0b2d6ff33b.nxcli.io Open in urlscan Pro
165.84.217.34 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://ow.ly/AqUz50RkYjA
Effective URL:
https://0b2d6ff33b.nxcli.io/ramndie/?token=
Submission: On April 22 via api (April 22nd 2024, 1:46:34 pm UTC) from HU — Scanned from CH

Summary HTTP 24 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 4 domains to perform 24 HTTP transactions. The main IP is 165.84.217.34, located in Byfleet, United Kingdom and belongs to FOURD-AS, GB. The main domain is 0b2d6ff33b.nxcli.io.
TLS certificate: Issued by R3 on April 18th 2024. Valid for: 3 months.

This is the only time 0b2d6ff33b.nxcli.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Swiss Post (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 1	174.129.117.93 174.129.117.93	14618 (AMAZON-AES) (AMAZON-AES)
1 1	185.145.13.84 185.145.13.84	202521 (NEXCESS-A...) (NEXCESS-AMS01)
20	165.84.217.34 165.84.217.34	31463 (FOURD-AS) (FOURD-AS)
1	142.250.186.42 142.250.186.42	15169 (GOOGLE) (GOOGLE)
3	194.41.184.89 194.41.184.89	12511 (CH-POSTNE...) (CH-POSTNETZ Post CH AG)
24	3

1 174.129.117.93 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-174-129-117-93.compute-1.amazonaws.com

ow.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.145.13.84 (United States) 1 redirects

ASN202521 (NEXCESS-AMS01, US)
PTR: cloudhost-2752190.nl-west-1.nxcli.net

9faf020c97.nxcli.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 165.84.217.34 (Byfleet, United Kingdom)

ASN31463 (FOURD-AS, GB)
PTR: cloudhost-3464249.uk-south-2.nxcli.net

0b2d6ff33b.nxcli.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.42 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 194.41.184.89 (Switzerland)

ASN12511 (CH-POSTNETZ Post CH AG, CH)

fonts.post.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	nxcli.io 1 redirects 9faf020c97.nxcli.io 0b2d6ff33b.nxcli.io	381 KB
3	post.ch fonts.post.ch — Cisco Umbrella Rank: 876889	89 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 33	719 B
1	ow.ly 1 redirects ow.ly — Cisco Umbrella Rank: 131969	351 B
24	4

	Domain	Requested by
20	0b2d6ff33b.nxcli.io	0b2d6ff33b.nxcli.io
3	fonts.post.ch	0b2d6ff33b.nxcli.io
1	fonts.googleapis.com	0b2d6ff33b.nxcli.io
1	9faf020c97.nxcli.io	1 redirects
1	ow.ly	1 redirects
24	5

This site contains no links.

Subject Issuer	Validity	Valid
0b2d6ff33b.nxcli.io R3	`2024-04-18` - `2024-07-17`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-03-18` - `2024-06-10`	3 months	crt.sh
fonts.post.ch SwissSign RSA TLS OV ICA 2022 - 1	`2024-04-02` - `2025-04-02`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://0b2d6ff33b.nxcli.io/ramndie/?token=
Frame ID: 31719F7DB961917993CFCD941059CAF7
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

DIE Post - CH

Page URL History Show full URLs

https://ow.ly/AqUz50RkYjA HTTP 301
https://9faf020c97.nxcli.io/newshippingsitekommensiealleholtihresahcnehierbeimirichbedankemichfurallesli... HTTP 302
https://0b2d6ff33b.nxcli.io/ramndie/?token= Page URL

Page Statistics

24
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

3
IPs

3
Countries

471 kB
Transfer

2569 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ow.ly/AqUz50RkYjA HTTP 301
https://9faf020c97.nxcli.io/newshippingsitekommensiealleholtihresahcnehierbeimirichbedankemichfurallesliebegrussetantejasmina/aallesugteichwerdeallesnehmenvielendankfurdiebemuhungeswaralleswertichliebeeuch/?p=FMveW HTTP 302
https://0b2d6ff33b.nxcli.io/ramndie/?token= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
0b2d6ff33b.nxcli.io/ramndie/
Redirect Chain

https://ow.ly/AqUz50RkYjA
https://9faf020c97.nxcli.io/newshippingsitekommensiealleholtihresahcnehierbeimirichbedankemichfurallesliebegrussetantejasmina/aallesugteichwerdeallesnehmenvielendankfurdiebemuhungeswaralleswertichl...
https://0b2d6ff33b.nxcli.io/ramndie/?token=

