|
|
r3.o.lencr.org/ |
 23.36.76.226 |
200 OK |
503 |
-
-
IP
23.36.76.226:0
-
ASN
#20940 Akamai International B.V.
-
-
-
-
Hash
0643dc6b6fed33b3537160b6bb77bcbf
aa43bd1fbb30d2219f3285c1ee4991ffb33562c5
f137438e30e0d69cba77ca2eb736687873e4a9c06cf88d23c6d55ea930fde09f
-
-
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
-
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F137438E30E0D69CBA77CA2EB736687873E4A9C06CF88D23C6D55EA930FDE09F"
Last-Modified: Sat, 14 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2313
Expires: Mon, 16 Jan 2023 21:57:26 GMT
Date: Mon, 16 Jan 2023 21:18:53 GMT
Connection: keep-alive
-
|
|
|
|
r3.o.lencr.org/ |
23.36.76.226 |
200 OK |
503 |
-
-
IP
23.36.76.226:0
-
ASN
#20940 Akamai International B.V.
-
-
-
-
Hash
2258cd6b877a3aca8f4c84074e65ac4b
4e46c70941f8e497e8afc8d078644e7f81761a1c
faac4e0d123f2112b58953c104ea746cd53047fc1ada0ef5d669feecf78ddfff
-
-
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
-
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FAAC4E0D123F2112B58953C104EA746CD53047FC1ADA0EF5D669FEECF78DDFFF"
Last-Modified: Sat, 14 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7898
Expires: Mon, 16 Jan 2023 23:30:31 GMT
Date: Mon, 16 Jan 2023 21:18:53 GMT
Connection: keep-alive
-
|
|
|
|
firefox.settings.services.mozilla.com/v1/ |
 35.241.9.150 |
200 OK |
939 |
-
URL
HTTP/2
firefox.settings.services.mozilla.com/v1/
-
IP
35.241.9.150:0
-
-
-
-
Magic
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
-
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
-
-
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
-
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 16 Jan 2023 20:49:11 GMT
content-type: application/json
age: 1782
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
-
|
|
|
|
r3.o.lencr.org/ |
23.36.76.226 |
200 OK |
503 |
-
-
IP
23.36.76.226:0
-
ASN
#20940 Akamai International B.V.
-
-
-
-
Hash
f7bd85a261739c122eefb74ffddaec99
e2e059b0740592e8591d432249aafe5fcb8af23c
71bdd130b8d143f228542f678e91c98ab4e5844fb9f47b036e15372660be25fd
-
-
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
-
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "71BDD130B8D143F228542F678E91C98AB4E5844FB9F47B036E15372660BE25FD"
Last-Modified: Sat, 14 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3728
Expires: Mon, 16 Jan 2023 22:21:01 GMT
Date: Mon, 16 Jan 2023 21:18:53 GMT
Connection: keep-alive
-
|
|
|
|
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain |
34.160.144.191 |
200 OK |
5348 |
-
URL
HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
-
IP
34.160.144.191:0
-
-
-
-
Magic
PEM certificate\012- , ASCII text
-
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
-
-
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
-
HTTP/2 200 OK
x-amz-id-2: u/wWRDfa0+GGHOOLmnDikpNdMChCxR08IWT38y4piUD5xFJ6a09niKIcnqD1LezGEu8tmBU/B9s=
x-amz-request-id: Z729Y51MWWY6V03N
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 16 Jan 2023 20:44:43 GMT
age: 2051
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
-
|
|
|
|
contile.services.mozilla.com/v1/tiles |
34.117.237.239 |
200 OK |
12 |
-
URL
HTTP/2
contile.services.mozilla.com/v1/tiles
-
IP
34.117.237.239:0
-
-
-
-
Magic
JSON data\012- , ASCII text, with no line terminators
-
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
-
-
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
-
HTTP/2 200 OK
server: nginx
date: Mon, 16 Jan 2023 21:18:54 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
-
|
|
|
|
nitro.neeve.co/ |
 104.21.60.79 |
200 OK |
69742 |
-
-
IP
104.21.60.79:0
-
-
-
-
Magic
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (355)
-
Hash
8897c1f13957259cae3954f63468c4d5
7f08deb699871ceff9c16523300d4827616ac6b1
4d96b19d45a5e27061317efd4e074cb52ea30dfc5bd85372014911c6463883af
-
| Analyzer |
Verdict |
Alert |
| openphish |
Discord |
|
| phishtank |
Other |
|
| fortinet |
Phishing |
|
-
GET / HTTP/1.1
Host: nitro.neeve.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
-
HTTP/1.1 200 OK
Date: Mon, 16 Jan 2023 21:18:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 04 Feb 2022 13:52:11 GMT
Vary: Accept-Encoding
Cache-Control: max-age=86400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=owduRJtMZj%2Fk%2Fo72esZNX5nZrjWUHqrbQdhiusURJbAFnL7FkF8rwRVaJWaw3cdvUQEBT6eJK%2BFN0lOw4rj5GKCj959UkaYyug%2B5HCMViTIqr70a7wDSdqpBC%2BD05p7Xlg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78a9e2e21890b51e-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
-
|
|
|
|
ocsp.pki.goog/gts1c3 |
142.250.74.131 |
200 OK |
471 |
-
-
IP
142.250.74.131:0
-
-
-
-
-
Hash
1b2e51abfd12507b00ebd8b7afda6308
4d3d5fa49e007714dd37da7da25d9d490d05bd0a
85a04d4cf987fcc2d087ab815a8d373e164a2adf2bf478e7a5c1fae3e109ba26
-
-
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
-
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 16 Jan 2023 21:18:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
-
|
|
|
|
ocsp.pki.goog/gts1c3 |
142.250.74.131 |
200 OK |
471 |
-
-
IP
142.250.74.131:0
-
-
-
-
-
Hash
1b2e51abfd12507b00ebd8b7afda6308
4d3d5fa49e007714dd37da7da25d9d490d05bd0a
85a04d4cf987fcc2d087ab815a8d373e164a2adf2bf478e7a5c1fae3e109ba26
-
