Report - tokenlogger.zip

Report Overview

Submitted URL
tokenlogger.zip
IP
172.67.175.24
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-25 23:13:17
Access
public
Website Title
Home | nest.rip
Final URL
nest.rip/?ref=viewer
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
30

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.nest.rip	unknown	2022-01-26	2022-07-20	2024-04-15	5.5 kB	7.4 MB	188.114.97.1
tokenlogger.zip	unknown	2023-07-10	2023-07-10	2023-10-18	470 B	589 B	172.67.175.24
o1377474.ingest.sentry.io	unknown	2012-04-07	2023-07-11	2024-01-27	607 B	518 B	34.120.195.249
nest.rip	unknown	unknown	2022-02-12	2024-03-23	1.3 kB	485 kB	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	nest.rip	Sinkholed
2024-04-25	medium	nest.rip	Sinkholed
2024-04-25	medium	nest.rip	Sinkholed
2024-04-25	medium	nest.rip	Sinkholed
2024-04-25	medium	nest.rip	Sinkholed
2024-04-25	medium	nest.rip	Sinkholed
2024-04-25	medium	nest.rip	Sinkholed
2024-04-25	medium	nest.rip	Sinkholed
2024-04-25	medium	nest.rip	Sinkholed
2024-04-25	medium	nest.rip	Sinkholed
2024-04-25	medium	nest.rip	Sinkholed
2024-04-25	medium	nest.rip	Sinkholed
2024-04-25	medium	nest.rip	Sinkholed
2024-04-25	medium	nest.rip	Sinkholed
2024-04-25	medium	nest.rip	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	Size	First Seen	Last Seen
	nest.rip/_next/static/chunks/3151-45d3dc4ef1d6d1cc.js	30 kB	2024-04-26	2024-05-03
Pretty URL nest.rip/_next/static/chunks/3151-45d3dc4ef1d6d1cc.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 01:13:19 Last Seen2024-05-03 00:22:37 Times Seen4 Hash 44be2fdcddc91771de6fe436cb526ac2 b0ffaa7a30dc22f880b1676d2008d5ed9ed9b2d5 e79dbdcb7ece0664249509a55c891ae9b146774a5218aa57985eb46778dc88fd Loading...

	nest.rip/_next/static/chunks/pages/index-f00673a69fd8e1aa.js	6.2 kB	2024-04-26	2024-05-03
Pretty URL nest.rip/_next/static/chunks/pages/index-f00673a69fd8e1aa.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 01:13:19 Last Seen2024-05-03 00:22:38 Times Seen5 Hash e20a1b33176efe454fd9413a91ca3012 cf0d728e51bc9a9798bf28b900989dad2c83434b d3c5fb1e8567f0f92c12a133161251b1c5e18b2ce1b98e5f550e38f4c3193d0a Loading...

	nest.rip/_next/static/chunks/webpack-d5182cb0ee7ca713.js	5.9 kB	2024-04-26	2024-05-03
Pretty URL nest.rip/_next/static/chunks/webpack-d5182cb0ee7ca713.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 01:13:19 Last Seen2024-05-03 00:22:37 Times Seen4 Hash 74ff0c81a6e026b5b6f64ab2f6b222d5 ce07a0d5ddadec8b2df45ef9339c4901d758cc8e 09fe282fe5618037756e54f953264182b46ee0a8cbc8e797d37674a46fe5f11c Loading...

	nest.rip/_next/static/chunks/main-84820d2644612ea9.js	109 kB	2024-04-26	2024-05-03
Pretty URL nest.rip/_next/static/chunks/main-84820d2644612ea9.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 01:13:19 Last Seen2024-05-03 00:22:38 Times Seen5 Hash b257acb41d52390cfcde9125882da05e 802146d57f116c1e663054f294efe2fa657ccd47 a9519209117c7dc0cd7cdf90714a1c2fcc194c7c1185b9e9ceb42ea2c26c9f13 Loading...

