web.mail-mann.name.ng Open in urlscan Pro
92.38.163.136 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://web.mail-mann.name.ng/secure/
Submission: On October 13 via automatic, source openphish (October 13th 2021, 1:28:02 pm UTC) — Scanned from DE

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 4 countries across 5 domains to perform 19 HTTP transactions. The main IP is 92.38.163.136, located in Luxembourg, Luxembourg and belongs to GCORE, LU. The main domain is web.mail-mann.name.ng.
TLS certificate: Issued by R3 on October 13th 2021. Valid for: 3 months.

This is the only time web.mail-mann.name.ng was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Säästöpankki (Banking)

Domain & IP information

	IP Address	AS Autonomous System
5	92.38.163.136 92.38.163.136	199524 (GCORE) (GCORE)
4	185.251.48.79 185.251.48.79	28883 (SAMLINK-AS) (SAMLINK-AS)
4 7	37.157.6.245 37.157.6.245	198622 (ADFORM) (ADFORM)
1	37.157.6.235 37.157.6.235	198622 (ADFORM) (ADFORM)
3	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
3	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
19	6

5 92.38.163.136 (Luxembourg, Luxembourg)

ASN199524 (GCORE, LU)
PTR: kingclaudia87.example.com

web.mail-mann.name.ng	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.251.48.79 (Finland)

ASN28883 (SAMLINK-AS, FI)

www4.saastopankki.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 37.157.6.245 (Denmark) 4 redirects

ASN198622 (ADFORM, DK)

track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.6.235 (Denmark)

ASN198622 (ADFORM, DK)

s2.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	adform.net 4 redirects track.adform.net s2.adform.net	32 KB
5	mail-mann.name.ng web.mail-mann.name.ng	48 KB
4	saastopankki.fi www4.saastopankki.fi	525 KB
3	facebook.com www.facebook.com	561 B
3	facebook.net connect.facebook.net	237 KB
19	5

	Domain	Requested by
7	track.adform.net	4 redirects web.mail-mann.name.ng
5	web.mail-mann.name.ng	web.mail-mann.name.ng
4	www4.saastopankki.fi	web.mail-mann.name.ng
3	www.facebook.com	web.mail-mann.name.ng
3	connect.facebook.net	web.mail-mann.name.ng connect.facebook.net
1	s2.adform.net	web.mail-mann.name.ng
19	6

This site contains no links.

Subject Issuer	Validity	Valid
web.mail-mann.name.ng R3	`2021-10-13` - `2022-01-11`	3 months	crt.sh
www4.saastopankki.fi DigiCert SHA2 Extended Validation Server CA	`2021-04-30` - `2022-05-20`	a year	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-07-23` - `2021-10-21`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://web.mail-mann.name.ng/secure/
Frame ID: FBBCE7093863C8142DDC3E33A5593CAB
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Säästöpankki

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<style>\s+/\*!\s+\* Bootstrap v(\d\.\d\.\d)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Page Statistics

19
Requests

100 %
HTTPS

33 %
IPv6

5
Domains

6
Subdomains

6
IPs

4
Countries

841 kB
Transfer

1695 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://track.adform.net/serving/scripts/trackpoint/async/ HTTP 301
https://s2.adform.net/banners/scripts/st/trackpoint-async.js

Request Chain 13

https://track.adform.net/Serving/TrackPoint/?pm=31078&ADFdivider=%7C&ord=283636533906&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F HTTP 302
https://track.adform.net/Serving/TrackPoint/?CC=1&pm=31078&ADFdivider=%7C&ord=283636533906&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F

Request Chain 14

https://track.adform.net/Serving/TrackPoint/?pm=572705&ADFdivider=%7C&ord=2312810754&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F HTTP 302
https://track.adform.net/Serving/TrackPoint/?CC=1&pm=572705&ADFdivider=%7C&ord=2312810754&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F

Request Chain 15

https://track.adform.net/Serving/TrackPoint/?pm=31078&ADFPageName=Saastopankki.fi%7CVerkkopankki-kirjautumissivu&ADFdivider=%7C&ord=502265785179&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F HTTP 302
https://track.adform.net/Serving/TrackPoint/?CC=1&pm=31078&ADFPageName=Saastopankki.fi%7CVerkkopankki-kirjautumissivu&ADFdivider=%7C&ord=502265785179&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F