-
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
-
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 16 Jan 2023 21:18:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
-
|
|
|
|
nitro.neeve.co/steam_nitro_files/animate.min.css |
104.21.60.79 |
200 OK |
5270 |
-
URL
HTTP/1.1
nitro.neeve.co/steam_nitro_files/animate.min.css
-
IP
104.21.60.79:0
-
-
-
-
Magic
ASCII text, with very long lines (65348)
-
Hash
ac23b5088eae379ce967c2f8da6b3b61
d3da9cc72f6de6b0b580b4b33bed74f2c0ecc750
177275b6f527e9c8482c5e4e6cc7e19d6575378292079185e0db4e0b82196d37
-
| Analyzer |
Verdict |
Alert |
| openphish |
Discord |
|
| phishtank |
Other |
|
-
GET /steam_nitro_files/animate.min.css HTTP/1.1
Host: nitro.neeve.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nitro.neeve.co/
-
HTTP/1.1 200 OK
Date: Mon, 16 Jan 2023 21:18:54 GMT
Content-Type: text/css
Content-Length: 5270
Connection: keep-alive
Last-Modified: Fri, 04 Feb 2022 11:05:12 GMT
ETag: "11846-5d72f3984ea00-gzip"
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YufOzBxWk63Px5KZty08IuRscmFPTf5wlo6qScW5Cvptpt3y14Qzp40lKKTL0NXGb6278RDar8wodTkHpj0Wr0fNyhLGc4GgESpLlZFybAe5MBQyFVHeo6T34pPgxQP2kQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78a9e2e5cebbb4f1-OSL
alt-svc: h2=":443"; ma=60
-
|
|
|
|
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US |
35.241.9.150 |
200 OK |
329 |
-
URL
HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
-
IP
35.241.9.150:0
-
-
-
-
Magic
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
-
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
-
-
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
-
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Expires, Pragma, Content-Type, Backoff, Last-Modified, Cache-Control, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 16 Jan 2023 21:17:25 GMT
age: 89
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
-
|
|
|
|
nitro.neeve.co/steam_nitro_files/translateelement.css |
104.21.60.79 |
200 OK |
3655 |
-
URL
HTTP/1.1
nitro.neeve.co/steam_nitro_files/translateelement.css
-
IP
104.21.60.79:0
-
-
-
-
Magic
ASCII text, with very long lines (18670)
-
Hash
8173435a3cfe101b14dfcc0e8affe3ad
2f269eca387685dced568ced06e6261851ce7913
1a3e0a254cd4dd96002919ba8e6d096fa23c42addbeb41a8c132639edf3124ef
-
| Analyzer |
Verdict |
Alert |
| openphish |
Discord |
|
| phishtank |
Other |
|
-
GET /steam_nitro_files/translateelement.css HTTP/1.1
Host: nitro.neeve.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nitro.neeve.co/
-
HTTP/1.1 200 OK
Date: Mon, 16 Jan 2023 21:18:54 GMT
Content-Type: text/css
Content-Length: 3655
Connection: keep-alive
Last-Modified: Fri, 04 Feb 2022 11:05:12 GMT
ETag: "4924-5d72f3984ea00-gzip"
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gYu3YkTKeXyLxKKrB8bfbKXJcsBhd6orVPzFjxgwZx3J0Z1DU2SKNaadNq5141r71gIh2a%2BL7Habfo36zFRkhZQte3pTmfjxLQNZcwHNXee1mk8aNpYkIx%2BUSEHzudA47g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78a9e2e62e1ab51e-OSL
alt-svc: h2=":443"; ma=60
-
|
|
|
|
ocsp.digicert.com/ |
 93.184.220.29 |
200 OK |
471 |
-
-
IP
93.184.220.29:0
-
-
-
-
-
Hash
d03545e1fc5a8876441094039811aac5
99fcc840f3516298625c528e9b408132f7fcbb9c
166fa7c7bb716b2cd02a47884ee00df31030dfb4b2a6fdae7b59b19f87739123
-
-
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
-
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3261
Cache-Control: max-age=132140
Content-Type: application/ocsp-response
Date: Mon, 16 Jan 2023 21:18:54 GMT
Etag: "63c513ad-1d7"
Expires: Wed, 18 Jan 2023 10:01:14 GMT
Last-Modified: Mon, 16 Jan 2023 09:06:53 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
-
|
|
|
|
nitro.neeve.co/steam_nitro_files/0.1fafb1729b3e11fa547c.css |
104.21.60.79 |
200 OK |
53859 |
-
URL
HTTP/1.1
nitro.neeve.co/steam_nitro_files/0.1fafb1729b3e11fa547c.css
-
IP
104.21.60.79:0
-
-
-
-
Magic
ASCII text, with very long lines (16985)
-
Hash
c6ee4557a2acc5eec60a5c098cedd333
e016e6edd60ba9649a1bbb8280d0c1fd07a16390
ca2e68b5f3e9d79dc048fdbcfbefa9d4a7262b90227ef69d90c2a74fee83fb20
-
| Analyzer |
Verdict |
Alert |
| openphish |
Discord |
|
| phishtank |
Other |
|
-
GET /steam_nitro_files/0.1fafb1729b3e11fa547c.css HTTP/1.1
Host: nitro.neeve.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nitro.neeve.co/
-
HTTP/1.1 200 OK
Date: Mon, 16 Jan 2023 21:18:54 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 04 Feb 2022 11:05:12 GMT
ETag: "45795-5d72f3984ea00-gzip"
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G1BE2UlujRgwkW7%2Bjhnqh0YagOJWNpLDIJdua2d4h%2FmK7DrAj4xwoGUHaY8xXkKtjHGqSg0Qiz6F%2BzrljQt81h9BY9YB06AtBvCm9U8JCqQ30fFdrydIF%2FOpwtUEdRFgNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78a9e2e5c9abb50f-OSL
alt-svc: h2=":443"; ma=60
-
|
|
|
|
push.services.mozilla.com/ |
44.228.1.109 |
101 Switching Protocols |
0 |
-
URL
HTTP/1.1
push.services.mozilla.com/
-
IP
44.228.1.109:0
-
-
-
-
-
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
-
-
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +e5THtyLUQUiGN8WNsgqHQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
-
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: DgRj4fGPZq7oJMkcQkRhtsPWAT8=
-
|
|
|
|
nitro.neeve.co/steam_nitro_files/22.png |