	nest.rip/_next/static/rK_eH3QvswHtsP61LIIPb/_buildManifest.js	3.9 kB	2024-04-26	2024-05-03
Pretty URL nest.rip/_next/static/rK_eH3QvswHtsP61LIIPb/_buildManifest.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 01:13:19 Last Seen2024-05-03 00:22:37 Times Seen3 Hash 78ee8cdcea7773dc03d18c65f58ec0f1 118e1388c91fbf83784421c1a6e690a762fbf7f6 ef1ec2cdaeaa61a316766a37167c4c0b6757cf0f5a730ce35cfb6a6e242ca349 Loading...

	nest.rip/_next/static/rK_eH3QvswHtsP61LIIPb/_ssgManifest.js	77 B	2023-03-07	2024-05-05
Pretty URL nest.rip/_next/static/rK_eH3QvswHtsP61LIIPb/_ssgManifest.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:02 Last Seen2024-05-05 11:55:00 Times Seen85805 Hash b6652df95db52feb4daf4eca35380933 65451d110137761b318c82d9071c042db80c4036 6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e Loading...

	nest.rip/_next/static/chunks/framework-314c182fa7e2bf37.js	140 kB	2024-01-10	2024-05-03
Pretty URL nest.rip/_next/static/chunks/framework-314c182fa7e2bf37.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-10 10:50:52 Last Seen2024-05-03 00:22:38 Times Seen33 Hash 5bd298c20954c2772f8ad65ca27c4eae 72b0e21afa49c51796d11b630303514efa02c865 d3d2829d5775394638e8ba87d83bb5e42b77a5248aaf6b2ffbf0457e079f0be4 Loading...

	nest.rip/_next/static/chunks/pages/_app-5b4adf06232fc9cd.js	788 kB	2024-04-26	2024-05-03
Pretty URL nest.rip/_next/static/chunks/pages/_app-5b4adf06232fc9cd.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 01:13:19 Last Seen2024-05-03 00:22:38 Times Seen5 Hash 7e44f89b3d52b5b794ea28b76e572f9c 3f6ebd3e6adac67ec51a788ae9c946d65903eb5a 9e12f20071e30bea9a6d7faf35b2469773829ba6ff4459bdd8441bbec110473c Loading...

	nest.rip/_next/static/chunks/252f366e-e6ab085e72168946.js	2.0 kB	2023-07-23	2024-05-03
Pretty URL nest.rip/_next/static/chunks/252f366e-e6ab085e72168946.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-23 13:10:51 Last Seen2024-05-03 00:22:38 Times Seen5 Hash 6e0a40b701e73d4495fc18ce2af0c25a 6a9cccf1a6e0bd4137145a56f807a62acabacd8d 7d872d6bcd155302364744fad114a238211d708689020c7aa78fded4049cd02d Loading...

HTTP Transactions (17)

URL IP Response Size

tokenlogger.zip/

172.67.175.24

0 B

URL
tokenlogger.zip/
IP
172.67.175.24:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: tokenlogger.zip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 25 Apr 2024 23:12:50 GMT
content-length: 0
location: https://nest.rip/?ref=viewer
x-cache-status: MISS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NiMVb0JNfmu%2FbTSYFjBEm0pykY%2BSFD3SOivbreXlMELaw0Dmh0waX%2Bacjg0CuYXTrQhZQ0FjbKMe97ktWbLti37werGkuNdVwpTanZdhtx5JBlj9WLcbDGu%2BedQPr8Rqwbk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2052baf43b512-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

o1377474.ingest.sentry.io/api/6716465/envelope/?sentry_key=d1b0aef14a634ea48678ded634fc3103&sentry_version=7&sentry_client=sentry.javascript.nextjs%2F7.86.0

34.120.195.249

2 B

URL
o1377474.ingest.sentry.io/api/6716465/envelope/?sentry_key=d1b0aef14a634ea48678ded634fc3103&sentry_version=7&sentry_client=sentry.javascript.nextjs%2F7.86.0
IP
34.120.195.249:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
JSON text data
Size
2 B (2 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

