0b2d6ff33b.nxcli.io
Open in
urlscan Pro
165.84.217.34
Malicious Activity!
Public Scan
Effective URL: https://0b2d6ff33b.nxcli.io/ramndie/?token=
Submission: On April 22 via api from HU — Scanned from CH
Summary
TLS certificate: Issued by R3 on April 18th 2024. Valid for: 3 months.
This is the only time 0b2d6ff33b.nxcli.io was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Swiss Post (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 174.129.117.93 174.129.117.93 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 1 | 185.145.13.84 185.145.13.84 | 202521 (NEXCESS-A...) (NEXCESS-AMS01) | |
20 | 165.84.217.34 165.84.217.34 | 31463 (FOURD-AS) (FOURD-AS) | |
1 | 142.250.186.42 142.250.186.42 | 15169 (GOOGLE) (GOOGLE) | |
3 | 194.41.184.89 194.41.184.89 | 12511 (CH-POSTNE...) (CH-POSTNETZ Post CH AG) | |
24 | 3 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-174-129-117-93.compute-1.amazonaws.com
ow.ly |
ASN202521 (NEXCESS-AMS01, US)
PTR: cloudhost-2752190.nl-west-1.nxcli.net
9faf020c97.nxcli.io |
ASN31463 (FOURD-AS, GB)
PTR: cloudhost-3464249.uk-south-2.nxcli.net
0b2d6ff33b.nxcli.io |
ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f10.1e100.net
fonts.googleapis.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
nxcli.io
1 redirects
9faf020c97.nxcli.io 0b2d6ff33b.nxcli.io |
381 KB |
3 |
post.ch
fonts.post.ch — Cisco Umbrella Rank: 876889 |
89 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 33 |
719 B |
1 |
ow.ly
1 redirects
ow.ly — Cisco Umbrella Rank: 131969 |
351 B |
24 | 4 |
Domain | Requested by | |
---|---|---|
20 | 0b2d6ff33b.nxcli.io |
0b2d6ff33b.nxcli.io
|
3 | fonts.post.ch |
0b2d6ff33b.nxcli.io
|
1 | fonts.googleapis.com |
0b2d6ff33b.nxcli.io
|
1 | 9faf020c97.nxcli.io | 1 redirects |
1 | ow.ly | 1 redirects |
24 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
0b2d6ff33b.nxcli.io R3 |
2024-04-18 - 2024-07-17 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-03-18 - 2024-06-10 |
3 months | crt.sh |
fonts.post.ch SwissSign RSA TLS OV ICA 2022 - 1 |
2024-04-02 - 2025-04-02 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://0b2d6ff33b.nxcli.io/ramndie/?token=
Frame ID: 31719F7DB961917993CFCD941059CAF7
Requests: 24 HTTP requests in this frame
Screenshot
Page Title
DIE Post - CHPage URL History Show full URLs
-
https://ow.ly/AqUz50RkYjA
HTTP 301
https://9faf020c97.nxcli.io/newshippingsitekommensiealleholtihresahcnehierbeimirichbedankemichfurallesli... HTTP 302
https://0b2d6ff33b.nxcli.io/ramndie/?token= Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://ow.ly/AqUz50RkYjA
HTTP 301
https://9faf020c97.nxcli.io/newshippingsitekommensiealleholtihresahcnehierbeimirichbedankemichfurallesliebegrussetantejasmina/aallesugteichwerdeallesnehmenvielendankfurdiebemuhungeswaralleswertichliebeeuch/?p=FMveW HTTP 302
https://0b2d6ff33b.nxcli.io/ramndie/?token= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
0b2d6ff33b.nxcli.io/ramndie/ Redirect Chain
|
292 KB 48 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
staticasset.css
0b2d6ff33b.nxcli.io/ramndie/assets/css/ |
11 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
staticasset2.css
0b2d6ff33b.nxcli.io/ramndie/assets/css/ |
24 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
staticasset3.css
0b2d6ff33b.nxcli.io/ramndie/assets/css/ |
355 KB 35 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
staticasset4.css
0b2d6ff33b.nxcli.io/ramndie/assets/css/ |
281 KB 29 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
avgk.css
0b2d6ff33b.nxcli.io/ramndie/assets/css/ |
21 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.css
0b2d6ff33b.nxcli.io/ramndie/assets/css/ |
31 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main2.css
0b2d6ff33b.nxcli.io/ramndie/assets/css/ |
824 KB 67 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