104.21.60.79 |
200 OK |
12692 |
-
URL
HTTP/1.1
nitro.neeve.co/steam_nitro_files/22.png
-
IP
104.21.60.79:0
-
-
-
-
Magic
PNG image data, 145 x 111, 8-bit/color RGBA, non-interlaced\012- data
-
Hash
b37a8eaa659eda8fc9528bda4bb0ac0a
bc6bd317402590687dc27ffd2b9a23a534eacfe9
2994c443671b189ed7fd5a793d221aebe744539d4f4eec6a2ed730af2c535145
-
| Analyzer |
Verdict |
Alert |
| openphish |
Discord |
|
| phishtank |
Other |
|
-
GET /steam_nitro_files/22.png HTTP/1.1
Host: nitro.neeve.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nitro.neeve.co/
-
HTTP/1.1 200 OK
Date: Mon, 16 Jan 2023 21:18:55 GMT
Content-Type: image/png
Content-Length: 12692
Connection: keep-alive
Last-Modified: Fri, 04 Feb 2022 12:53:58 GMT
ETag: "3194-5d730be7fc580"
Cache-Control: max-age=86400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zw7I8sM1RLtpn0Fl1TAVB0If%2FokZMymNK2CNhaykc9jeP8mKRbYy6dBNE9tgGWPMrmCkR8aQ3ImbYXaspwvH1Dt2DHs9DG58pqK70b3btzc%2FVQDiH6a8XVgI6%2BiNz0t2MA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78a9e2e9bad7b51e-OSL
alt-svc: h2=":443"; ma=60
-
|
|
|
|
nitro.neeve.co/steam_nitro_files/11.png |
104.21.60.79 |
200 OK |
6224 |
-
URL
HTTP/1.1
nitro.neeve.co/steam_nitro_files/11.png
-
IP
104.21.60.79:0
-
-
-
-
Magic
PNG image data, 177 x 97, 8-bit/color RGBA, non-interlaced\012- data
-
Hash
34b9b394dae1f7a16d917844843d46d3
8188ef48ec48600bc17bb25dad8496c736a44e73
2c8813900377de00eb7eb46da030bc732fa7f2a627d2d8e4875a40ce2fbbba0e
-
| Analyzer |
Verdict |
Alert |
| openphish |
Discord |
|
| phishtank |
Other |
|
-
GET /steam_nitro_files/11.png HTTP/1.1
Host: nitro.neeve.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nitro.neeve.co/
-
HTTP/1.1 200 OK
Date: Mon, 16 Jan 2023 21:18:55 GMT
Content-Type: image/png
Content-Length: 6224
Connection: keep-alive
Last-Modified: Fri, 04 Feb 2022 12:49:44 GMT
ETag: "1850-5d730af5c0a00"
Cache-Control: max-age=86400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XG8GEi%2F9xrDrYvJChUsAetulG%2F8sPmGC3aEnQ19HAGQiOKSGUxkph2w%2B2mQqp3M6DT6PKXEhyd1ABg%2BJcwBCTVdlAtSGikGWgI1dd0%2BnjKosy8GoOTJiShHRlLple7Wc1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78a9e2e9bb97b515-OSL
alt-svc: h2=":443"; ma=60
-
|
|
|
|
nitro.neeve.co/steam_nitro_files/44.png |
104.21.60.79 |
200 OK |
19423 |
-
URL
HTTP/1.1
nitro.neeve.co/steam_nitro_files/44.png
-
IP
104.21.60.79:0
-
-
-
-
Magic
PNG image data, 193 x 113, 8-bit/color RGBA, non-interlaced\012- data
-
Hash
90eef639e61460511129c2b40cbb0dc4
6f0af640d7a0b30f6ea3d839d6ba7e2a504a63f9
4ff7dd7f0c62cda8057bfb3809210f6586de455d3b34ec5300e28f143d58d9b0
-
| Analyzer |
Verdict |
Alert |
| openphish |
Discord |
|
| phishtank |
Other |
|
-
GET /steam_nitro_files/44.png HTTP/1.1
Host: nitro.neeve.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nitro.neeve.co/
-
HTTP/1.1 200 OK
Date: Mon, 16 Jan 2023 21:18:55 GMT
Content-Type: image/png
Content-Length: 19423
Connection: keep-alive
Last-Modified: Fri, 04 Feb 2022 12:56:20 GMT
ETag: "4bdf-5d730c6f68500"
Cache-Control: max-age=86400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9D802YhOTOuRUeECTAR%2BSU0uJyu5pFn4mc3yTYOoZrTEKPSH7P5%2F9T0AgHvz3LFvA%2BCcHhqhstagS2hTX6utORVWB3KHMfbvA7Uoq2e2ATml%2B3pyTZZ%2FS0dTBo4oWjXNCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78a9e2e9bedfb50f-OSL
alt-svc: h2=":443"; ma=60
-
|
|
|
|
nitro.neeve.co/steam_nitro_files/3bdef1251a424500c1b3a78dea9b7e57.woff |
104.21.60.79 |
200 OK |
114843 |
-
URL
HTTP/1.1
nitro.neeve.co/steam_nitro_files/3bdef1251a424500c1b3a78dea9b7e57.woff
-
IP
104.21.60.79:0
-
-
-
-
Magic
Web Open Font Format, TrueType, length 76783, version 11128.2\012- data
-
Hash
62515e49f46a4329a07bb18034c2270f
a358a839ce1c19c03e038cf8c138631b8d4c3746
64cbc8b9ad3b034271ee06632f40f379fda6782a0332a88f3ab1c2da3db0d706
-
| Analyzer |
Verdict |
Alert |
| openphish |
Discord |
|
| phishtank |
Other |
|
| fortinet |
Phishing |
|
-
GET /steam_nitro_files/3bdef1251a424500c1b3a78dea9b7e57.woff HTTP/1.1
Host: nitro.neeve.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://nitro.neeve.co/
-
HTTP/1.1 200 OK
Date: Mon, 16 Jan 2023 21:18:56 GMT
Content-Type: font/woff
Content-Length: 114843
Connection: keep-alive
Last-Modified: Fri, 04 Feb 2022 13:33:04 GMT
ETag: "1c09b-5d7314a54e400"
Cache-Control: max-age=86400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AtWPpSle7z%2BsKikr5geFAF%2FomcKtH0gTxrQJqbmTAEB8%2Bh%2BDxQsirXupihyGMb1tWPqGlyzs1eRr6HWebe4d9t%2Fq%2B7pD5NJLN%2BZmfzrKWdaXgixuBT5rXRkfVTTEdjJIMA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78a9e2ebbe0cb515-OSL
alt-svc: h2=":443"; ma=60
-
|
|
|
|
r3.o.lencr.org/ |
23.36.76.226 |
200 OK |
503 |
-
-
IP
23.36.76.226:0
-
ASN
#20940 Akamai International B.V.
-
-
-
-
Hash
6b6a65d2536cc8f99e68793ae265b595
f65e75f8419bd83e26f49def7fa2604db5f77b4d
94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9
-
-
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
-
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14988
Expires: Tue, 17 Jan 2023 01:28:44 GMT
Date: Mon, 16 Jan 2023 21:18:56 GMT
Connection: keep-alive
-
|
|
|
|
r3.o.lencr.org/ |
23.36.76.226 |
200 OK |
503 |
-
-
IP
23.36.76.226:0
-
ASN
#20940 Akamai International B.V.