HTTP Headers

POST /api/6716465/envelope/?sentry_key=d1b0aef14a634ea48678ded634fc3103&sentry_version=7&sentry_client=sentry.javascript.nextjs%2F7.86.0 HTTP/1.1
Host: o1377474.ingest.sentry.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nest.rip/
Content-Type: text/plain;charset=UTF-8
Content-Length: 429
Origin: https://nest.rip
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:12:51 GMT
content-type: application/json
content-length: 2
access-control-allow-origin: *
vary: origin,access-control-request-method,access-control-request-headers
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

nest.rip/apple-touch-icon.png

188.114.97.1

1.6 kB

URL
nest.rip/apple-touch-icon.png
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 180 x 180, 8-bit colormap, non-interlaced
Size
1.6 kB (1607 bytes)
Hash
c647b64982049b98716b0b868db6ee36
7c17e563226934db73b7072af903dde4f44a6a1c
4f8ed7ffc57e043e38685071d27fffcc567504bf47f7bedc7d77973388a6d013

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /apple-touch-icon.png HTTP/1.1
Host: nest.rip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nest.rip/?ref=viewer
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:12:51 GMT
content-type: image/png
content-length: 1607
cache-control: public, max-age=0
last-modified: Sun, 04 Feb 2024 16:10:53 GMT
etag: W/"647-18d74e30de9"
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IHjUG6yjuGQ%2BedWbdlyKkJpLHP1%2Fd8OFMF8JWGHRp31hK5eAACE15q%2BqBU1WIfnj1M6xVNB%2BhDKgLq8B3WI3bfwsKqT58WGXmfqyIHWh0ZGrJmdGsTnBTX2eLw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a205316a0056c3-OSL
alt-svc: h3=":443"; ma=86400

nest.rip/favicon-16x16.png

188.114.97.1

271 B

URL
nest.rip/favicon-16x16.png
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 16 x 16, 4-bit colormap, non-interlaced
Size
271 B (271 bytes)
Hash
81c32654b68b2a30004d4e0fca7272f7
64d7fd882612bc81387ae45b41d60a0c3116390d
14ef296d4813bf0015d77552aed18d146a8b84b8c208fed2a9394c986d3b381c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon-16x16.png HTTP/1.1
Host: nest.rip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nest.rip/?ref=viewer
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:12:51 GMT
content-type: image/png
content-length: 271
cache-control: public, max-age=0
last-modified: Sun, 04 Feb 2024 16:10:53 GMT
etag: W/"10f-18d74e30ded"
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cpYqN1ipQqDpIoupgkQfzdbfCZRqfWgXWrbf26AT2%2FwWDbT%2BqGuWFXoJsTP7lI8f6VxaCqmp1iwAsPs5p25I5zGBo6MS9SLQlSpoL8gswcVKASylZAHm1AtUog%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a205316a0156c3-OSL
alt-svc: h3=":443"; ma=86400

cdn.nest.rip/avatars/66d80fea-cb4c-4b36-ab7b-056cc1822797.png

188.114.97.1

31 kB

URL
cdn.nest.rip/avatars/66d80fea-cb4c-4b36-ab7b-056cc1822797.png
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Size
31 kB (30734 bytes)
Hash
b709e245740fb840db9cd5cdd3602995
d8377ccaf2ded90bec922976f879c88d907efab9
ba879587a764bc8c5637c2280cc92e20adb86bcfef727a60994854c8515f7a6c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /avatars/66d80fea-cb4c-4b36-ab7b-056cc1822797.png HTTP/1.1
Host: cdn.nest.rip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nest.rip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:12:51 GMT
content-type: image/png
content-length: 30734
content-disposition: filename="avatar.png"
content-security-policy: block-all-mixed-content
etag: "b709e245740fb840db9cd5cdd3602995"
last-modified: Thu, 14 Jul 2022 17:36:53 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Origin, Accept-Encoding
x-amz-request-id: 17BF0883B0C28B6D
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-amz-meta-originaluploader: 1c285b7a-bca6-41d9-b913-674f8fb824ec
drive: SSD
x-cache-status: MISS
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uHGsqrgUTch9oogX2%2FvNzcmHcE7uqaQqnI0sAa5dv60kuUeYFTUt482kkkK3%2FhaGD8dJ%2BQW4yuBfLMszDLHtDMWn5ZrXRKPptHqBICd8f7HzUhet0wtnTqvTNzu4z2Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a205322a5f56c3-OSL
alt-svc: h3=":443"; ma=86400