292 KB
48 KB

1405ms
1051ms

Document
text/html

165.84.217.34
FOURD-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://0b2d6ff33b.nxcli.io/ramndie/?token=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 165.84.217.34 Byfleet, United Kingdom, ASN31463 (FOURD-AS, GB),
Reverse DNS: cloudhost-3464249.uk-south-2.nxcli.net
Software: nginx /
Resource Hash: 573cb54712eed54d3bf9b7b5af9aebb6adb188712eea6db23c7a668e7750e1a8

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

content-encoding: gzip
content-length: 48450
content-type: text/html; charset=UTF-8
date: Mon, 22 Apr 2024 13:46:29 GMT
referrer-policy: no-referrer-when-downgrade
server: nginx
vary: X-Forwarded-Proto,Accept-Encoding
x-cache-nxaccel: BYPASS

Redirect headers

content-type: text/html; charset=UTF-8
date: Mon, 22 Apr 2024 13:46:27 GMT
location: https://0b2d6ff33b.nxcli.io/ramndie/?token=
server: nginx
x-cache-nxaccel: BYPASS

GET
H2 200 staticasset.css
0b2d6ff33b.nxcli.io/ramndie/assets/css/ 11 KB
2 KB 120ms
107ms Stylesheet
text/css 165.84.217.34
FOURD-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/staticasset.css
Requested by: Host: 0b2d6ff33b.nxcli.io
URL: https://0b2d6ff33b.nxcli.io/ramndie/?token=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 165.84.217.34 Byfleet, United Kingdom, ASN31463 (FOURD-AS, GB),
Reverse DNS: cloudhost-3464249.uk-south-2.nxcli.net
Software: nginx /
Resource Hash: aa3e42cd825bf41478a7ddbf8db133fdaa717b60c03de17b8b00b277c84f0820

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://0b2d6ff33b.nxcli.io/ramndie/?token=
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 22 Apr 2024 13:46:29 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 20 Apr 2024 18:38:13 GMT
server: nginx
etag: "2ad7-6168b81be85d5-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
x-cache-nxaccel: STALE
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 1932
expires: Tue, 22 Apr 2025 13:44:11 GMT

GET
H2 200 staticasset2.css
0b2d6ff33b.nxcli.io/ramndie/assets/css/ 24 KB
4 KB 120ms
107ms Stylesheet
text/css 165.84.217.34
FOURD-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/staticasset2.css
Requested by: Host: 0b2d6ff33b.nxcli.io
URL: https://0b2d6ff33b.nxcli.io/ramndie/?token=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 165.84.217.34 Byfleet, United Kingdom, ASN31463 (FOURD-AS, GB),
Reverse DNS: cloudhost-3464249.uk-south-2.nxcli.net
Software: nginx /
Resource Hash: 7a25dfc3218cf7e0d8ef931a8484e7c3ee5d849568e60c59659977b25eb71092

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://0b2d6ff33b.nxcli.io/ramndie/?token=
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 22 Apr 2024 13:46:29 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 20 Apr 2024 18:38:13 GMT
server: nginx
etag: "5f0b-6168b81c056af-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
x-cache-nxaccel: STALE
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 3551
expires: Tue, 22 Apr 2025 13:44:11 GMT

GET
H2 200 staticasset3.css
0b2d6ff33b.nxcli.io/ramndie/assets/css/ 355 KB
35 KB 120ms
108ms Stylesheet
text/css 165.84.217.34
FOURD-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/staticasset3.css
Requested by: Host: 0b2d6ff33b.nxcli.io
URL: https://0b2d6ff33b.nxcli.io/ramndie/?token=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 165.84.217.34 Byfleet, United Kingdom, ASN31463 (FOURD-AS, GB),
Reverse DNS: cloudhost-3464249.uk-south-2.nxcli.net
Software: nginx /
Resource Hash: e75bddbbe19539b3c7f745fb74948378df59ae6f12c85c72928f73e110ab4bde

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://0b2d6ff33b.nxcli.io/ramndie/?token=
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 22 Apr 2024 13:46:29 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 20 Apr 2024 18:38:13 GMT
server: nginx
etag: "58aea-6168b81c1a2b8-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
x-cache-nxaccel: STALE
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 36122
expires: Tue, 22 Apr 2025 13:44:11 GMT