-
-
-
-
Hash
6b6a65d2536cc8f99e68793ae265b595
f65e75f8419bd83e26f49def7fa2604db5f77b4d
94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9
-
-
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
-
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14988
Expires: Tue, 17 Jan 2023 01:28:44 GMT
Date: Mon, 16 Jan 2023 21:18:56 GMT
Connection: keep-alive
-
|
|
|
|
nitro.neeve.co/steam_nitro_files/be0060dafb7a0e31d2a1ca17c0708636.woff |
104.21.60.79 |
200 OK |
121930 |
-
URL
HTTP/1.1
nitro.neeve.co/steam_nitro_files/be0060dafb7a0e31d2a1ca17c0708636.woff
-
IP
104.21.60.79:0
-
-
-
-
Magic
Web Open Font Format, TrueType, length 82688, version -16451.2\012- data
-
Hash
56aafd7bdfa0c7228372f9776ed7a291
a202b9da8d6b33a93837e9f6c45cdfdd19726460
3712004f3bb70c91347f4a6210c033319126872fe3f9136091fca19d8163e636
-
| Analyzer |
Verdict |
Alert |
| openphish |
Discord |
|
| phishtank |
Other |
|
| fortinet |
Phishing |
|
-
GET /steam_nitro_files/be0060dafb7a0e31d2a1ca17c0708636.woff HTTP/1.1
Host: nitro.neeve.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://nitro.neeve.co/
-
HTTP/1.1 200 OK
Date: Mon, 16 Jan 2023 21:18:56 GMT
Content-Type: font/woff
Content-Length: 121930
Connection: keep-alive
Last-Modified: Fri, 04 Feb 2022 13:33:04 GMT
ETag: "1dc4a-5d7314a54e400"
Cache-Control: max-age=86400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CqeFIPMe5CnsBdexFtkCkiqm%2FBzMneUKNdXfjGz6k0w9enSC8bhkZuILk1fI%2B98rsm%2B2f%2FnfZOUUejggmvwOYYCl0h%2FHuagXVdMZ1nCrDY3xG05%2BicTbb3jtBPtiAW933g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78a9e2ebad83b51e-OSL
alt-svc: h2=":443"; ma=60
-
|
|
|
|
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcdba5086-6c46-4cc7-9087-e85f89cbe947.jpeg |
34.120.237.76 |
200 OK |
9176 |
-
URL
HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcdba5086-6c46-4cc7-9087-e85f89cbe947.jpeg
-
IP
34.120.237.76:0
-
-
-
-
Magic
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
-
Hash
ad1a79b09348c4959a8ac05513efcb78
10c0a66add63c868ff332022f588e65f4ac1ec15
8a123746389e6b480669b8d6882f7edce290f1c226cd6744e23bac94b8de6d32
-
-
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcdba5086-6c46-4cc7-9087-e85f89cbe947.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
-
HTTP/2 200 OK
server: nginx
content-length: 9176
x-amzn-requestid: 1d5746ff-7de6-4a54-87d2-d15330d1bb58
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: etlL8HiPoAMFrIg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c21be5-044d012445cf23c01cb07a89;Sampled=0
x-amzn-remapped-date: Sat, 14 Jan 2023 03:05:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pfjURj_jUMCbuxIL46hNNw6BeY4YX4TDo-9Ch6R5y3CuWTyt1r3ttw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 16 Jan 2023 03:52:01 GMT
age: 62815
etag: "10c0a66add63c868ff332022f588e65f4ac1ec15"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
-
|
|
|
|
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2fb3ba8-a85e-42ba-b607-87ced36844b2.jpeg |
34.120.237.76 |
200 OK |
5766 |
-
URL
HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2fb3ba8-a85e-42ba-b607-87ced36844b2.jpeg
-
IP
34.120.237.76:0
-
-
-
-
Magic
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
-
Hash
542f87ebb35e170451b610e4b700bcb1
2259cdebacc4c9f07aad838eec494863d4273ad1
85001f2cf33f3fc98d4cdcc7aef38611e34aea3a791d8acb0a5946c4619398eb
-
-
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2fb3ba8-a85e-42ba-b607-87ced36844b2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
-
HTTP/2 200 OK
server: nginx
content-length: 5766
x-amzn-requestid: b6a8d7ee-ff35-4720-8d2e-ba2b8db6edfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ezbP4GDQIAMFTSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c47265-6022a62f69d8f938458d18a0;Sampled=0
x-amzn-remapped-date: Sun, 15 Jan 2023 21:38:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YcIDYSEtEIIfGauNxD9V1tuSCAPDq9OaaAATRTOC3Sjlb-72IA0ScQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 15 Jan 2023 22:06:50 GMT
age: 83526
etag: "2259cdebacc4c9f07aad838eec494863d4273ad1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
-
|
|
|
|
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3456fd70-5207-41e6-abed-adbc381fd7a4.jpeg |
34.120.237.76 |
200 OK |
9801 |
-
URL
HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3456fd70-5207-41e6-abed-adbc381fd7a4.jpeg
-
IP
34.120.237.76:0
-
-
-
-
Magic
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
-
Hash
74ac30be02dee9dcfeee79a7dc54edff
1368d81de22ea2e4054a3e1a8f01ef337c63e35b
8abc2f276906dfb9ce75c2526d2c2cfa6aea6dbe13f4046de1040cd611cbbc1f
-
-
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3456fd70-5207-41e6-abed-adbc381fd7a4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
-
HTTP/2 200 OK
server: nginx
content-length: 9801
x-amzn-requestid: 39d84a20-55f7-4b7c-abc4-9ac1ff100da9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eqSkoGCZoAMF1zA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c0caea-4f7a1cf676335cc83018dc51;Sampled=0
x-amzn-remapped-date: Fri, 13 Jan 2023 03:07:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: n-uzZFYeVcR7YP4lVhGVKFmINHUwd3kNcJIAJiRJW5maf_MqufqU8g==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 16 Jan 2023 05:42:23 GMT
age: 56193
etag: "1368d81de22ea2e4054a3e1a8f01ef337c63e35b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
-
|
|
|
|
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd986c41-5e27-40cc-8622-aeddbd283d0c.jpeg |
34.120.237.76 |
200 OK |
6273 |
-
URL
HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd986c41-5e27-40cc-8622-aeddbd283d0c.jpeg
-
IP
34.120.237.76:0
