep-Alive
timeout=15, max=94
Content-Length
14024
X-XSS-Protection
1; mode=block
image
www4.saastopankki.fi/pankki/cms/
113 KB
115 KB
Image
General
Full URL
https://www4.saastopankki.fi/pankki/cms/image?t=1592815706119&imagePreview=1&uuid=d8381764-5d9b-9bce-1809-52c7e477b18e&groupId=10475
Requested by
Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.251.48.79 , Finland, ASN28883 (SAMLINK-AS, FI),
Reverse DNS
Software
/
Resource Hash
04d2ade1d7b3db8eb904ecb81d2e83727479f68054e7f36e5be7f0fa2951630d
Security Headers
Name Value
Content-Security-Policy frame-src https://www4.saastopankki.fi;default-src 'none';connect-src https://ccaas.service.tieto.com 'self';font-src data: https://fonts.gstatic.com https://fonts.googleapis.com 'self';img-src https://www4.saastopankki.fi https://www.google-analytics.com 'self' data:;style-src https://fonts.googleapis.com 'self' 'unsafe-inline';script-src https://www4.saastopankki.fi https://www.googletagmanager.com https://www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://web.mail-mann.name.ng/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 13 Oct 2021 13:27:57 GMT
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
Connection
Keep-Alive
Content-Type
image/jpeg
Cache-Control
max-age=7200, public
Transfer-Encoding
chunked
Content-Security-Policy
frame-src https://www4.saastopankki.fi;default-src 'none';connect-src https://ccaas.service.tieto.com 'self';font-src data: https://fonts.gstatic.com https://fonts.googleapis.com 'self';img-src https://www4.saastopankki.fi https://www.google-analytics.com 'self' data:;style-src https://fonts.googleapis.com 'self' 'unsafe-inline';script-src https://www4.saastopankki.fi https://www.googletagmanager.com https://www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security
max-age=31536000;
Keep-Alive
timeout=15, max=56
X-XSS-Protection
1; mode=block
image
www4.saastopankki.fi/pankki/cms/
181 KB
183 KB
Image
General
Full URL
https://www4.saastopankki.fi/pankki/cms/image?t=1559307304000&imagePreview=1&uuid=de8747ff-700e-4b82-b55d-ef3c80860665&groupId=10475
Requested by
Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.251.48.79 , Finland, ASN28883 (SAMLINK-AS, FI),
Reverse DNS
Software
/
Resource Hash
37122eb04de0282dc047d1bd62fa33a383a21f44cf45b31c4ed12575f60a539a
Security Headers
Name Value
Content-Security-Policy frame-src https://www4.saastopankki.fi;default-src 'none';connect-src https://ccaas.service.tieto.com 'self';font-src data: https://fonts.gstatic.com https://fonts.googleapis.com 'self';img-src https://www4.saastopankki.fi https://www.google-analytics.com 'self' data:;style-src https://fonts.googleapis.com 'self' 'unsafe-inline';script-src https://www4.saastopankki.fi https://www.googletagmanager.com https://www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://web.mail-mann.name.ng/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 13 Oct 2021 13:27:57 GMT
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
Connection
Keep-Alive
Content-Type
image/jpeg
Cache-Control
max-age=7200, public
Transfer-Encoding
chunked
Content-Security-Policy
frame-src https://www4.saastopankki.fi;default-src 'none';connect-src https://ccaas.service.tieto.com 'self';font-src data: https://fonts.gstatic.com https://fonts.googleapis.com 'self';img-src https://www4.saastopankki.fi https://www.google-analytics.com 'self' data:;style-src https://fonts.googleapis.com 'self' 'unsafe-inline';script-src https://www4.saastopankki.fi https://www.googletagmanager.com https://www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security
max-age=31536000;
Keep-Alive
timeout=15, max=92
X-XSS-Protection
1; mode=block
sp_sininen_tausta.png
www4.saastopankki.fi/pankki/assets/sp/img/
211 KB
212 KB
Image
General
Full URL
https://www4.saastopankki.fi/pankki/assets/sp/img/sp_sininen_tausta.png
Requested by
Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.251.48.79 , Finland, ASN28883 (SAMLINK-AS, FI),
Reverse DNS
Software
/
Resource Hash
abfd8de945b3ccfcb7459ee221441693326558025c8b04ae7f5f42a37d9de0e1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://web.mail-mann.name.ng/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 13 Oct 2021 13:27:57 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 13 Aug 2021 14:29:06 GMT
X-Frame-Options
DENY
Connection
Keep-Alive
Content-Type
image/png
Cache-Control
max-age=63072000, public
Strict-Transport-Security
max-age=31536000;
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=39
Content-Length
215950
X-XSS-Protection
1; mode=block
DINWeb.woff
web.mail-mann.name.ng/netbank/font/dino/
0
0
Font
General
Full URL
https://web.mail-mann.name.ng/netbank/font/dino/DINWeb.woff
Requested by
Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
92.38.163.136 Luxembourg, Luxembourg, ASN199524 (GCORE, LU),
Reverse DNS
kingclaudia87.example.com
Software
Apache /
Resource Hash