19 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
web.mail-mann.name.ng/secure/ 285 KB
48 KB 48ms
14ms Document
text/html 92.38.163.136
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://web.mail-mann.name.ng/secure/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 92.38.163.136 Luxembourg, Luxembourg, ASN199524 (GCORE, LU),
Reverse DNS: kingclaudia87.example.com
Software: Apache /
Resource Hash: 98394ec3d0db54025138e12818356ca3a119cc0c9582f5a50b775f695ba89634

Request headers

Host: web.mail-mann.name.ng
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Wed, 13 Oct 2021 13:27:57 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK image
www4.saastopankki.fi/pankki/cms/ 14 KB
15 KB 252ms
46ms Image
image/png 185.251.48.79
SAMLINK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www4.saastopankki.fi/pankki/cms/image?uuid=444c17be-356f-4f7b-a201-a88a9d10c4e0&groupId=10475&t=1528786107912

Requested by

Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.251.48.79 , Finland, ASN28883 (SAMLINK-AS, FI),

Reverse DNS

Software

Resource Hash

84e3fb667af0953e19e5cd538786e7c6fb238717bcec384c9c30601a401a7e80

Security Headers

Name	Value
Content-Security-Policy	frame-src https://www4.saastopankki.fi;default-src 'none';connect-src https://ccaas.service.tieto.com 'self';font-src data: https://fonts.gstatic.com https://fonts.googleapis.com 'self';img-src https://www4.saastopankki.fi https://www.google-analytics.com 'self' data:;style-src https://fonts.googleapis.com 'self' 'unsafe-inline';script-src https://www4.saastopankki.fi https://www.googletagmanager.com https://www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://web.mail-mann.name.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Security-Policy: frame-src https://www4.saastopankki.fi;default-src 'none';connect-src https://ccaas.service.tieto.com 'self';font-src data: https://fonts.gstatic.com https://fonts.googleapis.com 'self';img-src https://www4.saastopankki.fi https://www.google-analytics.com 'self' data:;style-src https://fonts.googleapis.com 'self' 'unsafe-inline';script-src https://www4.saastopankki.fi https://www.googletagmanager.com https://www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
X-Content-Type-Options: nosniff
Date: Wed, 13 Oct 2021 13:27:57 GMT
X-Frame-Options: DENY
Connection: Keep-Alive
Content-Type: image/png
Cache-Control: max-age=7200, public
Strict-Transport-Security: max-age=31536000;
Keep-Alive: timeout=15, max=94
Content-Length: 14024
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK image
www4.saastopankki.fi/pankki/cms/ 113 KB
115 KB 255ms
49ms Image
image/jpeg 185.251.48.79
SAMLINK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www4.saastopankki.fi/pankki/cms/image?t=1592815706119&imagePreview=1&uuid=d8381764-5d9b-9bce-1809-52c7e477b18e&groupId=10475

Requested by

Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.251.48.79 , Finland, ASN28883 (SAMLINK-AS, FI),

Reverse DNS

Software

Resource Hash

04d2ade1d7b3db8eb904ecb81d2e83727479f68054e7f36e5be7f0fa2951630d

Security Headers

Name	Value
Content-Security-Policy	frame-src https://www4.saastopankki.fi;default-src 'none';connect-src https://ccaas.service.tieto.com 'self';font-src data: https://fonts.gstatic.com https://fonts.googleapis.com 'self';img-src https://www4.saastopankki.fi https://www.google-analytics.com 'self' data:;style-src https://fonts.googleapis.com 'self' 'unsafe-inline';script-src https://www4.saastopankki.fi https://www.googletagmanager.com https://www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://web.mail-mann.name.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 13 Oct 2021 13:27:57 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Connection: Keep-Alive
Content-Type: image/jpeg
Cache-Control: max-age=7200, public
Transfer-Encoding: chunked
Content-Security-Policy: frame-src https://www4.saastopankki.fi;default-src 'none';connect-src https://ccaas.service.tieto.com 'self';font-src data: https://fonts.gstatic.com https://fonts.googleapis.com 'self';img-src https://www4.saastopankki.fi https://www.google-analytics.com 'self' data:;style-src https://fonts.googleapis.com 'self' 'unsafe-inline';script-src https://www4.saastopankki.fi https://www.googletagmanager.com https://www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security: max-age=31536000;
Keep-Alive: timeout=15, max=56
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK image
www4.saastopankki.fi/pankki/cms/ 181 KB
183 KB 245ms
46ms Image
image/jpeg 185.251.48.79
SAMLINK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www4.saastopankki.fi/pankki/cms/image?t=1559307304000&imagePreview=1&uuid=de8747ff-700e-4b82-b55d-ef3c80860665&groupId=10475