GET
H2 200 staticasset4.css
0b2d6ff33b.nxcli.io/ramndie/assets/css/ 281 KB
29 KB 120ms
108ms Stylesheet
text/css 165.84.217.34
FOURD-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/staticasset4.css
Requested by: Host: 0b2d6ff33b.nxcli.io
URL: https://0b2d6ff33b.nxcli.io/ramndie/?token=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 165.84.217.34 Byfleet, United Kingdom, ASN31463 (FOURD-AS, GB),
Reverse DNS: cloudhost-3464249.uk-south-2.nxcli.net
Software: nginx /
Resource Hash: 8d4350370980440d6ac166ea9c802fa09560f172e9a097d38451c083beffbaeb

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://0b2d6ff33b.nxcli.io/ramndie/?token=
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 22 Apr 2024 13:46:29 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 20 Apr 2024 18:38:13 GMT
server: nginx
etag: "46530-6168b81c35c22-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
x-cache-nxaccel: STALE
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 29860
expires: Tue, 22 Apr 2025 13:44:11 GMT

GET
H2 200 avgk.css
0b2d6ff33b.nxcli.io/ramndie/assets/css/ 21 KB
3 KB 120ms
108ms Stylesheet
text/css 165.84.217.34
FOURD-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/avgk.css
Requested by: Host: 0b2d6ff33b.nxcli.io
URL: https://0b2d6ff33b.nxcli.io/ramndie/?token=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 165.84.217.34 Byfleet, United Kingdom, ASN31463 (FOURD-AS, GB),
Reverse DNS: cloudhost-3464249.uk-south-2.nxcli.net
Software: nginx /
Resource Hash: 9078f5be6100c40ba61e6c1d3f11a15383d11faf5675410e940d83501bc7d769

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://0b2d6ff33b.nxcli.io/ramndie/?token=
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 22 Apr 2024 13:46:29 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 20 Apr 2024 18:38:10 GMT
server: nginx
etag: "541b-6168b819b1b4d-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
x-cache-nxaccel: STALE
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 3463
expires: Tue, 22 Apr 2025 13:44:11 GMT

GET
H2 200 main.css
0b2d6ff33b.nxcli.io/ramndie/assets/css/ 31 KB
4 KB 121ms
109ms Stylesheet
text/css 165.84.217.34
FOURD-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/main.css
Requested by: Host: 0b2d6ff33b.nxcli.io
URL: https://0b2d6ff33b.nxcli.io/ramndie/?token=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 165.84.217.34 Byfleet, United Kingdom, ASN31463 (FOURD-AS, GB),
Reverse DNS: cloudhost-3464249.uk-south-2.nxcli.net
Software: nginx /
Resource Hash: 34de64f77ce8d8eb483e1aa9bfc3100b9638bd8100ae2e03d1ddbe382a8000c0

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://0b2d6ff33b.nxcli.io/ramndie/?token=
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 22 Apr 2024 13:46:29 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 20 Apr 2024 18:38:12 GMT
server: nginx
etag: "7c69-6168b81ad72ae-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
x-cache-nxaccel: STALE
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 4086
expires: Tue, 22 Apr 2025 13:44:11 GMT

GET
H2 200 main2.css
0b2d6ff33b.nxcli.io/ramndie/assets/css/ 824 KB
67 KB 116ms
109ms Stylesheet
text/css 165.84.217.34
FOURD-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/main2.css
Requested by: Host: 0b2d6ff33b.nxcli.io
URL: https://0b2d6ff33b.nxcli.io/ramndie/?token=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 165.84.217.34 Byfleet, United Kingdom, ASN31463 (FOURD-AS, GB),
Reverse DNS: cloudhost-3464249.uk-south-2.nxcli.net
Software: nginx /
Resource Hash: 66b6c9e1ba15d338c47b8323a874a44f224a81d14a5d2c084359c6b4ca6a39fe

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://0b2d6ff33b.nxcli.io/ramndie/?token=
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 22 Apr 2024 13:46:29 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 20 Apr 2024 18:38:12 GMT
server: nginx
etag: "ce199-6168b81b40e1c-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
x-cache-nxaccel: STALE
content-type: text/css
cache-control: max-age=31536000
expires: Tue, 22 Apr 2025 13:44:11 GMT