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://web.mail-mann.name.ng
Accept-Encoding
gzip, deflate, br
Host
web.mail-mann.name.ng
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
font
Referer
https://web.mail-mann.name.ng/secure/
Connection
keep-alive
Referer
https://web.mail-mann.name.ng/secure/
Origin
https://web.mail-mann.name.ng
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 13 Oct 2021 13:27:57 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
196
Content-Type
text/html; charset=iso-8859-1
DINWeb-Bold.woff
web.mail-mann.name.ng/netbank/font/dino/
0
0
Font
General
Full URL
https://web.mail-mann.name.ng/netbank/font/dino/DINWeb-Bold.woff
Requested by
Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
92.38.163.136 Luxembourg, Luxembourg, ASN199524 (GCORE, LU),
Reverse DNS
kingclaudia87.example.com
Software
Apache /
Resource Hash

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://web.mail-mann.name.ng
Accept-Encoding
gzip, deflate, br
Host
web.mail-mann.name.ng
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
font
Referer
https://web.mail-mann.name.ng/secure/
Connection
keep-alive
Referer
https://web.mail-mann.name.ng/secure/
Origin
https://web.mail-mann.name.ng
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 13 Oct 2021 13:27:57 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=98
Content-Length
196
Content-Type
text/html; charset=iso-8859-1
trackpoint-async.js
s2.adform.net/banners/scripts/st/
Redirect Chain
  • https://track.adform.net/serving/scripts/trackpoint/async/
  • https://s2.adform.net/banners/scripts/st/trackpoint-async.js
79 KB
28 KB
Script
General
Full URL
https://s2.adform.net/banners/scripts/st/trackpoint-async.js
Requested by
Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
0b6ee815005e308fb4ed57e68792ac193f50b8228669a96e74fd143ceb09660e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://web.mail-mann.name.ng/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 13 Oct 2021 13:27:57 GMT
content-encoding
gzip
last-modified
Wed, 08 Sep 2021 09:57:01 GMT
server
nginx
etag
W/"613888ed-13bd1"
x-cache-status
HIT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript

Redirect headers

location
https://s2.adform.net/banners/scripts/st/trackpoint-async.js
date
Wed, 13 Oct 2021 13:27:57 GMT
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/html
fbevents.js
connect.facebook.net/en_US/
98 KB
26 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
2bc2179dbcac09de834853fc91b815d3bea8112276b7b789f610078d399bcb47
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://web.mail-mann.name.ng/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
25967
x-xss-protection
0
pragma
public
x-fb-debug
RiRtB38F5i4z1GGTheKByUhdxv1vrnvR8HcRND1DK7M0lt5vKROhUul4GtwSdd4uWXg/J4/42Hn+TwjifpthFQ==
x-fb-trip-id
686109401
x-frame-options
DENY
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Wed, 13 Oct 2021 13:27:57 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
DINWeb.ttf
web.mail-mann.name.ng/netbank/font/dino/
0
0
Font
General
Full URL
https://web.mail-mann.name.ng/netbank/font/dino/DINWeb.ttf
Requested by
Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
92.38.163.136 Luxembourg, Luxembourg, ASN199524 (GCORE, LU),
Reverse DNS
kingclaudia87.example.com
Software
Apache /
Resource Hash