cdn.nest.rip/avatars/24a2805c-f433-4531-9c17-53d078807656.png

188.114.97.1

2.9 kB

URL
cdn.nest.rip/avatars/24a2805c-f433-4531-9c17-53d078807656.png
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 400 x 400, 8-bit colormap, non-interlaced
Size
2.9 kB (2872 bytes)
Hash
772aa709423494dba2e436c8df1fe643
c89753dd9d4eaca510eedac17cd0e485b8cca17f
6d34bedb72ec3f2dc15085747d365fbb3f34319d5b549a8776438b92853344b6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /avatars/24a2805c-f433-4531-9c17-53d078807656.png HTTP/1.1
Host: cdn.nest.rip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nest.rip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:12:51 GMT
content-type: image/png
content-length: 2872
content-disposition: filename="default_profile_400x400.png"
content-security-policy: block-all-mixed-content
etag: "772aa709423494dba2e436c8df1fe643"
last-modified: Mon, 03 Oct 2022 12:50:07 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Origin, Accept-Encoding
x-amz-request-id: 17B0B71238A40C46
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-amz-meta-originaluploader: f9ed1e55-789c-437f-bcd2-412fc16d78e8
drive: SSD
x-cache-status: MISS
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a0D5t0V8cevKfi3yHh%2BpAnCtfm4qFtxJgQjO8dvmPq8wXzxggtqcBWyxD2ycdKDL8%2F116YsZmwjKzEivRNsg1YUNb7YB8XJfgJ45mxPtUq%2BJ0aEMeFTyHS4S9am2%2By0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a205322a6156c3-OSL
alt-svc: h3=":443"; ma=86400

cdn.nest.rip/avatars/98439ff6-7c76-4637-a046-971e1d21dde1.png

188.114.97.1

32 kB

URL
cdn.nest.rip/avatars/98439ff6-7c76-4637-a046-971e1d21dde1.png
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced
Size
32 kB (31609 bytes)
Hash
a31952ee54dc91c8b1f37831b2b92233
0e892163bd01072623145a5d089bdf9f5fc8d8eb
25f9381191306907079105428fe0fbd4814dd8f2687ee11fc4315a40175269c4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /avatars/98439ff6-7c76-4637-a046-971e1d21dde1.png HTTP/1.1
Host: cdn.nest.rip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nest.rip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:12:51 GMT
content-type: image/png
content-length: 31609
content-disposition: filename="avatar.png"
content-security-policy: block-all-mixed-content
etag: "a31952ee54dc91c8b1f37831b2b92233"
last-modified: Mon, 11 Dec 2023 09:17:57 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Origin, Accept-Encoding
x-amz-request-id: 17C7BD381068CB7D
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-amz-meta-originaluploader: e83f2ecf-fc18-4a36-b735-2d9c69626d0f
drive: SSD
x-cache-status: MISS
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j1GXMCcQHa0WvhXqnVIyHwOhneodq5blVrOLOjin9HnAujh8tiFn1GaKGxUdheug3oo90Gamxv3BzCdp5ekHJp%2BMDOtMJ%2Bhkw67JVAq8XrlBXdZ2EtR8wnDgnpG0vW8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a205322a6656c3-OSL
alt-svc: h3=":443"; ma=86400