GET
H2 200 CoveoFullSearch.css
0b2d6ff33b.nxcli.io/ramndie/assets/css/ 495 KB
54 KB 116ms
109ms Stylesheet
text/css 165.84.217.34
FOURD-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/CoveoFullSearch.css
Requested by: Host: 0b2d6ff33b.nxcli.io
URL: https://0b2d6ff33b.nxcli.io/ramndie/?token=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 165.84.217.34 Byfleet, United Kingdom, ASN31463 (FOURD-AS, GB),
Reverse DNS: cloudhost-3464249.uk-south-2.nxcli.net
Software: nginx /
Resource Hash: c6e2e510fb8ca2cf90e44ed06b7cb2655c4459cefa6278803254f6449642f542

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://0b2d6ff33b.nxcli.io/ramndie/?token=
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 22 Apr 2024 13:46:29 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 20 Apr 2024 18:38:11 GMT
server: nginx
etag: "7bdf8-6168b81a3be45-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
x-cache-nxaccel: STALE
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 54661
expires: Tue, 22 Apr 2025 13:44:11 GMT

GET
H2 200 CoveoForSitecore.css
0b2d6ff33b.nxcli.io/ramndie/assets/css/ 3 KB
1 KB 116ms
110ms Stylesheet
text/css 165.84.217.34
FOURD-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/CoveoForSitecore.css
Requested by: Host: 0b2d6ff33b.nxcli.io
URL: https://0b2d6ff33b.nxcli.io/ramndie/?token=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 165.84.217.34 Byfleet, United Kingdom, ASN31463 (FOURD-AS, GB),
Reverse DNS: cloudhost-3464249.uk-south-2.nxcli.net
Software: nginx /
Resource Hash: 127f46d8e3c5e2ef9eea5a261168b1ac975bf01de34202d90a1c7fa87fb2cd41

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://0b2d6ff33b.nxcli.io/ramndie/?token=
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 22 Apr 2024 13:46:29 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 20 Apr 2024 18:38:11 GMT
server: nginx
etag: "d50-6168b81a08222-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
x-cache-nxaccel: STALE
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 1042
expires: Tue, 22 Apr 2025 13:44:11 GMT

GET
H2 200 scripts.js Show response
0b2d6ff33b.nxcli.io/ramndie/assets/css/ 4 KB
1 KB 189ms
183ms Script
application/x-javascript 165.84.217.34
FOURD-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/scripts.js
Requested by: Host: 0b2d6ff33b.nxcli.io
URL: https://0b2d6ff33b.nxcli.io/ramndie/?token=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 165.84.217.34 Byfleet, United Kingdom, ASN31463 (FOURD-AS, GB),
Reverse DNS: cloudhost-3464249.uk-south-2.nxcli.net
Software: nginx /
Resource Hash: 16b0fcf0bd2c044a6574bd1a872767fef935296cef78fa1f098ef5b75005a74b

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://0b2d6ff33b.nxcli.io/ramndie/?token=
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 22 Apr 2024 13:46:29 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 20 Apr 2024 18:38:13 GMT
server: nginx
etag: "10d6-6168b81bd6c94-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
x-cache-nxaccel: STALE
content-type: application/x-javascript
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 1346
expires: Tue, 22 Apr 2025 13:44:11 GMT

GET
H2 200 Logo.svg
0b2d6ff33b.nxcli.io/ramndie/assets/css/ 3 KB
2 KB 189ms
183ms Image
image/svg+xml 165.84.217.34
FOURD-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/Logo.svg
Requested by: Host: 0b2d6ff33b.nxcli.io
URL: https://0b2d6ff33b.nxcli.io/ramndie/?token=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 165.84.217.34 Byfleet, United Kingdom, ASN31463 (FOURD-AS, GB),
Reverse DNS: cloudhost-3464249.uk-south-2.nxcli.net
Software: nginx /
Resource Hash: b1d8e73aeaca62e519b792ade3c0400821a86647bb75095a1367ae0301af807d

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://0b2d6ff33b.nxcli.io/ramndie/?token=
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 22 Apr 2024 13:46:29 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 20 Apr 2024 18:38:12 GMT
server: nginx
etag: "dde-6168b81ab3c44-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
x-cache-nxaccel: STALE
content-type: image/svg+xml
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 1567
expires: Tue, 22 Apr 2025 13:44:11 GMT