-
-
-
-
Magic
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
-
Hash
a7917592de9f2ddbe7d3a7fa7f3d4d62
866b04ce93a30369d7cb0a6d2155a8b10292507f
da58e1798bf0fcbfe771420a66bbf671cc84e0ca429e076fdc70bb8d73cddb18
-
-
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd986c41-5e27-40cc-8622-aeddbd283d0c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
-
HTTP/2 200 OK
server: nginx
content-length: 6273
x-amzn-requestid: f5d21802-91ea-44cc-aeb2-8ec9af07e1a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ezbOyFwNIAMFZsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c4725e-3028350e72b2ee7b6ae44f2c;Sampled=0
x-amzn-remapped-date: Sun, 15 Jan 2023 21:38:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8ggqVFvybykQ-MJzU9H_L6JS9YqmLGsuaMJ34Qy7o6yoMOJOmvYsMA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 15 Jan 2023 21:53:09 GMT
age: 84347
etag: "866b04ce93a30369d7cb0a6d2155a8b10292507f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
-
|
|
|
|
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d821e79-af3a-4b67-a79e-90cdf9701001.jpeg |
34.120.237.76 |
200 OK |
11285 |
-
URL
HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d821e79-af3a-4b67-a79e-90cdf9701001.jpeg
-
IP
34.120.237.76:0
-
-
-
-
Magic
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
-
Hash
91a664271b9042ab5a34c1259df6ab93
7ce177939ceed31dbe137996cace3f71eaab3cf4
08b872b4c8dc8d4b5e26d7c5e7985c144dcf45623737e6daf7813b2add8ab013
-
-
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d821e79-af3a-4b67-a79e-90cdf9701001.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
-
HTTP/2 200 OK
server: nginx
content-length: 11285
x-amzn-requestid: 46c0b124-5916-4067-99af-2fa9812dfb2d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ev-1zHc4oAMFV6Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c311be-3ffbee9348f4351459ed0099;Sampled=0
x-amzn-remapped-date: Sat, 14 Jan 2023 20:34:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8FcfGYx-mcEZzF4IoADT5iGnf0vTk2cACE4nseVdonXHBXOSno9vQw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 16 Jan 2023 04:42:49 GMT
age: 59767
etag: "7ce177939ceed31dbe137996cace3f71eaab3cf4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
-
|
|
|
|
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa81e129b-3fb3-4b30-a6fc-04ac1926b5c8.jpeg |
34.120.237.76 |
200 OK |
7986 |
-
URL
HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa81e129b-3fb3-4b30-a6fc-04ac1926b5c8.jpeg
-
IP
34.120.237.76:0
-
-
-
-
Magic
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
-
Hash
0c1d929710bbf5d3a500cff064fa28e5
f76fade4eba5e5740d1261a2bce7776719ee477f
bb0b45ede28406534c236881abe011a1b8162a1bcb4cbe61320c613fec5d0010
-
-
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa81e129b-3fb3-4b30-a6fc-04ac1926b5c8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
-
HTTP/2 200 OK
server: nginx
content-length: 7986
x-amzn-requestid: 366be46e-97f4-4bdc-8341-5bf87438ad86
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ezbPvEezoAMF6ng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c47264-7eef208b3ec703b82d792537;Sampled=0
x-amzn-remapped-date: Sun, 15 Jan 2023 21:38:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _cMoPRYYqsc6B6TWFkmrfDMCleAW2jWn5FXGmjay279Bf3tppH60hQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 15 Jan 2023 22:04:21 GMT
age: 83675
etag: "f76fade4eba5e5740d1261a2bce7776719ee477f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
-
|
|
|
|
nitro.neeve.co/steam_nitro_files/d1f837b34217a6e22085262c73e5e9d2.webm |
104.21.60.79 |
206 Partial Content |
1461670 |
-
URL
HTTP/1.1
nitro.neeve.co/steam_nitro_files/d1f837b34217a6e22085262c73e5e9d2.webm
-
IP
104.21.60.79:0
-
-
-
-
Magic
WebM\012- EBML file, creator webmB\20\012- data
-
Hash
d1f837b34217a6e22085262c73e5e9d2
6411c11445af0e487212c4e2acacdfb2561cdd47
438c7a08d68750935d5724bec09bbbff9d7ce5d944b33cdc8acf956a953a6057
-
| Analyzer |
Verdict |
Alert |
| openphish |
Discord |
|
| phishtank |
Other |
|
| fortinet |
Phishing |
|
-
GET /steam_nitro_files/d1f837b34217a6e22085262c73e5e9d2.webm HTTP/1.1
Host: nitro.neeve.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://nitro.neeve.co/
-
HTTP/1.1 206 Partial Content
Date: Mon, 16 Jan 2023 21:18:55 GMT
Content-Type: video/webm
Content-Length: 1461670
Connection: keep-alive
Last-Modified: Fri, 04 Feb 2022 11:15:02 GMT
ETag: "164da6-5d72f5caf9980"
Cache-Control: max-age=86400
CF-Cache-Status: MISS
Content-Range: bytes 0-1461669/1461670
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BKRMKalk4kLOyuh0OFojzuGr%2FTDD62cLTBpJNdhEqhcBFICPXrOdiMGtPU%2BL9BW9FygxOYJ5kIniXznYlLj3HNPdcmnLIJPXXcbG1LofjpH1iTHGLHLGk6mLyn09WAXbEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78a9e2e9bb9fb4f1-OSL
alt-svc: h2=":443"; ma=60
-
|
|
|
|
nitro.neeve.co/assets/3bdef1251a424500c1b3a78dea9b7e57.woff |
104.21.60.79 |
404 Not Found |
276 |
-
URL
HTTP/1.1
nitro.neeve.co/assets/3bdef1251a424500c1b3a78dea9b7e57.woff
-
IP
104.21.60.79:0
-
-
-
-
Magic
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
-
Hash
8ef6a3ea52da10a26fe455df52a0dd85
867b2065e688a69c989900743b857767fe95c913
e5a07648827ebf8c200ccaa0a35873504f118342560ef8be6036a95c22311667
-
| Analyzer |
Verdict |
Alert |
| openphish |
Discord |
|
| phishtank |
Other |
|
| fortinet |
Phishing |
|
-
GET /assets/3bdef1251a424500c1b3a78dea9b7e57.woff HTTP/1.1
Host: nitro.neeve.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://nitro.neeve.co/steam_nitro_files/0.1fafb1729b3e11fa547c.css
-
HTTP/1.1 404 Not Found