Requested by

Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.251.48.79 , Finland, ASN28883 (SAMLINK-AS, FI),

Reverse DNS

Software

Resource Hash

37122eb04de0282dc047d1bd62fa33a383a21f44cf45b31c4ed12575f60a539a

Security Headers

Name	Value
Content-Security-Policy	frame-src https://www4.saastopankki.fi;default-src 'none';connect-src https://ccaas.service.tieto.com 'self';font-src data: https://fonts.gstatic.com https://fonts.googleapis.com 'self';img-src https://www4.saastopankki.fi https://www.google-analytics.com 'self' data:;style-src https://fonts.googleapis.com 'self' 'unsafe-inline';script-src https://www4.saastopankki.fi https://www.googletagmanager.com https://www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://web.mail-mann.name.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 13 Oct 2021 13:27:57 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Connection: Keep-Alive
Content-Type: image/jpeg
Cache-Control: max-age=7200, public
Transfer-Encoding: chunked
Content-Security-Policy: frame-src https://www4.saastopankki.fi;default-src 'none';connect-src https://ccaas.service.tieto.com 'self';font-src data: https://fonts.gstatic.com https://fonts.googleapis.com 'self';img-src https://www4.saastopankki.fi https://www.google-analytics.com 'self' data:;style-src https://fonts.googleapis.com 'self' 'unsafe-inline';script-src https://www4.saastopankki.fi https://www.googletagmanager.com https://www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security: max-age=31536000;
Keep-Alive: timeout=15, max=92
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK sp_sininen_tausta.png
www4.saastopankki.fi/pankki/assets/sp/img/ 211 KB
212 KB 236ms
43ms Image
image/png 185.251.48.79
SAMLINK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www4.saastopankki.fi/pankki/assets/sp/img/sp_sininen_tausta.png

Requested by

Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.251.48.79 , Finland, ASN28883 (SAMLINK-AS, FI),

Reverse DNS

Software

Resource Hash

abfd8de945b3ccfcb7459ee221441693326558025c8b04ae7f5f42a37d9de0e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://web.mail-mann.name.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 13 Oct 2021 13:27:57 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 13 Aug 2021 14:29:06 GMT
X-Frame-Options: DENY
Connection: Keep-Alive
Content-Type: image/png
Cache-Control: max-age=63072000, public
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=39
Content-Length: 215950
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found DINWeb.woff
web.mail-mann.name.ng/netbank/font/dino/ 0
0 11ms
11ms Font
text/html 92.38.163.136
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://web.mail-mann.name.ng/netbank/font/dino/DINWeb.woff
Requested by: Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 92.38.163.136 Luxembourg, Luxembourg, ASN199524 (GCORE, LU),
Reverse DNS: kingclaudia87.example.com
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://web.mail-mann.name.ng
Accept-Encoding: gzip, deflate, br
Host: web.mail-mann.name.ng
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://web.mail-mann.name.ng/secure/
Connection: keep-alive
Referer: https://web.mail-mann.name.ng/secure/
Origin: https://web.mail-mann.name.ng
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 13 Oct 2021 13:27:57 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 196
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found DINWeb-Bold.woff
web.mail-mann.name.ng/netbank/font/dino/ 0
0 23ms
11ms Font
text/html 92.38.163.136
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://web.mail-mann.name.ng/netbank/font/dino/DINWeb-Bold.woff
Requested by: Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 92.38.163.136 Luxembourg, Luxembourg, ASN199524 (GCORE, LU),
Reverse DNS: kingclaudia87.example.com
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://web.mail-mann.name.ng
Accept-Encoding: gzip, deflate, br
Host: web.mail-mann.name.ng
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://web.mail-mann.name.ng/secure/
Connection: keep-alive
Referer: https://web.mail-mann.name.ng/secure/
Origin: https://web.mail-mann.name.ng
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 13 Oct 2021 13:27:57 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 196
Content-Type: text/html; charset=iso-8859-1