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://web.mail-mann.name.ng
Accept-Encoding
gzip, deflate, br
Host
web.mail-mann.name.ng
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
font
Referer
https://web.mail-mann.name.ng/secure/
Connection
keep-alive
Referer
https://web.mail-mann.name.ng/secure/
Origin
https://web.mail-mann.name.ng
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 13 Oct 2021 13:27:57 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=97
Content-Length
196
Content-Type
text/html; charset=iso-8859-1
DINWeb-Bold.ttf
web.mail-mann.name.ng/netbank/font/dino/
0
0
Font
General
Full URL
https://web.mail-mann.name.ng/netbank/font/dino/DINWeb-Bold.ttf
Requested by
Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
92.38.163.136 Luxembourg, Luxembourg, ASN199524 (GCORE, LU),
Reverse DNS
kingclaudia87.example.com
Software
Apache /
Resource Hash

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://web.mail-mann.name.ng
Accept-Encoding
gzip, deflate, br
Host
web.mail-mann.name.ng
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
font
Referer
https://web.mail-mann.name.ng/secure/
Connection
keep-alive
Referer
https://web.mail-mann.name.ng/secure/
Origin
https://web.mail-mann.name.ng
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 13 Oct 2021 13:27:57 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
196
Content-Type
text/html; charset=iso-8859-1
1764267177124905
connect.facebook.net/signals/config/
489 KB
143 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1764267177124905?v=2.9.47&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
d445c2b4ce9f1bd211025bd0e1532efb0596f69e4100cd9098a3f2bcc8eeedec
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://web.mail-mann.name.ng/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
2t+y1vIRkByi1DTMiF0ksrsERERMg6XfQr7MoNfmQ4Gu2SVAL2/Kq3qcSXkfVpHdK49KUpZ76tc/VYzUcCqlPg==
x-fb-trip-id
686109401
x-frame-options
DENY
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Wed, 13 Oct 2021 13:27:57 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
137264003492099
connect.facebook.net/signals/config/
223 KB
67 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/137264003492099?v=2.9.47&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
835d6f8e28b3fd57475b57892c66dccd24ae8827d35cc822cff16b7252d340b1
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://web.mail-mann.name.ng/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
cUlJaqENXtsd6J2JGUM+4KCj2sQi3trNJTRFMqDBhpQFOSewZvT9vWiLDlKhONeAJRSwEvojTsSPOpJCufeOqw==
x-fb-trip-id
686109401
x-frame-options
DENY
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Wed, 13 Oct 2021 13:27:57 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
44 B
313 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1764267177124905&ev=PageView&dl=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F&rl=&if=false&ts=1634131677355&sw=1600&sh=1200&v=2.9.47&r=stable&ec=0&o=30&fbp=fb.2.1634131677354.94805420&it=1634131677219&coo=false&exp=p0&rqm=GET
Requested by
Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://web.mail-mann.name.ng/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 13 Oct 2021 13:27:57 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Wed, 13 Oct 2021 13:27:57 GMT
/
track.adform.net/Serving/TrackPoint/
Redirect Chain
  • https://track.adform.net/Serving/TrackPoint/?pm=31078&ADFdivider=%7C&ord=283636533906&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F
  • https://track.adform.net/Serving/TrackPoint/?CC=1&pm=31078&ADFdivider=%7C&ord=283636533906&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F
130 B
608 B
Script
General
Full URL
https://track.adform.net/Serving/TrackPoint/?CC=1&pm=31078&ADFdivider=%7C&ord=283636533906&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F
Requested by
Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.245 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
f6e113d392b7188245e48cc96d836f8b2b7780ef01626687c783586288b99c38
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://web.mail-mann.name.ng/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 13 Oct 2021 13:27:57 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
201
expires
-1

Redirect headers

pragma
no-cache
date
Wed, 13 Oct 2021 13:27:57 GMT
server
nginx
location
https://track.adform.net/Serving/TrackPoint/?CC=1&pm=31078&ADFdivider=%7C&ord=283636533906&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F
strict-transport-security
max-age=31536000; includeSubDomains
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
content-type
text/html; charset=utf-8
expires
-1
/
track.adform.net/Serving/TrackPoint/
Redirect Chain
  • https://track.adform.net/Serving/TrackPoint/?pm=572705&ADFdivider=%7C&ord=2312810754&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F
  • https://track.adform.net/Serving/TrackPoint/?CC=1&pm=572705&ADFdivider=%7C&ord=2312810754&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F
130 B
607 B
Script
General
Full URL
https://track.adform.net/Serving/TrackPoint/?CC=1&pm=572705&ADFdivider=%7C&ord=2312810754&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F
Requested by
Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.245 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
9a7fc7f23386198b46103b632cd43e7b80866e4e1572517b720372354cf43757
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://web.mail-mann.name.ng/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 13 Oct 2021 13:27:57 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
201
expires
-1