Date: Mon, 16 Jan 2023 21:18:56 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=86400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vV7cBEwdEmc0Ov%2Fr6x8oOpnOZDLXwORAGm78E5mrSUckCXJpEUGAQXryUazrqC4yEHQlD%2FvIA%2F6ZirSqze7EzKvWmHP270QJNFCHadSF0cVjOXKgkzmtAeceup8mEU8bRA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78a9e2f30fa1b51e-OSL
alt-svc: h2=":443"; ma=60
-
|
|
|
|
nitro.neeve.co/steam_nitro_files/e8acd7d9bf6207f99350ca9f9e23b168.woff |
104.21.60.79 |
200 OK |
115574 |
-
URL
HTTP/1.1
nitro.neeve.co/steam_nitro_files/e8acd7d9bf6207f99350ca9f9e23b168.woff
-
IP
104.21.60.79:0
-
-
-
-
Magic
Web Open Font Format, TrueType, length 77807, version 12271.-16451\012- data
-
Hash
c938bc77012bfe77de522e38aae462b8
f16071336bd0eb62c4466d12f92ea82ad36ffb33
484f6a3ae8c43c58cf69b78c0216a7644425ac615514a7348693b79312838abb
-
| Analyzer |
Verdict |
Alert |
| openphish |
Discord |
|
| phishtank |
Other |
|
| fortinet |
Phishing |
|
-
GET /steam_nitro_files/e8acd7d9bf6207f99350ca9f9e23b168.woff HTTP/1.1
Host: nitro.neeve.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://nitro.neeve.co/
-
HTTP/1.1 200 OK
Date: Mon, 16 Jan 2023 21:18:57 GMT
Content-Type: font/woff
Content-Length: 115574
Connection: keep-alive
Last-Modified: Fri, 04 Feb 2022 13:33:04 GMT
ETag: "1c376-5d7314a54e400"
Cache-Control: max-age=86400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1gR%2BGqLkxr56Q5PcXo3GnQbkDmKy4WGUmUyQvzcqQ6u6tNUctjkHQYO1lRjPzDd7vP1NNNsUgGibZwJ%2BY3MwGso8jU0YfrcEhD2GQU9eqtjoOBxS5Va0EseMeo%2BW4yGbWA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78a9e2ec7aa2b50f-OSL
alt-svc: h2=":443"; ma=60
-
|
|
|
|
nitro.neeve.co/steam_nitro_files/ae7c84783ad48b6d1c8e2bfbe707e0d4.woff2 |
104.21.60.79 |
200 OK |
104325 |
-
URL
HTTP/1.1
nitro.neeve.co/steam_nitro_files/ae7c84783ad48b6d1c8e2bfbe707e0d4.woff2
-
IP
104.21.60.79:0
-
-
-
-
Magic
Web Open Font Format (Version 2), TrueType, length 61375, version 0.-4161\012- data
-
Hash
8a2e5f64b34caf11188c0b7e1c1ec7c0
1c39ce099eb3df3c2d32c4a67092a92a35ff7725
2c24a844d74f9ce6a2052f54f65b1792b4cbabc91387c13039d35ce0a6861bb6
-
| Analyzer |
Verdict |
Alert |
| openphish |
Discord |
|
| phishtank |
Other |
|
| fortinet |
Phishing |
|
-
GET /steam_nitro_files/ae7c84783ad48b6d1c8e2bfbe707e0d4.woff2 HTTP/1.1
Host: nitro.neeve.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://nitro.neeve.co/
-
HTTP/1.1 200 OK
Date: Mon, 16 Jan 2023 21:18:57 GMT
Content-Type: font/woff2
Content-Length: 104325
Connection: keep-alive
Last-Modified: Fri, 04 Feb 2022 13:33:04 GMT
ETag: "19785-5d7314a54e400"
Cache-Control: max-age=86400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H99JSoGqQ6mFa%2F4HH8o1ka8ySBwNM3mQnfrvReP9OBW%2F7r1l5g5M4dzGAFYQ%2BAznHIoCfbPcdWmaj%2FS77Viap3qBdjNaLBv8zw0vlk5gCBftnjsHdkqx0uqB%2BZm5w9qTvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78a9e2ed79f91c02-OSL
alt-svc: h2=":443"; ma=60
-
|
|
|
|
nitro.neeve.co/steam_nitro_files/fire.webm |
104.21.60.79 |
206 Partial Content |
1130867 |
-
URL
HTTP/1.1
nitro.neeve.co/steam_nitro_files/fire.webm
-
IP
104.21.60.79:0
-
-
-
-
Magic
WebM\012- EBML file, creator webmB\20\012- data
-
Hash
a126260cc2f646b0f7587cb06fccfe78
2c3b1ca336282049cccae0064d7b4e6c8677d8f4
2fdb9fc92e7bab92f622ff7a9da472fd702983b5f806c8bcb2bd884266cb583f
-
| Analyzer |
Verdict |
Alert |
| openphish |
Discord |
|
| phishtank |
Other |
|
| fortinet |
Phishing |
|
-
GET /steam_nitro_files/fire.webm HTTP/1.1
Host: nitro.neeve.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://nitro.neeve.co/
-
HTTP/1.1 206 Partial Content
Date: Mon, 16 Jan 2023 21:18:55 GMT
Content-Type: video/webm
Content-Length: 1130867
Connection: keep-alive
Last-Modified: Fri, 04 Feb 2022 11:36:38 GMT
ETag: "114173-5d72fa9eefd80"
Cache-Control: max-age=86400
CF-Cache-Status: MISS
Content-Range: bytes 0-1130866/1130867
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FwgxX37m8urWwVqktu%2BIlOBQ%2FQlvAOrbu7bg37ph%2FK%2FPOaOBWl%2FH23ZlFLyHbZBLobikLz1ppn1XdRP8dvG4j0TCaKqhMCH2266%2BR5KnFFN6XsvQRU8DRNEV0JM7MMEkTA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78a9e2e9bd610b55-OSL
alt-svc: h2=":443"; ma=60
-
|
|
|
|
nitro.neeve.co/steam_nitro_files/pisscord.png |
104.21.60.79 |
200 OK |
3370 |
-
URL
HTTP/1.1
nitro.neeve.co/steam_nitro_files/pisscord.png
-
IP
104.21.60.79:0
-
-
-
-
Magic
PNG image data, 153 x 44, 8-bit/color RGBA, non-interlaced\012- data
-
Hash
726a4c17b00ae84c0348e8908b81b395
499cb0a2cb9271ff99e9bd6bef662cf1912642dc
311d196aed1caf945681745e6c6684a90a2fcc2bd2b3344b6b581c7a6d44edae
-
| Analyzer |
Verdict |
Alert |
| openphish |
Discord |
|
| phishtank |
Other |
|
-
GET /steam_nitro_files/pisscord.png HTTP/1.1
Host: nitro.neeve.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nitro.neeve.co/
-
HTTP/1.1 200 OK
Date: Mon, 16 Jan 2023 21:18:57 GMT
Content-Type: image/png
Content-Length: 3370
Connection: keep-alive
Last-Modified: Thu, 06 Jan 2022 16:53:58 GMT
ETag: "d2a-5d4ecb7687580"
Cache-Control: max-age=86400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FbXHdgoXQTio3zZCuV0W6ezZb%2FWXMHuwxmtjvhEhxNbFKznM161Xi%2Bf0uNl5izpNh8gaOoJB4gw043pNuUXcGgj9iqDfR42jou%2FtAX7KRkYExt8knEe7noEfvLvygbTF4w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78a9e2f13cd3b515-OSL
alt-svc: h2=":443"; ma=60
-
|
|
|
|
nitro.neeve.co/assets/be0060dafb7a0e31d2a1ca17c0708636.woff |
104.21.60.79 |
404 Not Found |
276 |
-
URL
HTTP/1.1
nitro.neeve.co/assets/be0060dafb7a0e31d2a1ca17c0708636.woff
-
IP
104.21.60.79:0
-
-
-
-
Magic
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
-
Hash
8ef6a3ea52da10a26fe455df52a0dd85
867b2065e688a69c989900743b857767fe95c913
e5a07648827ebf8c200ccaa0a35873504f118342560ef8be6036a95c22311667