cdn.nest.rip/avatars/78309afe-e866-4a29-b5c3-5da0c1e0a586.png

188.114.97.1

25 kB

URL
cdn.nest.rip/avatars/78309afe-e866-4a29-b5c3-5da0c1e0a586.png
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 128 x 128
Size
25 kB (24949 bytes)
Hash
97df7f98d3bd8e15d415f21d9a275a85
8ab47011f4de3132cae7a2cb42a6d53f6739321a
a6c0136843c9f3092cb69f953a30e19d0f8f226805fa836c1f4277874429b27b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /avatars/78309afe-e866-4a29-b5c3-5da0c1e0a586.png HTTP/1.1
Host: cdn.nest.rip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nest.rip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:12:51 GMT
content-type: image/gif
content-length: 24949
content-disposition: filename="avatar.png"
content-security-policy: block-all-mixed-content
etag: "97df7f98d3bd8e15d415f21d9a275a85"
last-modified: Fri, 16 Feb 2024 03:06:25 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Origin, Accept-Encoding
x-amz-request-id: 17B438F5A0DE6AE1
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-amz-meta-originaluploader: e6220932-4896-4a76-b7b4-bdde1435f5ab
drive: SSD
x-cache-status: MISS
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=08Fh7tAbZlJ7orTt5Q17r%2FhnNcOEns85VghOZrYI7qdp%2FdFf4stHz6y24MpIsKNMjP3FY0Wc0sA566BOlGRgkLOUQRvCsq2mNcb4C9nO%2FG6AvHGI8zQX7zEZOWg7b6M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a205322a6256c3-OSL
alt-svc: h3=":443"; ma=86400

cdn.nest.rip/avatars/80436425-804b-4a3a-8b6d-1c983a57571e.jpg

188.114.97.1

46 kB

URL
cdn.nest.rip/avatars/80436425-804b-4a3a-8b6d-1c983a57571e.jpg
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 600x600, components 3
Size
46 kB (45922 bytes)
Hash
bc62455b6ecaad0ca9b9fea912824471
eb2c3043aa2900ce4ad193fbbd4d233ae8a52178
471c182ba6f8e88814fdd1e834ac91f28c0e1be88e63626efeae8f594ee48f9a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /avatars/80436425-804b-4a3a-8b6d-1c983a57571e.jpg HTTP/1.1
Host: cdn.nest.rip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nest.rip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:12:51 GMT
content-type: image/jpeg
content-length: 45922
content-disposition: filename="channels4_profile.jpg"
content-security-policy: block-all-mixed-content
etag: "bc62455b6ecaad0ca9b9fea912824471"
last-modified: Sun, 19 Feb 2023 08:51:12 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Origin, Accept-Encoding
x-amz-request-id: 17B8711C9169F27A
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-amz-meta-originaluploader: 78549dd3-bf2b-4839-8dca-a67cade7ec21
drive: SSD
x-cache-status: MISS
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x%2Feho4DF35K7KgyFHVstQn1HjeLN6%2B3rMzB7P2XEWyyQxAaC1ksiMqQY6nlaRt6dFZ4rQu0FH2JIL0AEr7CxQQ75aQjvYCeFC879BgMY1pvww251yXdzagxLPU12L70%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a205323a6856c3-OSL
alt-svc: h3=":443"; ma=86400

cdn.nest.rip/avatars/0681018c-3ea9-4fe8-a163-708e917c6ede.gif

188.114.97.1

2.1 MB

URL
cdn.nest.rip/avatars/0681018c-3ea9-4fe8-a163-708e917c6ede.gif
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 184 x 184
Size
2.1 MB (2093847 bytes)
Hash
0921b2c8a86c25dfef33c1ce4937e99d
e081bb44f8c79e9b5ae44d1be71aae559d7fcf88
37877ebf8aa0f72193c0efc2c0940da7ffe6cf0956716dbc414d95791c6e10ed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /avatars/0681018c-3ea9-4fe8-a163-708e917c6ede.gif HTTP/1.1
Host: cdn.nest.rip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nest.rip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:12:51 GMT
content-type: image/gif
content-length: 2093847
content-disposition: filename="e081bb44f8c79e9b5ae44d1be71aae559d7fcf88.gif"
content-security-policy: block-all-mixed-content
etag: "0921b2c8a86c25dfef33c1ce4937e99d"
last-modified: Wed, 24 May 2023 15:06:19 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Origin, Accept-Encoding
x-amz-request-id: 17B129C7BB962675
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-amz-meta-originaluploader: d1b2b3e7-0f72-48d6-9b4f-08158331e440
drive: SSD
x-cache-status: MISS
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U3%2B3DbI8PA9ShYHwrdo9uts0%2BotAi2p8d6Vhng%2BYsd6qIqfPgb8yNc6gL%2BCtk5XyJeTS9OkKiibmsUHyQ0TjRdqI2%2Bv5siDsOtbyaM7UBAZzX4lmJp%2BJgk9ASuhHZno%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a205322a5e56c3-OSL
alt-svc: h3=":443"; ma=86400