GET
H2

200

trackpoint-async.js Show response
s2.adform.net/banners/scripts/st/
Redirect Chain

https://track.adform.net/serving/scripts/trackpoint/async/
https://s2.adform.net/banners/scripts/st/trackpoint-async.js

79 KB
28 KB

102ms
22ms

Script
application/x-javascript

37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s2.adform.net/banners/scripts/st/trackpoint-async.js
Requested by: Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 0b6ee815005e308fb4ed57e68792ac193f50b8228669a96e74fd143ceb09660e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://web.mail-mann.name.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 13:27:57 GMT
content-encoding: gzip
last-modified: Wed, 08 Sep 2021 09:57:01 GMT
server: nginx
etag: W/"613888ed-13bd1"
x-cache-status: HIT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

Redirect headers

location: https://s2.adform.net/banners/scripts/st/trackpoint-async.js
date: Wed, 13 Oct 2021 13:27:57 GMT
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/html

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 31ms
10ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2bc2179dbcac09de834853fc91b815d3bea8112276b7b789f610078d399bcb47

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://web.mail-mann.name.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 25967
x-xss-protection: 0
pragma: public
x-fb-debug: RiRtB38F5i4z1GGTheKByUhdxv1vrnvR8HcRND1DK7M0lt5vKROhUul4GtwSdd4uWXg/J4/42Hn+TwjifpthFQ==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Wed, 13 Oct 2021 13:27:57 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 404
Not Found DINWeb.ttf
web.mail-mann.name.ng/netbank/font/dino/ 0
0 11ms
11ms Font
text/html 92.38.163.136
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://web.mail-mann.name.ng/netbank/font/dino/DINWeb.ttf
Requested by: Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 92.38.163.136 Luxembourg, Luxembourg, ASN199524 (GCORE, LU),
Reverse DNS: kingclaudia87.example.com
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://web.mail-mann.name.ng
Accept-Encoding: gzip, deflate, br
Host: web.mail-mann.name.ng
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://web.mail-mann.name.ng/secure/
Connection: keep-alive
Referer: https://web.mail-mann.name.ng/secure/
Origin: https://web.mail-mann.name.ng
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 13 Oct 2021 13:27:57 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 196
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found DINWeb-Bold.ttf
web.mail-mann.name.ng/netbank/font/dino/ 0
0 13ms
13ms Font
text/html 92.38.163.136
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://web.mail-mann.name.ng/netbank/font/dino/DINWeb-Bold.ttf
Requested by: Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 92.38.163.136 Luxembourg, Luxembourg, ASN199524 (GCORE, LU),
Reverse DNS: kingclaudia87.example.com
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://web.mail-mann.name.ng
Accept-Encoding: gzip, deflate, br
Host: web.mail-mann.name.ng
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://web.mail-mann.name.ng/secure/
Connection: keep-alive
Referer: https://web.mail-mann.name.ng/secure/
Origin: https://web.mail-mann.name.ng
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 13 Oct 2021 13:27:57 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 196
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 1764267177124905 Show response
connect.facebook.net/signals/config/ 489 KB
143 KB 75ms
74ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1764267177124905?v=2.9.47&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d445c2b4ce9f1bd211025bd0e1532efb0596f69e4100cd9098a3f2bcc8eeedec

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://web.mail-mann.name.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: 2t+y1vIRkByi1DTMiF0ksrsERERMg6XfQr7MoNfmQ4Gu2SVAL2/Kq3qcSXkfVpHdK49KUpZ76tc/VYzUcCqlPg==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Wed, 13 Oct 2021 13:27:57 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 137264003492099 Show response
connect.facebook.net/signals/config/ 223 KB
67 KB 66ms
65ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/137264003492099?v=2.9.47&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

835d6f8e28b3fd57475b57892c66dccd24ae8827d35cc822cff16b7252d340b1

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://web.mail-mann.name.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: cUlJaqENXtsd6J2JGUM+4KCj2sQi3trNJTRFMqDBhpQFOSewZvT9vWiLDlKhONeAJRSwEvojTsSPOpJCufeOqw==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Wed, 13 Oct 2021 13:27:57 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
313 B 38ms
9ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1764267177124905&ev=PageView&dl=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F&rl=&if=false&ts=1634131677355&sw=1600&sh=1200&v=2.9.47&r=stable&ec=0&o=30&fbp=fb.2.1634131677354.94805420&it=1634131677219&coo=false&exp=p0&rqm=GET