GET
H2 200 barcode.png
0b2d6ff33b.nxcli.io/ramndie/assets/css/ 9 KB
9 KB 186ms
178ms Image
image/png 165.84.217.34
FOURD-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/barcode.png
Requested by: Host: 0b2d6ff33b.nxcli.io
URL: https://0b2d6ff33b.nxcli.io/ramndie/?token=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 165.84.217.34 Byfleet, United Kingdom, ASN31463 (FOURD-AS, GB),
Reverse DNS: cloudhost-3464249.uk-south-2.nxcli.net
Software: nginx /
Resource Hash: b000a4932233e8f87294c07aaf6173088e549c588e4d968cd9889a28efe821f1

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://0b2d6ff33b.nxcli.io/ramndie/?token=
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 22 Apr 2024 13:46:29 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 20 Apr 2024 18:38:11 GMT
server: nginx
etag: "2427-6168b819e76b0"
vary: X-Forwarded-Proto,Accept-Encoding
x-cache-nxaccel: STALE
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 9255
expires: Tue, 22 Apr 2025 13:44:11 GMT

GET
H2 404 GetPreviewImage
0b2d6ff33b.nxcli.io/ramndie/Paketetiketten%20Inland_files/ 17 KB
17 KB 431ms
431ms Image
text/html 165.84.217.34
FOURD-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://0b2d6ff33b.nxcli.io/ramndie/Paketetiketten%20Inland_files/GetPreviewImage
Requested by: Host: 0b2d6ff33b.nxcli.io
URL: https://0b2d6ff33b.nxcli.io/ramndie/?token=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 165.84.217.34 Byfleet, United Kingdom, ASN31463 (FOURD-AS, GB),
Reverse DNS: cloudhost-3464249.uk-south-2.nxcli.net
Software: nginx /
Resource Hash: c2b5cac2721aba603b07e013299762a4365ded7b452eaf01b357a69ac4ee5892

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://0b2d6ff33b.nxcli.io/ramndie/?token=
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 22 Apr 2024 13:46:29 GMT
content-encoding: br
referrer-policy: no-referrer-when-downgrade
server: nginx
vary: Accept-Encoding, X-Forwarded-Proto,Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://0b2d6ff33b.nxcli.io/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 404 GetPreviewImage
0b2d6ff33b.nxcli.io/vgkklp2/avgk/Standardprozess/ 17 KB
17 KB 389ms
388ms Image
text/html 165.84.217.34
FOURD-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://0b2d6ff33b.nxcli.io/vgkklp2/avgk/Standardprozess/GetPreviewImage
Requested by: Host: 0b2d6ff33b.nxcli.io
URL: https://0b2d6ff33b.nxcli.io/ramndie/?token=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 165.84.217.34 Byfleet, United Kingdom, ASN31463 (FOURD-AS, GB),
Reverse DNS: cloudhost-3464249.uk-south-2.nxcli.net
Software: nginx /
Resource Hash: 76b60da079c56afb9fb96f433b0fc0e36bced15e07699cb8579bff266f46c0f9

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://0b2d6ff33b.nxcli.io/ramndie/?token=
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 22 Apr 2024 13:46:30 GMT
content-encoding: br
referrer-policy: no-referrer-when-downgrade
server: nginx
vary: Accept-Encoding, X-Forwarded-Proto,Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://0b2d6ff33b.nxcli.io/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
719 B 759ms
84ms Stylesheet
text/css 142.250.186.42
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:300,400,700

Requested by

Host: 0b2d6ff33b.nxcli.io
URL: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/CoveoFullSearch.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.42 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f10.1e100.net

Software

ESF /

Resource Hash

3664baae915287963f2635a6d61279ab1e78a0e98caf608759344fd776e98111

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/CoveoFullSearch.css
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security: max-age=31536000
date: Mon, 22 Apr 2024 13:46:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
expires: Mon, 22 Apr 2024 13:46:30 GMT

