cp80.nsixo.com Open in urlscan Pro
213.238.168.87 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://cp80.nsixo.com/~mogznews/datacenter/
Effective URL:
http://cp80.nsixo.com/~mogznews/datacenter/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/L...
Submission: On July 06 via automatic, source openphish (July 6th 2022, 1:27:14 am UTC) — Scanned from DE

Summary HTTP 4 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 4 HTTP transactions. The main IP is 213.238.168.87, located in Turkey and belongs to HOSTIXO, TR. The main domain is cp80.nsixo.com.

This is the only time cp80.nsixo.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Navy Federal Credit Union (Government)

Domain & IP information

	IP Address		AS Autonomous System
4	213.238.168.87 213.238.168.87		212069 (HOSTIXO) (HOSTIXO)
4	1

4 213.238.168.87 (Turkey)

ASN212069 (HOSTIXO, TR)
PTR: cp80.nsixo.com

cp80.nsixo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	nsixo.com cp80.nsixo.com	28 KB
4	1

	Domain	Requested by
4	cp80.nsixo.com	cp80.nsixo.com
4	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://cp80.nsixo.com/~mogznews/datacenter/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
Frame ID: 2F43628C07705C6F82B3B50086AD847A
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Document

Page URL History Show full URLs

http://cp80.nsixo.com/~mogznews/datacenter/ Page URL
http://cp80.nsixo.com/~mogznews/datacenter/index2.php?https://account.1und1.de/home/particulares_e... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

4
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

28 kB
Transfer

27 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://cp80.nsixo.com/~mogznews/datacenter/ Page URL
http://cp80.nsixo.com/~mogznews/datacenter/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ cp80.nsixo.com/~mogznews/datacenter/	197 B 373 B	338ms 73ms	Document text/html	213.238.168.87 HOSTIXO
General Check archive.org Show headers Download Go to Full URL http://cp80.nsixo.com/~mogznews/datacenter/ Protocol HTTP/1.1 Server 213.238.168.87 , Turkey, ASN212069 (HOSTIXO, TR), Reverse DNS cp80.nsixo.com Software / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection Keep-Alive Content-Encoding gzip Content-Length 185 Content-Type text/html; charset=UTF-8 Date Wed, 06 Jul 2022 01:27:09 GMT Vary Accept-Encoding
GET H/1.1	200 OK	Primary Request index2.php Show response cp80.nsixo.com/~mogznews/datacenter/	907 B 891 B	73ms 73ms	Document text/html	213.238.168.87 HOSTIXO
General Check archive.org Show headers Download Go to Full URL http://cp80.nsixo.com/~mogznews/datacenter/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd Protocol HTTP/1.1 Server 213.238.168.87 , Turkey, ASN212069 (HOSTIXO, TR), Reverse DNS cp80.nsixo.com Software / Resource Hash `4ca93b30090b1bff977dbc5bbb588ce4599a5ef8aa2b32576ad308f74c3ae26c` Request headers Referer http://cp80.nsixo.com/~mogznews/datacenter/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Encoding gzip Content-Length 529 Content-Type text/html; charset=UTF-8 Date Wed, 06 Jul 2022 01:27:09 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Pragma no-cache Vary Accept-Encoding
GET H/1.1	200 OK	NFCU-Logo.png cp80.nsixo.com/~mogznews/datacenter/run/	23 KB 23 KB	71ms 70ms	Image image/png	213.238.168.87 HOSTIXO
General Check archive.org Show headers Download Go to Show image Full URL http://cp80.nsixo.com/~mogznews/datacenter/run/NFCU-Logo.png Requested by Host: cp80.nsixo.com URL: http://cp80.nsixo.com/~mogznews/datacenter/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd Protocol HTTP/1.1 Server 213.238.168.87 , Turkey, ASN212069 (HOSTIXO, TR), Reverse DNS cp80.nsixo.com Software / Resource Hash `044d93a0c99052b0f4d7d47a5454fed7a87a2f0a36c65384fe08d4db4e36198a` Request headers accept-language de-DE,de;q=0.9 Referer http://cp80.nsixo.com/~mogznews/datacenter/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers Date Wed, 06 Jul 2022 01:27:09 GMT Last-Modified Sat, 25 Jun 2022 21:01:02 GMT Content-Type image/png Cache-Control public, max-age=604800 Connection Keep-Alive Accept-Ranges bytes Content-Length 23134 Expires Wed, 13 Jul 2022 01:27:09 GMT
GET H/1.1	200 OK	captcha.php cp80.nsixo.com/~mogznews/datacenter/run/	4 KB 4 KB	75ms 75ms	Image image/jpeg	213.238.168.87 HOSTIXO
General Check archive.org Show headers Download Go to Show image Full URL http://cp80.nsixo.com/~mogznews/datacenter/run/captcha.php?rand=1598837249 Requested by Host: cp80.nsixo.com URL: http://cp80.nsixo.com/~mogznews/datacenter/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd Protocol HTTP/1.1 Server 213.238.168.87 , Turkey, ASN212069 (HOSTIXO, TR), Reverse DNS cp80.nsixo.com Software / Resource Hash `3c40f1447bcd789c320fbd2edf97c46542a230d547523294c01665f35445eb67` Request headers accept-language de-DE,de;q=0.9 Referer http://cp80.nsixo.com/~mogznews/datacenter/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers Pragma no-cache Date Wed, 06 Jul 2022 01:27:09 GMT Cache-Control no-store, no-cache, must-revalidate Expires Thu, 19 Nov 1981 08:52:00 GMT Connection Keep-Alive Content-Length 3899 Content-Type image/jpeg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Navy Federal Credit Union (Government)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			cp80.nsixo.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 643b4f7ce9599a00804a08ec5ea8fad9

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cp80.nsixo.com
213.238.168.87
044d93a0c99052b0f4d7d47a5454fed7a87a2f0a36c65384fe08d4db4e36198a
3c40f1447bcd789c320fbd2edf97c46542a230d547523294c01665f35445eb67
4ca93b30090b1bff977dbc5bbb588ce4599a5ef8aa2b32576ad308f74c3ae26c

cp80.nsixo.com Open in urlscan Pro 213.238.168.87 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

4 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

28 kBTransfer

27 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

1 Cookies

Indicators

cp80.nsixo.com Open in urlscan Pro
213.238.168.87 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

28 kB
Transfer

27 kB
Size

1
Cookies

4 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!