nest.rip/_next/static/chunks/pages/_app-5b4adf06232fc9cd.js

188.114.97.1

481 kB

URL
nest.rip/_next/static/chunks/pages/_app-5b4adf06232fc9cd.js
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
481 kB (480641 bytes)
Hash
7e44f89b3d52b5b794ea28b76e572f9c
3f6ebd3e6adac67ec51a788ae9c946d65903eb5a
9e12f20071e30bea9a6d7faf35b2469773829ba6ff4459bdd8441bbec110473c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/pages/_app-5b4adf06232fc9cd.js HTTP/1.1
Host: nest.rip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nest.rip/?ref=viewer
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:12:50 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
cf-polished: origSize=788750
etag: W/"c090e-18d74ee6c02"
last-modified: Sun, 04 Feb 2024 16:23:18 GMT
vary: Accept-Encoding
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=27E4imY3hjlNUhIgkI2ShxlqkFuU9pVL2vAt%2F%2Fm6i%2Bs6U34J7Z0U2eQhg2iivQlk6Rub1L4LgjVPcIBO4GrWujyPnYDGv49hMpu5dxKy3nikQ5B7m38cTxRl6A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a2052e388456c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdn.nest.rip/avatars/65c2573c-3e1e-4d26-8042-28c3e4fef6e2.png

188.114.97.1

82 kB

URL
cdn.nest.rip/avatars/65c2573c-3e1e-4d26-8042-28c3e4fef6e2.png
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1280 x 853, 8-bit/color RGB, non-interlaced
Size
82 kB (81655 bytes)
Hash
63645eaadd518d376267f55c95a28928
a83db9918c1273c98c4e9ad7c91f561e5416c705
b9fd246a7346f33889c5ddacc77b5e28de9f65b7437ed081eeccad5cac3c9171

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /avatars/65c2573c-3e1e-4d26-8042-28c3e4fef6e2.png HTTP/1.1
Host: cdn.nest.rip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nest.rip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:12:51 GMT
content-type: image/png
content-length: 81655
content-disposition: filename="NahSahh.png"
content-security-policy: block-all-mixed-content
etag: "63645eaadd518d376267f55c95a28928"
last-modified: Tue, 02 Aug 2022 10:30:47 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Origin, Accept-Encoding
x-amz-request-id: 17B86AA46707F32F
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-amz-meta-originaluploader: 21e94d0b-1626-48aa-811a-b8bd1723c745
drive: SSD
x-cache-status: MISS
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ODnc4dGMOP905vjIbt0dIZKZTSDAX6PCT8dJ65nDV8Y59DhaZ61r5W%2BPxr1ka9VM6mIds%2FIVn%2Fg%2FEoQm%2FLlaZFwVUMrXvMqkUjB5dOspKj8gyxqulCGsTK3PjNF65n4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a205323a6b56c3-OSL
alt-svc: h3=":443"; ma=86400

cdn.nest.rip/avatars/88b96cca-1166-4246-9c00-52d15f901ac0.png

188.114.97.1

7.8 kB

URL
cdn.nest.rip/avatars/88b96cca-1166-4246-9c00-52d15f901ac0.png
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 512 x 512, 8-bit/color RGB, non-interlaced
Size
7.8 kB (7833 bytes)
Hash
24f4cab5f90cf48b774ccb24fb2d7beb
db6b7e20e8cb683a499988664885cdc116cde0ca
d9b1a50903eb49cce7b180f04069a04dc3b3617623f2a6df8c1fb4edb9b27753