GET
H2 200 9aa32a81-1124-4c43-b3db-15bfb1f7aed2.woff
0b2d6ff33b.nxcli.io/ramndie/assets/css/ 37 KB
37 KB 129ms
127ms Font
application/font-woff 165.84.217.34
FOURD-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/9aa32a81-1124-4c43-b3db-15bfb1f7aed2.woff
Requested by: Host: 0b2d6ff33b.nxcli.io
URL: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/staticasset4.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 165.84.217.34 Byfleet, United Kingdom, ASN31463 (FOURD-AS, GB),
Reverse DNS: cloudhost-3464249.uk-south-2.nxcli.net
Software: nginx /
Resource Hash: dceea27395ed1b2ab536cc460a7b398429d88232a11cea81458db125457a2b1c

Request headers

Referer: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/staticasset4.css
Origin: https://0b2d6ff33b.nxcli.io
Accept-Language: de-CH,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 22 Apr 2024 13:46:30 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 20 Apr 2024 18:38:10 GMT
server: nginx
etag: "94b4-6168b81982962-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
x-cache-nxaccel: STALE
content-type: application/font-woff
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 37874
expires: Tue, 22 Apr 2025 13:44:11 GMT

GET
H/1.1 200
OK FrutigerNeueforPostW05-Rg.woff2
fonts.post.ch/frutigerneueforpost/v2/ 29 KB
29 KB 307ms
78ms Font
font/woff2 194.41.184.89
CH-POSTNETZ Post ...

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.post.ch/frutigerneueforpost/v2/FrutigerNeueforPostW05-Rg.woff2

Requested by

Host: 0b2d6ff33b.nxcli.io
URL: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/main2.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

194.41.184.89 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),

Reverse DNS

Software

Apache /

Resource Hash

f0cc503406af0014db4fda7ee45b3c5a50d694813631e99666c0e244d608ea01

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/main2.css
Origin: https://0b2d6ff33b.nxcli.io
Accept-Language: de-CH,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date: Mon, 22 Apr 2024 13:46:30 GMT
Strict-Transport-Security: max-age=63072000
X-Content-Type-Options: nosniff
X-RP-UNIQUE_ID: ZiZqNtWokX6YCWI4T4H8nwAAAJw
Connection: Keep-Alive
Content-Length: 29420
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 15 Aug 2023 07:13:09 GMT
Server: Apache
traceparent: 00-12bc57fa5a2fcd7fd53f6aa504387113-c141f57cbfe90f35-00
ETag: "72ec-602f0e94a6f0a"
X-Frame-Options: SAMEORIGIN
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100

GET
H/1.1 200
OK FrutigerNeueforPostW05-Lt.woff2
fonts.post.ch/frutigerneueforpost/v2/ 29 KB
30 KB 318ms
89ms Font
font/woff2 194.41.184.89
CH-POSTNETZ Post ...

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.post.ch/frutigerneueforpost/v2/FrutigerNeueforPostW05-Lt.woff2

Requested by

Host: 0b2d6ff33b.nxcli.io
URL: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/main2.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

194.41.184.89 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),

Reverse DNS

Software

Apache /

Resource Hash

974ab73c257f54ad5a7cd4ccf390c61e2ca22b9b6706ff4880ad900a1a2bbc9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/main2.css
Origin: https://0b2d6ff33b.nxcli.io
Accept-Language: de-CH,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date: Mon, 22 Apr 2024 13:46:30 GMT
Strict-Transport-Security: max-age=63072000
X-Content-Type-Options: nosniff
X-RP-UNIQUE_ID: ZiZqNtWokX6YCWI4T4H8oAAAAL8
Connection: Keep-Alive
Content-Length: 30008
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 15 Aug 2023 07:13:09 GMT
Server: Apache
traceparent: 00-95ff5eaa1e93a3fac0a5d8c9cdca1591-fd931eca16eaf390-00
ETag: "7538-602f0e94a6b22"
X-Frame-Options: SAMEORIGIN
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100

GET
H/1.1 200
OK FrutigerNeueforPostW05-Bold.woff2
fonts.post.ch/frutigerneueforpost/v2/ 29 KB
30 KB 319ms
89ms Font
font/woff2 194.41.184.89
CH-POSTNETZ Post ...

