cp80.nsixo.com
Open in
urlscan Pro
213.238.168.87
Malicious Activity!
Public Scan
Effective URL: http://cp80.nsixo.com/~mogznews/datacenter/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/L...
Submission: On July 06 via automatic, source openphish — Scanned from DE
Summary
This is the only time cp80.nsixo.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Navy Federal Credit Union (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 213.238.168.87 213.238.168.87 | 212069 (HOSTIXO) (HOSTIXO) | |
4 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
nsixo.com
cp80.nsixo.com |
28 KB |
4 | 1 |
Domain | Requested by | |
---|---|---|
4 | cp80.nsixo.com |
cp80.nsixo.com
|
4 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://cp80.nsixo.com/~mogznews/datacenter/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
Frame ID: 2F43628C07705C6F82B3B50086AD847A
Requests: 4 HTTP requests in this frame
Screenshot
Page Title
DocumentPage URL History Show full URLs
- http://cp80.nsixo.com/~mogznews/datacenter/ Page URL
- http://cp80.nsixo.com/~mogznews/datacenter/index2.php?https://account.1und1.de/home/particulares_e... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://cp80.nsixo.com/~mogznews/datacenter/ Page URL
- http://cp80.nsixo.com/~mogznews/datacenter/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
4 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
cp80.nsixo.com/~mogznews/datacenter/ |
197 B 373 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
index2.php
cp80.nsixo.com/~mogznews/datacenter/ |
907 B 891 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NFCU-Logo.png
cp80.nsixo.com/~mogznews/datacenter/run/ |
23 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
captcha.php
cp80.nsixo.com/~mogznews/datacenter/run/ |
4 KB 4 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Navy Federal Credit Union (Government)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
cp80.nsixo.com/ | Name: PHPSESSID Value: 643b4f7ce9599a00804a08ec5ea8fad9 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cp80.nsixo.com
213.238.168.87
044d93a0c99052b0f4d7d47a5454fed7a87a2f0a36c65384fe08d4db4e36198a
3c40f1447bcd789c320fbd2edf97c46542a230d547523294c01665f35445eb67
4ca93b30090b1bff977dbc5bbb588ce4599a5ef8aa2b32576ad308f74c3ae26c