-
| Analyzer |
Verdict |
Alert |
| openphish |
Discord |
|
| phishtank |
Other |
|
| fortinet |
Phishing |
|
-
GET /assets/be0060dafb7a0e31d2a1ca17c0708636.woff HTTP/1.1
Host: nitro.neeve.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://nitro.neeve.co/steam_nitro_files/0.1fafb1729b3e11fa547c.css
-
HTTP/1.1 404 Not Found
Date: Mon, 16 Jan 2023 21:18:57 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=86400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k%2BX0yXLUkuGm%2FIEdk5e7reP%2FpFBCVoQs2daDWtH2w9V6RZMB7qmDzpJ8tfLuFgy7yJBmHvgvi0GmNmTpuZ1DZOBVHPd5MvDRNW6n97R4yEVEL0k9qnTZzB5Enz7lDNYkwg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78a9e2f3fa37b4f1-OSL
alt-svc: h2=":443"; ma=60
-
|
|
|
|
nitro.neeve.co/steam_nitro_files/66.png |
104.21.60.79 |
200 OK |
9802 |
-
URL
HTTP/1.1
nitro.neeve.co/steam_nitro_files/66.png
-
IP
104.21.60.79:0
-
-
-
-
Magic
PNG image data, 193 x 113, 8-bit/color RGBA, non-interlaced\012- data
-
Hash
0080cb9395b64f186e6ee35b51ef8fa4
68f7f30ce3afc9cf12b3e17da06cd410b8deca9d
90135af37e351433866e62b0935231adb27d0125dde6ed7eb46eed7c453a3510
-
| Analyzer |
Verdict |
Alert |
| openphish |
Discord |
|
| phishtank |
Other |
|
-
GET /steam_nitro_files/66.png HTTP/1.1
Host: nitro.neeve.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nitro.neeve.co/
-
HTTP/1.1 200 OK
Date: Mon, 16 Jan 2023 21:18:57 GMT
Content-Type: image/png
Content-Length: 9802
Connection: keep-alive
Last-Modified: Fri, 04 Feb 2022 13:18:58 GMT
ETag: "264a-5d73117e7f480"
Cache-Control: max-age=86400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W8D31xPdi9%2BEyKSvsQ2Hc3JkEyCX%2FEKmrgDgiWNraF7feHyX%2BfknYXPgFE%2B%2FZNZ%2FcwMqkvf%2F3yNRyiOhuTfVoJoLNB60Qkv694VxVhQJlheh7rWciWkfVkJLQnD6amhuSA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78a9e2f7794eb50f-OSL
alt-svc: h2=":443"; ma=60
-
|
|
|
|
nitro.neeve.co/steam_nitro_files/nitro.png |
104.21.60.79 |
200 OK |
18944 |
-
URL
HTTP/1.1
nitro.neeve.co/steam_nitro_files/nitro.png
-
IP
104.21.60.79:0
-
-
-
-
Magic
PNG image data, 300 x 122, 8-bit/color RGBA, non-interlaced\012- data
-
Hash
4ceaafeb227310eb19caba4aa60d86ce
e95ab7c2e34bfac3eb073120d9a58ea514c509f8
d458388f67bfc91fd4bd321f0a3065c50965572c95a45363bb08c4d8842bd1f7
-
| Analyzer |
Verdict |
Alert |
| openphish |
Discord |
|
| phishtank |
Other |
|
-
GET /steam_nitro_files/nitro.png HTTP/1.1
Host: nitro.neeve.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nitro.neeve.co/
-
HTTP/1.1 200 OK
Date: Mon, 16 Jan 2023 21:18:58 GMT
Content-Type: image/png
Content-Length: 18944
Connection: keep-alive
Last-Modified: Fri, 04 Feb 2022 13:13:34 GMT
ETag: "4a00-5d73104981b80"
Cache-Control: max-age=86400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8nPXK1hUSZTU68nr2FxdiI%2FFio1KlOKb39qnEeS7bklMbgE83i1pD0ytMmpp850q4GEeTlgCXalyxbqe3jrQYOwXmTrXwnKBD31laPOPbuUiVT3GuGzu%2BWBNjap%2FWSu9vA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78a9e2fb0af9b4f1-OSL
alt-svc: h2=":443"; ma=60
-
|
|
|
|
nitro.neeve.co/steam_nitro_files/neko-neco.gif |
104.21.60.79 |
200 OK |
241737 |
-
URL
HTTP/1.1
nitro.neeve.co/steam_nitro_files/neko-neco.gif
-
IP
104.21.60.79:0
-
-
-
-
Magic
GIF image data, version 89a, 192 x 161\012- data
-
Hash
7a0ea0353b369a871e224b42c80e03b6
8e6b1fa42dbea1113fc44ba73c9f88bb5372fad5
c492e982894e405d129b700d68f6aff9b48b878287682dfb7d6058853eb71c9e
-
| Analyzer |
Verdict |
Alert |
| openphish |
Discord |
|
| phishtank |
Other |
|
-
GET /steam_nitro_files/neko-neco.gif HTTP/1.1
Host: nitro.neeve.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nitro.neeve.co/
-
HTTP/1.1 200 OK
Date: Mon, 16 Jan 2023 21:18:58 GMT
Content-Type: image/gif
Content-Length: 241737
Connection: keep-alive
Last-Modified: Fri, 04 Feb 2022 13:07:34 GMT
ETag: "3b049-5d730ef22f180"
Cache-Control: max-age=86400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zepx48dXm%2FI8fB6%2BoTWqyZEKuUtJ0I7zTKixMz6jg6M%2BYKkc4QtTNA6yuW0VLoH%2F42SsbgYSWJ353xXKuWGuDZoWW%2B5Tg12afrr7V8ePr%2BNavscE3%2Bsl22KlD0to0hLvLg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78a9e2f3f8f4b51e-OSL
alt-svc: h2=":443"; ma=60
-
|
|
|
|
nitro.neeve.co/steam_nitro_files/e6d6b255259ac878d00819a9555072ad.png |
104.21.60.79 |
200 OK |
288 |
-
URL
HTTP/1.1
nitro.neeve.co/steam_nitro_files/e6d6b255259ac878d00819a9555072ad.png
-
IP
104.21.60.79:0
-
-
-
-
Magic
PNG image data, 70 x 47, 8-bit/color RGBA, non-interlaced\012- data
-
Hash
e6d6b255259ac878d00819a9555072ad
6beb12d36acbad79743495aef581891a1ff4f5f5
21d34772ed80c8be7ab9e7338498bdfe2f66c77b61542cc48e103fd77ecd7f60
-
| Analyzer |
Verdict |
Alert |
| openphish |
Discord |
|
| phishtank |
Other |
|
-
GET /steam_nitro_files/e6d6b255259ac878d00819a9555072ad.png HTTP/1.1
Host: nitro.neeve.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nitro.neeve.co/
-
HTTP/1.1 200 OK
Date: Mon, 16 Jan 2023 21:18:58 GMT
Content-Type: image/png
Content-Length: 288
Connection: keep-alive
Last-Modified: Fri, 04 Feb 2022 11:05:14 GMT
ETag: "120-5d72f39a36e80"
Cache-Control: max-age=86400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c9%2FIZKoT%2FrjbZE%2BYTyGrXwkwzFldocCyAgNazap2%2BqcAVPqcmvkeYtwBNdt%2FSKTHF09rGoGn3%2BwcH5THY%2BdyVP1SFhSE7YDnu7Uxhkwq210itE036H8CpyPV9lofcYkIKg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78a9e2f78c4b1c02-OSL
alt-svc: h2=":443"; ma=60
-
|
|
|
|
nitro.neeve.co/assets/e8acd7d9bf6207f99350ca9f9e23b168.woff |
104.21.60.79 |
404 Not Found |
276 |
-
URL
HTTP/1.1
nitro.neeve.co/assets/e8acd7d9bf6207f99350ca9f9e23b168.woff
-
IP
104.21.60.79:0
-
-
-
-
Magic
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
-
Hash