Redirect headers

pragma
no-cache
date
Wed, 13 Oct 2021 13:27:57 GMT
server
nginx
location
https://track.adform.net/Serving/TrackPoint/?CC=1&pm=572705&ADFdivider=%7C&ord=2312810754&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F
strict-transport-security
max-age=31536000; includeSubDomains
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
content-type
text/html; charset=utf-8
expires
-1
/
track.adform.net/Serving/TrackPoint/
Redirect Chain
  • https://track.adform.net/Serving/TrackPoint/?pm=31078&ADFPageName=Saastopankki.fi%7CVerkkopankki-kirjautumissivu&ADFdivider=%7C&ord=502265785179&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=...
  • https://track.adform.net/Serving/TrackPoint/?CC=1&pm=31078&ADFPageName=Saastopankki.fi%7CVerkkopankki-kirjautumissivu&ADFdivider=%7C&ord=502265785179&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2...
144 B
617 B
Script
General
Full URL
https://track.adform.net/Serving/TrackPoint/?CC=1&pm=31078&ADFPageName=Saastopankki.fi%7CVerkkopankki-kirjautumissivu&ADFdivider=%7C&ord=502265785179&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F
Requested by
Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.245 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
41028e419af79b3b6846eb637e4ec2d087a97d83f649ac0c5382e333a9ce1351
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://web.mail-mann.name.ng/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 13 Oct 2021 13:27:57 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
211
expires
-1

Redirect headers

pragma
no-cache
date
Wed, 13 Oct 2021 13:27:57 GMT
server
nginx
location
https://track.adform.net/Serving/TrackPoint/?CC=1&pm=31078&ADFPageName=Saastopankki.fi%7CVerkkopankki-kirjautumissivu&ADFdivider=%7C&ord=502265785179&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F
strict-transport-security
max-age=31536000; includeSubDomains
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
content-type
text/html; charset=utf-8
expires
-1
/
www.facebook.com/tr/
44 B
101 B
Image
General
Full URL
https://www.facebook.com/tr/?id=137264003492099&ev=PageView&dl=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F&rl=&if=false&ts=1634131677446&sw=1600&sh=1200&v=2.9.47&r=stable&ec=0&o=28&fbp=fb.2.1634131677354.94805420&it=1634131677219&coo=false&exp=p0&rqm=GET
Requested by
Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://web.mail-mann.name.ng/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 13 Oct 2021 13:27:57 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Wed, 13 Oct 2021 13:27:57 GMT
/
www.facebook.com/tr/
44 B
147 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1764267177124905&ev=Microdata&dl=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F&rl=&if=false&ts=1634131678858&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%20S%C3%A4%C3%A4st%C3%B6pankki%20%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.47&r=stable&ec=1&o=30&fbp=fb.2.1634131677354.94805420&it=1634131677219&coo=false&es=automatic&tm=3&exp=p0&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://web.mail-mann.name.ng/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 13 Oct 2021 13:27:58 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Wed, 13 Oct 2021 13:27:58 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Säästöpankki (Banking)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster object| _adftrack function| fbq function| _fbq object| regeneratorRuntime object| JSON3 object| Adform object| KJUR object| adf

5 Cookies

Domain/Path Name / Value
www4.saastopankki.fi/pankki Name: lbsession
Value: !iiu8xlqkY+jEY1OZIKMTSSLmWrpfjicy9Ylkyu8U8njaTRm5wiaN+CSQDryK3aAMdoQESb4sn3NtH8k=
.mail-mann.name.ng/ Name: _fbp
Value: fb.2.1634131677354.94805420
.www4.saastopankki.fi/ Name: smlsession
Value: e7a795d44247e2c1f4c82165b1cb7a80
.adform.net/ Name: C
Value: 1
.adform.net/ Name: uid
Value: 2713578332385415241

4 Console Messages

Source Level URL
Text
network error URL: https://web.mail-mann.name.ng/netbank/font/dino/DINWeb.woff
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://web.mail-mann.name.ng/netbank/font/dino/DINWeb-Bold.woff
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://web.mail-mann.name.ng/netbank/font/dino/DINWeb.ttf
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://web.mail-mann.name.ng/netbank/font/dino/DINWeb-Bold.ttf
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)