CoveoFullSearch.css
0b2d6ff33b.nxcli.io/ramndie/assets/css/ |
495 KB 54 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
CoveoForSitecore.css
0b2d6ff33b.nxcli.io/ramndie/assets/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
scripts.js
0b2d6ff33b.nxcli.io/ramndie/assets/css/ |
4 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Logo.svg
0b2d6ff33b.nxcli.io/ramndie/assets/css/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
barcode.png
0b2d6ff33b.nxcli.io/ramndie/assets/css/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
GetPreviewImage
0b2d6ff33b.nxcli.io/ramndie/Paketetiketten%20Inland_files/ |
17 KB 17 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
GetPreviewImage
0b2d6ff33b.nxcli.io/vgkklp2/avgk/Standardprozess/ |
17 KB 17 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
2 KB 719 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
9aa32a81-1124-4c43-b3db-15bfb1f7aed2.woff
0b2d6ff33b.nxcli.io/ramndie/assets/css/ |
37 KB 37 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FrutigerNeueforPostW05-Rg.woff2
fonts.post.ch/frutigerneueforpost/v2/ |
29 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FrutigerNeueforPostW05-Lt.woff2
fonts.post.ch/frutigerneueforpost/v2/ |
29 KB 30 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FrutigerNeueforPostW05-Bold.woff2
fonts.post.ch/frutigerneueforpost/v2/ |
29 KB 30 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2a004a53-ac5c-43b3-9eeb-9f74ae4c1609.woff
0b2d6ff33b.nxcli.io/ramndie/assets/css/ |
50 KB 50 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3fbbd6b1-cfa7-4ff0-97ea-af1b2c489f15.woff
0b2d6ff33b.nxcli.io/ramndie/assets/css/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
076311f8-a01b-4389-a5eb-334a62e62d45.ttf
0b2d6ff33b.nxcli.io/ramndie/assets/css/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
0b2d6ff33b.nxcli.io/ramndie/assets/css/ |
4 KB 1 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Swiss Post (Transportation)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| 3 function| formatPhone function| handleExpInput object| _CARD_TYPES function| credit_card_input0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
0b2d6ff33b.nxcli.io
9faf020c97.nxcli.io
fonts.googleapis.com
fonts.post.ch
ow.ly
142.250.186.42
165.84.217.34
174.129.117.93
185.145.13.84
194.41.184.89
127f46d8e3c5e2ef9eea5a261168b1ac975bf01de34202d90a1c7fa87fb2cd41
16b0fcf0bd2c044a6574bd1a872767fef935296cef78fa1f098ef5b75005a74b
34de64f77ce8d8eb483e1aa9bfc3100b9638bd8100ae2e03d1ddbe382a8000c0
3664baae915287963f2635a6d61279ab1e78a0e98caf608759344fd776e98111
573cb54712eed54d3bf9b7b5af9aebb6adb188712eea6db23c7a668e7750e1a8
66b6c9e1ba15d338c47b8323a874a44f224a81d14a5d2c084359c6b4ca6a39fe
6de3d244cb663b977d0621f96db93337027c1ca5f6b7f46b8dd529e3879d1775
76b60da079c56afb9fb96f433b0fc0e36bced15e07699cb8579bff266f46c0f9
7a25dfc3218cf7e0d8ef931a8484e7c3ee5d849568e60c59659977b25eb71092
8d4350370980440d6ac166ea9c802fa09560f172e9a097d38451c083beffbaeb
9078f5be6100c40ba61e6c1d3f11a15383d11faf5675410e940d83501bc7d769
974ab73c257f54ad5a7cd4ccf390c61e2ca22b9b6706ff4880ad900a1a2bbc9e
aa3e42cd825bf41478a7ddbf8db133fdaa717b60c03de17b8b00b277c84f0820
b000a4932233e8f87294c07aaf6173088e549c588e4d968cd9889a28efe821f1
b1d8e73aeaca62e519b792ade3c0400821a86647bb75095a1367ae0301af807d
c2b5cac2721aba603b07e013299762a4365ded7b452eaf01b357a69ac4ee5892
c6e2e510fb8ca2cf90e44ed06b7cb2655c4459cefa6278803254f6449642f542
dc645ddffd4b66feb1f5be4d4c661a9ab2e9be2a26c4a08b376ab68d9025dcd9
dceea27395ed1b2ab536cc460a7b398429d88232a11cea81458db125457a2b1c
e75bddbbe19539b3c7f745fb74948378df59ae6f12c85c72928f73e110ab4bde
f0cc503406af0014db4fda7ee45b3c5a50d694813631e99666c0e244d608ea01
fa4f0aed1d0ec5764d186315819d7d80651bf620bc6378a9745701ad501a4984