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /avatars/88b96cca-1166-4246-9c00-52d15f901ac0.png HTTP/1.1
Host: cdn.nest.rip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nest.rip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:12:51 GMT
content-type: image/png
content-length: 7833
content-disposition: filename="syz-icon1.png"
content-security-policy: block-all-mixed-content
etag: "24f4cab5f90cf48b774ccb24fb2d7beb"
last-modified: Sun, 10 Sep 2023 13:12:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Origin, Accept-Encoding
x-amz-request-id: 17B0B71230DBB289
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-amz-meta-originaluploader: d0c27910-b74c-4299-add4-48a6fe2f48d0
drive: SSD
x-cache-status: MISS
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H0w23ssKUyhEK20L5AxFw95cgbYIumr263YaEyZt2dwfWto00AgKfZUIkMNS1cYrzf1ffJIa%2FjEf7FS0ZeCOIV4ZP5KDGMMrIwRdj1qqKKcUUWFf81XtXH46qyAhvdM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a205323a6e56c3-OSL
alt-svc: h3=":443"; ma=86400

cdn.nest.rip/avatars/11519c48-4a0e-468c-98e1-a0f84082b8fc.png

188.114.97.1

9.5 kB

URL
cdn.nest.rip/avatars/11519c48-4a0e-468c-98e1-a0f84082b8fc.png
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1920 x 1920, 1-bit colormap, non-interlaced
Size
9.5 kB (9454 bytes)
Hash
7ae62c8347823500ba39f6a25e287876
e284cb763ef4fb6982ddf5a873c41761a3ae239a
1a7fcd93544f9111ecd6d47bf6e4dab19108e093c7d94a6e79e3ac0babe7c89f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /avatars/11519c48-4a0e-468c-98e1-a0f84082b8fc.png HTTP/1.1
Host: cdn.nest.rip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nest.rip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:12:51 GMT
content-type: image/png
content-length: 9454
content-disposition: filename="lol.png"
content-security-policy: block-all-mixed-content
etag: "7ae62c8347823500ba39f6a25e287876"
last-modified: Wed, 14 Feb 2024 11:24:39 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Origin, Accept-Encoding
x-amz-request-id: 17B3B6FCB4A291E4
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-amz-meta-originaluploader: c62b4ef1-22b4-4e5d-8aa3-40a4c78e020d
drive: SSD
x-cache-status: MISS
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zAAIyVmxFUKcdOiTt8RBTJWQLsPlJpr3Wv3nAW5jPl0qmvK9aXzyxeGqg3ptY1uS7J1PTx8Dlp0N07XeF8O8JgZ7XIX4k%2Bfc%2Ft6ZqQLWQd88F0myNaUlhOhAqNpZ5FA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a205323a6f56c3-OSL
alt-svc: h3=":443"; ma=86400

cdn.nest.rip/avatars/51b63ded-f8f2-4cdc-950b-a82ce01ae805.png

188.114.97.1

4.9 MB

URL
cdn.nest.rip/avatars/51b63ded-f8f2-4cdc-950b-a82ce01ae805.png
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 128 x 128
Size
4.9 MB (4931350 bytes)
Hash
fcd67fdb7cb70a721d109b307e2683bc
ca7f544960984fcc5f2576c7c94872025987fa2e
7e603cd07d09cbb4f692fd6e12bf9d883d7de8ed5de3389c7c845b1aaa74eb56