8ef6a3ea52da10a26fe455df52a0dd85
867b2065e688a69c989900743b857767fe95c913
e5a07648827ebf8c200ccaa0a35873504f118342560ef8be6036a95c22311667
-
| Analyzer |
Verdict |
Alert |
| openphish |
Discord |
|
| phishtank |
Other |
|
| fortinet |
Phishing |
|
-
GET /assets/e8acd7d9bf6207f99350ca9f9e23b168.woff HTTP/1.1
Host: nitro.neeve.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://nitro.neeve.co/steam_nitro_files/0.1fafb1729b3e11fa547c.css
-
HTTP/1.1 404 Not Found
Date: Mon, 16 Jan 2023 21:18:58 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=86400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hzwy3Z1RQ7sRe257U0QRxnzyGZnkomk7aCjMkF7s6w3Ck3GfXt1fdcDgI1IPeXKgkFAy6DlO5qLJ1ZD6AzJM5HMc01D%2B9pmlM1%2FxEImx1nKRFpJqUNZNw4avOkMr1CAn2g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78a9e2fb09e2b515-OSL
alt-svc: h2=":443"; ma=60
-
|
|
|
|
nitro.neeve.co/steam_nitro_files/33.png |
104.21.60.79 |
200 OK |
5006 |
-
URL
HTTP/1.1
nitro.neeve.co/steam_nitro_files/33.png
-
IP
104.21.60.79:0
-
-
-
-
Magic
PNG image data, 193 x 113, 8-bit/color RGBA, non-interlaced\012- data
-
Hash
b95b182cbb45def7e9d738a6b1cb7f52
0108ef451205142b295649426db473843bb5857e
7a0e9b77119af13449fe59ded26ab577de8b03d1aaaded707f1b79ed0e26ed6c
-
| Analyzer |
Verdict |
Alert |
| openphish |
Discord |
|
| phishtank |
Other |
|
-
GET /steam_nitro_files/33.png HTTP/1.1
Host: nitro.neeve.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nitro.neeve.co/
-
HTTP/1.1 200 OK
Date: Mon, 16 Jan 2023 21:18:58 GMT
Content-Type: image/png
Content-Length: 5006
Connection: keep-alive
Last-Modified: Fri, 04 Feb 2022 11:05:14 GMT
ETag: "138e-5d72f39a36e80"
Cache-Control: max-age=86400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rOJzX1KNUSZL%2BjOaFjNlJxhvuEQPjCMjzP2MwBOh6kCh6Zz28ILqcTEpb5w7WLzInqxUyjImYFbqJFsFRr9uUSTp%2FMHvTmsbG8cL9xfjae96gEsWb%2F865Zuy6HSvmq17AA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78a9e2fb0e02b50f-OSL
alt-svc: h2=":443"; ma=60
-
|
|
![URL nitro.neeve.co/steam_nitro_files/22.png](/search?q=http.url.addr:"nitro.neeve.co%2fsteam_nitro_files%2f22.png"){kind=link}
![URL nitro.neeve.co/steam_nitro_files/11.png](/search?q=http.url.addr:"nitro.neeve.co%2fsteam_nitro_files%2f11.png"){kind=link}
![URL nitro.neeve.co/steam_nitro_files/44.png](/search?q=http.url.addr:"nitro.neeve.co%2fsteam_nitro_files%2f44.png"){kind=link}
![URL img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcdba5086-6c46-4cc7-9087-e85f89cbe947.jpeg](/search?q=http.url.addr:"img-getpocket.cdn.mozilla.net%2f296x148%2ffilters%3aformat%28jpeg%29%3aquality%2860%29%3ano_upscale%28%29%3astrip_exif%28%29%2fhttps%253A%252F%252Fs3.amazonaws.com%252Fpocket-curatedcorpusapi-prod-images%252Fcdba5086-6c46-4cc7-9087-e85f89cbe947.jpeg"){kind=link}
![URL img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2fb3ba8-a85e-42ba-b607-87ced36844b2.jpeg](/search?q=http.url.addr:"img-getpocket.cdn.mozilla.net%2f296x148%2ffilters%3aformat%28jpeg%29%3aquality%2860%29%3ano_upscale%28%29%3astrip_exif%28%29%2fhttps%253A%252F%252Fs3.amazonaws.com%252Fpocket-curatedcorpusapi-prod-images%252Fa2fb3ba8-a85e-42ba-b607-87ced36844b2.jpeg"){kind=link}
![URL img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3456fd70-5207-41e6-abed-adbc381fd7a4.jpeg](/search?q=http.url.addr:"img-getpocket.cdn.mozilla.net%2f296x148%2ffilters%3aformat%28jpeg%29%3aquality%2860%29%3ano_upscale%28%29%3astrip_exif%28%29%2fhttps%253A%252F%252Fs3.amazonaws.com%252Fpocket-curatedcorpusapi-prod-images%252F3456fd70-5207-41e6-abed-adbc381fd7a4.jpeg"){kind=link}
![URL img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd986c41-5e27-40cc-8622-aeddbd283d0c.jpeg](/search?q=http.url.addr:"img-getpocket.cdn.mozilla.net%2f296x148%2ffilters%3aformat%28jpeg%29%3aquality%2860%29%3ano_upscale%28%29%3astrip_exif%28%29%2fhttps%253A%252F%252Fs3.amazonaws.com%252Fpocket-curatedcorpusapi-prod-images%252Ffd986c41-5e27-40cc-8622-aeddbd283d0c.jpeg"){kind=link}
![URL img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d821e79-af3a-4b67-a79e-90cdf9701001.jpeg](/search?q=http.url.addr:"img-getpocket.cdn.mozilla.net%2f296x148%2ffilters%3aformat%28jpeg%29%3aquality%2860%29%3ano_upscale%28%29%3astrip_exif%28%29%2fhttps%253A%252F%252Fs3.amazonaws.com%252Fpocket-curatedcorpusapi-prod-images%252F6d821e79-af3a-4b67-a79e-90cdf9701001.jpeg"){kind=link}
![URL img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa81e129b-3fb3-4b30-a6fc-04ac1926b5c8.jpeg](/search?q=http.url.addr:"img-getpocket.cdn.mozilla.net%2f296x148%2ffilters%3aformat%28jpeg%29%3aquality%2860%29%3ano_upscale%28%29%3astrip_exif%28%29%2fhttps%253A%252F%252Fs3.amazonaws.com%252Fpocket-curatedcorpusapi-prod-images%252Fa81e129b-3fb3-4b30-a6fc-04ac1926b5c8.jpeg"){kind=link}
![URL nitro.neeve.co/steam_nitro_files/pisscord.png](/search?q=http.url.addr:"nitro.neeve.co%2fsteam_nitro_files%2fpisscord.png"){kind=link}
![URL nitro.neeve.co/steam_nitro_files/66.png](/search?q=http.url.addr:"nitro.neeve.co%2fsteam_nitro_files%2f66.png"){kind=link}
![URL nitro.neeve.co/steam_nitro_files/nitro.png](/search?q=http.url.addr:"nitro.neeve.co%2fsteam_nitro_files%2fnitro.png"){kind=link}
![URL nitro.neeve.co/steam_nitro_files/neko-neco.gif](/search?q=http.url.addr:"nitro.neeve.co%2fsteam_nitro_files%2fneko-neco.gif"){kind=link}
![URL nitro.neeve.co/steam_nitro_files/e6d6b255259ac878d00819a9555072ad.png](/search?q=http.url.addr:"nitro.neeve.co%2fsteam_nitro_files%2fe6d6b255259ac878d00819a9555072ad.png"){kind=link}
![URL nitro.neeve.co/steam_nitro_files/33.png](/search?q=http.url.addr:"nitro.neeve.co%2fsteam_nitro_files%2f33.png"){kind=link}