Requested by

Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://web.mail-mann.name.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 13:27:57 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Wed, 13 Oct 2021 13:27:57 GMT

GET
H2

200

/ Show response
track.adform.net/Serving/TrackPoint/
Redirect Chain

https://track.adform.net/Serving/TrackPoint/?pm=31078&ADFdivider=%7C&ord=283636533906&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F
https://track.adform.net/Serving/TrackPoint/?CC=1&pm=31078&ADFdivider=%7C&ord=283636533906&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F

130 B
608 B

26ms
26ms

Script
text/javascript

37.157.6.245
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/Serving/TrackPoint/?CC=1&pm=31078&ADFdivider=%7C&ord=283636533906&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F

Requested by

Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.245 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

f6e113d392b7188245e48cc96d836f8b2b7780ef01626687c783586288b99c38

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://web.mail-mann.name.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Oct 2021 13:27:57 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 201
expires: -1

Redirect headers

pragma: no-cache
date: Wed, 13 Oct 2021 13:27:57 GMT
server: nginx
location: https://track.adform.net/Serving/TrackPoint/?CC=1&pm=31078&ADFdivider=%7C&ord=283636533906&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F
strict-transport-security: max-age=31536000; includeSubDomains
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: text/html; charset=utf-8
expires: -1

GET
H2

200

/ Show response
track.adform.net/Serving/TrackPoint/
Redirect Chain

https://track.adform.net/Serving/TrackPoint/?pm=572705&ADFdivider=%7C&ord=2312810754&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F
https://track.adform.net/Serving/TrackPoint/?CC=1&pm=572705&ADFdivider=%7C&ord=2312810754&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F

130 B
607 B

27ms
26ms

Script
text/javascript

37.157.6.245
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/Serving/TrackPoint/?CC=1&pm=572705&ADFdivider=%7C&ord=2312810754&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F

Requested by

Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.245 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

9a7fc7f23386198b46103b632cd43e7b80866e4e1572517b720372354cf43757

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://web.mail-mann.name.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Oct 2021 13:27:57 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 201
expires: -1

Redirect headers

pragma: no-cache
date: Wed, 13 Oct 2021 13:27:57 GMT
server: nginx
location: https://track.adform.net/Serving/TrackPoint/?CC=1&pm=572705&ADFdivider=%7C&ord=2312810754&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F
strict-transport-security: max-age=31536000; includeSubDomains
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: text/html; charset=utf-8
expires: -1

GET
H2

200

/ Show response
track.adform.net/Serving/TrackPoint/
Redirect Chain

https://track.adform.net/Serving/TrackPoint/?pm=31078&ADFPageName=Saastopankki.fi%7CVerkkopankki-kirjautumissivu&ADFdivider=%7C&ord=502265785179&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=...
https://track.adform.net/Serving/TrackPoint/?CC=1&pm=31078&ADFPageName=Saastopankki.fi%7CVerkkopankki-kirjautumissivu&ADFdivider=%7C&ord=502265785179&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2...

144 B
617 B

25ms
25ms

Script
text/javascript

37.157.6.245
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/Serving/TrackPoint/?CC=1&pm=31078&ADFPageName=Saastopankki.fi%7CVerkkopankki-kirjautumissivu&ADFdivider=%7C&ord=502265785179&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F

Requested by

Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.245 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

41028e419af79b3b6846eb637e4ec2d087a97d83f649ac0c5382e333a9ce1351

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://web.mail-mann.name.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Oct 2021 13:27:57 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 211
expires: -1

Redirect headers

pragma: no-cache
date: Wed, 13 Oct 2021 13:27:57 GMT
server: nginx
location: https://track.adform.net/Serving/TrackPoint/?CC=1&pm=31078&ADFPageName=Saastopankki.fi%7CVerkkopankki-kirjautumissivu&ADFdivider=%7C&ord=502265785179&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F
strict-transport-security: max-age=31536000; includeSubDomains
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: text/html; charset=utf-8
expires: -1