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.post.ch/frutigerneueforpost/v2/FrutigerNeueforPostW05-Bold.woff2

Requested by

Host: 0b2d6ff33b.nxcli.io
URL: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/main2.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

194.41.184.89 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),

Reverse DNS

Software

Apache /

Resource Hash

dc645ddffd4b66feb1f5be4d4c661a9ab2e9be2a26c4a08b376ab68d9025dcd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/main2.css
Origin: https://0b2d6ff33b.nxcli.io
Accept-Language: de-CH,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date: Mon, 22 Apr 2024 13:46:30 GMT
Strict-Transport-Security: max-age=63072000
X-Content-Type-Options: nosniff
X-RP-UNIQUE_ID: ZiZqNmqxqANUT3ty158nIQAAADw
Connection: Keep-Alive
Content-Length: 29452
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 15 Aug 2023 07:13:09 GMT
Server: Apache
traceparent: 00-38f98c287f7b89482609ba373c1705b4-7d74eb1a06c4f78f-00
ETag: "730c-602f0e94a673a"
X-Frame-Options: SAMEORIGIN
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100

GET
H2 200 2a004a53-ac5c-43b3-9eeb-9f74ae4c1609.woff
0b2d6ff33b.nxcli.io/ramndie/assets/css/ 50 KB
50 KB 129ms
128ms Font
application/font-woff 165.84.217.34
FOURD-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/2a004a53-ac5c-43b3-9eeb-9f74ae4c1609.woff
Requested by: Host: 0b2d6ff33b.nxcli.io
URL: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/staticasset4.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 165.84.217.34 Byfleet, United Kingdom, ASN31463 (FOURD-AS, GB),
Reverse DNS: cloudhost-3464249.uk-south-2.nxcli.net
Software: nginx /
Resource Hash: fa4f0aed1d0ec5764d186315819d7d80651bf620bc6378a9745701ad501a4984

Request headers

Referer: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/staticasset4.css
Origin: https://0b2d6ff33b.nxcli.io
Accept-Language: de-CH,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 22 Apr 2024 13:46:30 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 20 Apr 2024 18:38:10 GMT
server: nginx
etag: "c900-6168b8197b04a-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
x-cache-nxaccel: STALE
content-type: application/font-woff
cache-control: max-age=31536000
expires: Tue, 22 Apr 2025 13:44:11 GMT

GET
H2 404 3fbbd6b1-cfa7-4ff0-97ea-af1b2c489f15.woff
0b2d6ff33b.nxcli.io/ramndie/assets/css/ 0
0 129ms
129ms Font
text/html 165.84.217.34
FOURD-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/3fbbd6b1-cfa7-4ff0-97ea-af1b2c489f15.woff
Requested by: Host: 0b2d6ff33b.nxcli.io
URL: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/staticasset4.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 165.84.217.34 Byfleet, United Kingdom, ASN31463 (FOURD-AS, GB),
Reverse DNS: cloudhost-3464249.uk-south-2.nxcli.net
Software: nginx /
Resource Hash

Request headers

Referer: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/staticasset4.css
Origin: https://0b2d6ff33b.nxcli.io
Accept-Language: de-CH,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 22 Apr 2024 13:46:30 GMT
content-encoding: br
referrer-policy: no-referrer-when-downgrade
server: nginx
vary: Accept-Encoding, X-Forwarded-Proto,Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://0b2d6ff33b.nxcli.io/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 404 076311f8-a01b-4389-a5eb-334a62e62d45.ttf
0b2d6ff33b.nxcli.io/ramndie/assets/css/ 0
0 137ms
136ms Font
text/html 165.84.217.34
FOURD-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/076311f8-a01b-4389-a5eb-334a62e62d45.ttf
Requested by: Host: 0b2d6ff33b.nxcli.io
URL: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/staticasset4.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 165.84.217.34 Byfleet, United Kingdom, ASN31463 (FOURD-AS, GB),
Reverse DNS: cloudhost-3464249.uk-south-2.nxcli.net
Software: nginx /
Resource Hash

Request headers

Referer: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/staticasset4.css
Origin: https://0b2d6ff33b.nxcli.io
Accept-Language: de-CH,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 22 Apr 2024 13:46:30 GMT
content-encoding: br
referrer-policy: no-referrer-when-downgrade
server: nginx
vary: Accept-Encoding, X-Forwarded-Proto,Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://0b2d6ff33b.nxcli.io/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 favicon.ico
0b2d6ff33b.nxcli.io/ramndie/assets/css/ 4 KB
1 KB 130ms
130ms Other
image/x-icon 165.84.217.34
FOURD-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 165.84.217.34 Byfleet, United Kingdom, ASN31463 (FOURD-AS, GB),
Reverse DNS: cloudhost-3464249.uk-south-2.nxcli.net
Software: nginx /
Resource Hash: 6de3d244cb663b977d0621f96db93337027c1ca5f6b7f46b8dd529e3879d1775