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /avatars/51b63ded-f8f2-4cdc-950b-a82ce01ae805.png HTTP/1.1
Host: cdn.nest.rip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nest.rip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:12:51 GMT
content-type: image/gif
content-length: 4931350
content-disposition: filename="avatar.png"
content-security-policy: block-all-mixed-content
etag: "fcd67fdb7cb70a721d109b307e2683bc"
last-modified: Thu, 22 Sep 2022 16:18:28 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Origin, Accept-Encoding
x-amz-request-id: 17B0B709A158730D
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-amz-meta-originaluploader: 1a174d76-f750-45cf-b903-7fb2cf7899e7
drive: SSD
x-cache-status: MISS
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4a%2BiJvNoNj3Ux1yTnFiCbLLEFfhI2cusu2mwL%2F2sJsTBICdqHq2ylPq7bVzcQDxyja%2F2qAm43KeeLPFC5ThM7lfLnZz6J4eaQlUW%2Ff3c0QjwoHtKNgSZQqoAecwrIpk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a205323a7256c3-OSL
alt-svc: h3=":443"; ma=86400

cdn.nest.rip/avatars/eb46ea7d-8510-40ff-aab4-aa5a1200719b.jpeg

188.114.97.1

41 kB

URL
cdn.nest.rip/avatars/eb46ea7d-8510-40ff-aab4-aa5a1200719b.jpeg
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 563x558, components 3
Size
41 kB (40630 bytes)
Hash
4336275a04c428b4b1703df9aaaac241
4ef5049544e29aa86fe6ba971560f6648fa7fb1f
b6b466ea4cb761438da65249faa1b1afa750c90f86eef4dce915b6a2f3ca1718

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /avatars/eb46ea7d-8510-40ff-aab4-aa5a1200719b.jpeg HTTP/1.1
Host: cdn.nest.rip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nest.rip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:12:51 GMT
content-type: image/jpeg
content-length: 40630
content-disposition: filename="deeznutshaha.jpeg"
content-security-policy: block-all-mixed-content
etag: "4336275a04c428b4b1703df9aaaac241"
last-modified: Sat, 19 Aug 2023 18:38:29 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Origin, Accept-Encoding
x-amz-request-id: 17B0B7122782DF86
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-amz-meta-originaluploader: d9d9beed-b8e5-4425-bb55-28fab0093860
drive: SSD
x-cache-status: MISS
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sX5tzQGaWtHhvXUnYgzBQ3e3g3kBWcgdIJxXddpWmH3RUUeUacLQLrEBaNfgfzrfXKjJltYfaX%2FF8mJwQrQN2tGa7OmMLw0mtRN3x4Mg1p1UM6cGNNx7AW7JYKRpoWQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a205324a7456c3-OSL
alt-svc: h3=":443"; ma=86400

cdn.nest.rip/avatars/4a8cad77-cd2d-4094-bcdb-a0c4a828f73b.jpg

188.114.97.1

54 kB

URL
cdn.nest.rip/avatars/4a8cad77-cd2d-4094-bcdb-a0c4a828f73b.jpg
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 216x216, segment length 16, progressive, precision 8, 563x555, components 3
Size
54 kB (54110 bytes)
Hash
ed8eacb2771c39f81645e1ca53d5c16f
8c2bc37c076bda8353ed3f086a1b90fc5ac17c56
f1f32c86c36ff90ae23f76c9d5c00b04a58a827d854306360bf8ac2ac8d56e6f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /avatars/4a8cad77-cd2d-4094-bcdb-a0c4a828f73b.jpg HTTP/1.1
Host: cdn.nest.rip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nest.rip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:12:51 GMT
content-type: image/jpeg
content-length: 54110
content-disposition: filename="raccoon.jpg"
content-security-policy: block-all-mixed-content
etag: "ed8eacb2771c39f81645e1ca53d5c16f"
last-modified: Thu, 15 Feb 2024 07:00:20 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Origin, Accept-Encoding
x-amz-request-id: 17B3F724A5796EC3
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-amz-meta-originaluploader: fc286833-5d4a-4953-b1fe-526cadb2e8f5
drive: SSD
x-cache-status: MISS
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HlmQDo6d0gl0bncuAxTTteAXSbwVXK9zJ2WY1%2BcLWNe%2Br6NByp1duoAxYhcO4tI7YqRny6cBVd%2FnX4bJn4gNVBbKEaoGFlIKdJM3NiaH0GoB8RGLG7%2FfOGAneeQEW2A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a205324a7956c3-OSL
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML