nexolibre.store Open in urlscan Pro
200.58.110.149 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://nexolibre.store/controllers/up/postde/postde/pst/
Effective URL:
http://nexolibre.store/controllers/up/postde/postde/pst/fbbe23c145eb16ba78a3/clients/
Submission: On August 01 via manual (August 1st 2023, 7:32:47 am UTC) from DE — Scanned from DE

Summary HTTP 2 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 2 HTTP transactions. The main IP is 200.58.110.149, located in Rosario, Argentina and belongs to Dattatec.com, AR. The main domain is nexolibre.store.

This is the only time nexolibre.store was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Postbank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
3 5	200.58.110.149 200.58.110.149		27823 (Dattatec.com) (Dattatec.com)
2	2

5 200.58.110.149 (Rosario, Argentina) 3 redirects

ASN27823 (Dattatec.com, AR)
PTR: ecuador.dattaweb.com

nexolibre.store	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	nexolibre.store 3 redirects nexolibre.store	1 MB
2	1

	Domain	Requested by
5	nexolibre.store	3 redirects nexolibre.store
2	1

This site contains links to these domains. Also see Links.

Domain
www.postbank.de

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://nexolibre.store/controllers/up/postde/postde/pst/fbbe23c145eb16ba78a3/clients/
Frame ID: 1BF1FB29A70C55FF675929B68C27203E
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Postbank Banking & Brokerage

Page URL History Show full URLs

http://nexolibre.store/controllers/up/postde/postde/pst/ HTTP 302
http://nexolibre.store/controllers/up/postde/postde/pst/fbbe23c145eb16ba78a3 HTTP 301
http://nexolibre.store/controllers/up/postde/postde/pst/fbbe23c145eb16ba78a3/ Page URL
http://nexolibre.store/controllers/up/postde/postde/pst/fbbe23c145eb16ba78a3/clients HTTP 301
http://nexolibre.store/controllers/up/postde/postde/pst/fbbe23c145eb16ba78a3/clients/ Page URL

Page Statistics

2
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

1267 kB
Transfer

1561 kB
Size

1
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://www.postbank.de/redirects/gutzuwissen-banking-login.html
Title: Informationen für Privatkunden

Search URL Search Domain Scan URL

URL: https://www.postbank.de/umzug-gk
Title: Informationen für Geschäftskunden

Search URL Search Domain Scan URL

URL: https://www.postbank.de/privatkunden/services/banking-und-brokerage/postbank-id.html
Title: Postbank ID einrichten

Search URL Search Domain Scan URL

URL: https://www.postbank.de/privatkunden/services/sicherheit/aktuelle-hinweise.html
Title: Zu den Sicherheitshinweisen

Search URL Search Domain Scan URL

URL: https://www.postbank.de/redirects/redirect_banking_erste-schritte.html
Title: Erste Schritte

Search URL Search Domain Scan URL

URL: https://www.postbank.de/redirects/redirect_banking_terminvereinbarung.html
Title: Terminvereinbarung

Search URL Search Domain Scan URL

URL: https://www.postbank.de/redirects/redirect_banking_kontakt.html
Title: Kontakt

Search URL Search Domain Scan URL

URL: https://www.postbank.de/redirects/redirect_banking_impressum.html
Title: Impressum

Search URL Search Domain Scan URL

URL: https://www.postbank.de/redirects/redirect_banking_rechtshinweise.html
Title: Rechtshinweise

Search URL Search Domain Scan URL

URL: https://www.postbank.de/redirects/redirect_banking_datenschutz.html
Title: Datenschutz

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://nexolibre.store/controllers/up/postde/postde/pst/ HTTP 302
http://nexolibre.store/controllers/up/postde/postde/pst/fbbe23c145eb16ba78a3 HTTP 301
http://nexolibre.store/controllers/up/postde/postde/pst/fbbe23c145eb16ba78a3/ Page URL
http://nexolibre.store/controllers/up/postde/postde/pst/fbbe23c145eb16ba78a3/clients HTTP 301
http://nexolibre.store/controllers/up/postde/postde/pst/fbbe23c145eb16ba78a3/clients/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://nexolibre.store/controllers/up/postde/postde/pst/ HTTP 302
http://nexolibre.store/controllers/up/postde/postde/pst/fbbe23c145eb16ba78a3 HTTP 301
http://nexolibre.store/controllers/up/postde/postde/pst/fbbe23c145eb16ba78a3/

2 HTTP transactions
6 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ nexolibre.store/controllers/up/postde/postde/pst/fbbe23c145eb16ba78a3/ Redirect Chain http://nexolibre.store/controllers/up/postde/postde/pst/ http://nexolibre.store/controllers/up/postde/postde/pst/fbbe23c145eb16ba78a3 http://nexolibre.store/controllers/up/postde/postde/pst/fbbe23c145eb16ba78a3/	151 B 385 B	279ms 279ms	Document text/html	200.58.110.149 Dattatec.com
General Check archive.org Show headers Download Go to Full URL http://nexolibre.store/controllers/up/postde/postde/pst/fbbe23c145eb16ba78a3/ Protocol HTTP/1.1 Server 200.58.110.149 Rosario, Argentina, ASN27823 (Dattatec.com, AR), Reverse DNS ecuador.dattaweb.com Software Apache / PHP/7.0.33 Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Tue, 01 Aug 2023 07:32:35 GMT Keep-Alive timeout=10, max=198 Server Apache Transfer-Encoding chunked X-Powered-By PHP/7.0.33 Redirect headers Connection Keep-Alive Content-Length 285 Content-Type text/html; charset=iso-8859-1 Date Tue, 01 Aug 2023 07:32:35 GMT Keep-Alive timeout=10, max=199 Location http://nexolibre.store/controllers/up/postde/postde/pst/fbbe23c145eb16ba78a3/ Server Apache
GET H/1.1	200 OK	Primary Request / Show response nexolibre.store/controllers/up/postde/postde/pst/fbbe23c145eb16ba78a3/clients/ Redirect Chain http://nexolibre.store/controllers/up/postde/postde/pst/fbbe23c145eb16ba78a3/clients http://nexolibre.store/controllers/up/postde/postde/pst/fbbe23c145eb16ba78a3/clients/	1 MB 1 MB	288ms 288ms	Document text/html	200.58.110.149 Dattatec.com
General Check archive.org Show headers Download Go to Full URL http://nexolibre.store/controllers/up/postde/postde/pst/fbbe23c145eb16ba78a3/clients/ Requested by Host: nexolibre.store URL: http://nexolibre.store/controllers/up/postde/postde/pst/fbbe23c145eb16ba78a3/ Protocol HTTP/1.1 Server 200.58.110.149 Rosario, Argentina, ASN27823 (Dattatec.com, AR), Reverse DNS ecuador.dattaweb.com Software Apache / PHP/7.0.33 Resource Hash `9dd148878ab7f0f95d369b4ed6df49f234d9914dd5c096590db22a097335e174` Request headers Referer http://nexolibre.store/controllers/up/postde/postde/pst/fbbe23c145eb16ba78a3/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Tue, 01 Aug 2023 07:32:35 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=10, max=196 Pragma no-cache Server Apache Transfer-Encoding chunked X-Powered-By PHP/7.0.33 Redirect headers Connection Keep-Alive Content-Length 293 Content-Type text/html; charset=iso-8859-1 Date Tue, 01 Aug 2023 07:32:35 GMT Keep-Alive timeout=10, max=197 Location http://nexolibre.store/controllers/up/postde/postde/pst/fbbe23c145eb16ba78a3/clients/ Server Apache
GET DATA	200 OK	truncated /	243 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `8c477933a91763dd80d66840a72f9b25bee4250bc4adb2ec15932d5f6a473ecf` Request headers accept-language de-DE,de;q=0.9 Referer http://nexolibre.store/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	7 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d4664dd3d67bd3bbe6653fe5273756db06a66ed9f6b2e3d317a28c5bd04ecb90` Request headers accept-language de-DE,de;q=0.9 Referer http://nexolibre.store/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	25 KB 25 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `be4beee7d867a4c4702b8ab281d1d11884a6b7ae9a5e74aac6b141000cb248de` Request headers Referer http://nexolibre.store/ Origin http://nexolibre.store accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	25 KB 25 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `55cb206a77ff71092c309352fcb5927a389382ae678bab55f85ab13ed6239d31` Request headers Referer http://nexolibre.store/ Origin http://nexolibre.store accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	44 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `97fe447ddc107dc8b5f84af5b559f36c71eb2da143a98ef3080014d1f17c994a` Request headers accept-language de-DE,de;q=0.9 Referer http://nexolibre.store/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `fdff80a70c9c788e4c93d02eff684aa381d0f26bf9565edfd1bfdb15c602b4e4` Request headers accept-language de-DE,de;q=0.9 Referer http://nexolibre.store/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Content-Type image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Postbank (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			nexolibre.store/	1969-12-31 23:59:59	Name: PHPSESSID Value: aff33dea0508db86b9d52840c25a8ae2

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

nexolibre.store
200.58.110.149
55cb206a77ff71092c309352fcb5927a389382ae678bab55f85ab13ed6239d31
8c477933a91763dd80d66840a72f9b25bee4250bc4adb2ec15932d5f6a473ecf
97fe447ddc107dc8b5f84af5b559f36c71eb2da143a98ef3080014d1f17c994a
9dd148878ab7f0f95d369b4ed6df49f234d9914dd5c096590db22a097335e174
be4beee7d867a4c4702b8ab281d1d11884a6b7ae9a5e74aac6b141000cb248de
d4664dd3d67bd3bbe6653fe5273756db06a66ed9f6b2e3d317a28c5bd04ecb90
fdff80a70c9c788e4c93d02eff684aa381d0f26bf9565edfd1bfdb15c602b4e4

nexolibre.store Open in urlscan Pro 200.58.110.149 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

2 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

1267 kBTransfer

1561 kBSize

1 Cookies

10 Outgoing links

Page URL History

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

1 Cookies

Indicators

nexolibre.store Open in urlscan Pro
200.58.110.149 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

1267 kB
Transfer

1561 kB
Size

1
Cookies

2 HTTP transactions
6 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!