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://0b2d6ff33b.nxcli.io/ramndie/?token=
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 22 Apr 2024 13:46:30 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 20 Apr 2024 18:38:11 GMT
server: nginx
etag: "e36-6168b81a58f1f-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
x-cache-nxaccel: STALE
content-type: image/x-icon
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 1391
expires: Tue, 22 Apr 2025 13:44:12 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Swiss Post (Transportation)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://0b2d6ff33b.nxcli.io/ramndie/Paketetiketten%20Inland_files/GetPreviewImage Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://0b2d6ff33b.nxcli.io/vgkklp2/avgk/Standardprozess/GetPreviewImage Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/3fbbd6b1-cfa7-4ff0-97ea-af1b2c489f15.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://0b2d6ff33b.nxcli.io/ramndie/assets/css/076311f8-a01b-4389-a5eb-334a62e62d45.ttf Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0b2d6ff33b.nxcli.io
9faf020c97.nxcli.io
fonts.googleapis.com
fonts.post.ch
ow.ly
142.250.186.42
165.84.217.34
174.129.117.93
185.145.13.84
194.41.184.89
127f46d8e3c5e2ef9eea5a261168b1ac975bf01de34202d90a1c7fa87fb2cd41
16b0fcf0bd2c044a6574bd1a872767fef935296cef78fa1f098ef5b75005a74b
34de64f77ce8d8eb483e1aa9bfc3100b9638bd8100ae2e03d1ddbe382a8000c0
3664baae915287963f2635a6d61279ab1e78a0e98caf608759344fd776e98111
573cb54712eed54d3bf9b7b5af9aebb6adb188712eea6db23c7a668e7750e1a8
66b6c9e1ba15d338c47b8323a874a44f224a81d14a5d2c084359c6b4ca6a39fe
6de3d244cb663b977d0621f96db93337027c1ca5f6b7f46b8dd529e3879d1775
76b60da079c56afb9fb96f433b0fc0e36bced15e07699cb8579bff266f46c0f9
7a25dfc3218cf7e0d8ef931a8484e7c3ee5d849568e60c59659977b25eb71092
8d4350370980440d6ac166ea9c802fa09560f172e9a097d38451c083beffbaeb
9078f5be6100c40ba61e6c1d3f11a15383d11faf5675410e940d83501bc7d769
974ab73c257f54ad5a7cd4ccf390c61e2ca22b9b6706ff4880ad900a1a2bbc9e
aa3e42cd825bf41478a7ddbf8db133fdaa717b60c03de17b8b00b277c84f0820
b000a4932233e8f87294c07aaf6173088e549c588e4d968cd9889a28efe821f1
b1d8e73aeaca62e519b792ade3c0400821a86647bb75095a1367ae0301af807d
c2b5cac2721aba603b07e013299762a4365ded7b452eaf01b357a69ac4ee5892
c6e2e510fb8ca2cf90e44ed06b7cb2655c4459cefa6278803254f6449642f542
dc645ddffd4b66feb1f5be4d4c661a9ab2e9be2a26c4a08b376ab68d9025dcd9
dceea27395ed1b2ab536cc460a7b398429d88232a11cea81458db125457a2b1c
e75bddbbe19539b3c7f745fb74948378df59ae6f12c85c72928f73e110ab4bde
f0cc503406af0014db4fda7ee45b3c5a50d694813631e99666c0e244d608ea01
fa4f0aed1d0ec5764d186315819d7d80651bf620bc6378a9745701ad501a4984

0b2d6ff33b.nxcli.io Open in urlscan Pro 165.84.217.34 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

24 Requests

100 %HTTPS

0 %IPv6

4 Domains

5 Subdomains

3 IPs

3 Countries

471 kBTransfer

2569 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

24 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

0 Cookies

4 Console Messages

Indicators

0b2d6ff33b.nxcli.io Open in urlscan Pro
165.84.217.34 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

24
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

3
IPs

3
Countries

471 kB
Transfer

2569 kB
Size

0
Cookies

24 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!