GET
H2 200 /
www.facebook.com/tr/ 44 B
101 B 8ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=137264003492099&ev=PageView&dl=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F&rl=&if=false&ts=1634131677446&sw=1600&sh=1200&v=2.9.47&r=stable&ec=0&o=28&fbp=fb.2.1634131677354.94805420&it=1634131677219&coo=false&exp=p0&rqm=GET

Requested by

Host: web.mail-mann.name.ng
URL: https://web.mail-mann.name.ng/secure/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://web.mail-mann.name.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 13:27:57 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Wed, 13 Oct 2021 13:27:57 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
147 B 9ms
8ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1764267177124905&ev=Microdata&dl=https%3A%2F%2Fweb.mail-mann.name.ng%2Fsecure%2F&rl=&if=false&ts=1634131678858&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%20S%C3%A4%C3%A4st%C3%B6pankki%20%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.47&r=stable&ec=1&o=30&fbp=fb.2.1634131677354.94805420&it=1634131677219&coo=false&es=automatic&tm=3&exp=p0&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://web.mail-mann.name.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 13:27:58 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Wed, 13 Oct 2021 13:27:58 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Säästöpankki (Banking)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www4.saastopankki.fi/pankki	1970-01-19 21:55:32	Name: lbsession Value: !iiu8xlqkY+jEY1OZIKMTSSLmWrpfjicy9Ylkyu8U8njaTRm5wiaN+CSQDryK3aAMdoQESb4sn3NtH8k=
.mail-mann.name.ng/	1970-01-20 00:05:07	Name: _fbp Value: fb.2.1634131677354.94805420
.www4.saastopankki.fi/	1970-01-19 21:55:32	Name: smlsession Value: e7a795d44247e2c1f4c82165b1cb7a80
.adform.net/	1970-01-19 22:40:13	Name: C Value: 1
.adform.net/	1970-01-19 23:21:59	Name: uid Value: 2713578332385415241

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://web.mail-mann.name.ng/netbank/font/dino/DINWeb.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://web.mail-mann.name.ng/netbank/font/dino/DINWeb-Bold.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://web.mail-mann.name.ng/netbank/font/dino/DINWeb.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://web.mail-mann.name.ng/netbank/font/dino/DINWeb-Bold.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

connect.facebook.net
s2.adform.net
track.adform.net
web.mail-mann.name.ng
www.facebook.com
www4.saastopankki.fi
185.251.48.79
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
37.157.6.235
37.157.6.245
92.38.163.136
04d2ade1d7b3db8eb904ecb81d2e83727479f68054e7f36e5be7f0fa2951630d
0b6ee815005e308fb4ed57e68792ac193f50b8228669a96e74fd143ceb09660e
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
2bc2179dbcac09de834853fc91b815d3bea8112276b7b789f610078d399bcb47
37122eb04de0282dc047d1bd62fa33a383a21f44cf45b31c4ed12575f60a539a
41028e419af79b3b6846eb637e4ec2d087a97d83f649ac0c5382e333a9ce1351
835d6f8e28b3fd57475b57892c66dccd24ae8827d35cc822cff16b7252d340b1
84e3fb667af0953e19e5cd538786e7c6fb238717bcec384c9c30601a401a7e80
98394ec3d0db54025138e12818356ca3a119cc0c9582f5a50b775f695ba89634
9a7fc7f23386198b46103b632cd43e7b80866e4e1572517b720372354cf43757
abfd8de945b3ccfcb7459ee221441693326558025c8b04ae7f5f42a37d9de0e1
d445c2b4ce9f1bd211025bd0e1532efb0596f69e4100cd9098a3f2bcc8eeedec
f6e113d392b7188245e48cc96d836f8b2b7780ef01626687c783586288b99c38

web.mail-mann.name.ng Open in urlscan Pro 92.38.163.136 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

19 Requests

100 %HTTPS

33 %IPv6

5 Domains

6 Subdomains

6 IPs

4 Countries

841 kBTransfer

1695 kBSize

5 Cookies

0 Outgoing links

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

5 Cookies

4 Console Messages

Indicators

web.mail-mann.name.ng Open in urlscan Pro
92.38.163.136 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

100 %
HTTPS

33 %
IPv6

5
Domains

6
Subdomains

6
IPs

4
Countries

841 kB
Transfer

1695 kB
Size

5
Cookies

19 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!