URL: https://nitro.nerdsleaze.com/
Submission Tags: phishingrod
Submission: On November 25 via api from DE — Scanned from DE

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 5 HTTP transactions. The main IP is 2a02:4780:b:1158:0:793:16b8:2, located in Phoenix, United States and belongs to AS-HOSTINGER, CY. The main domain is nitro.nerdsleaze.com.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on September 25th 2023. Valid for: 3 months.
This is the only time nitro.nerdsleaze.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 2a02:4780:b:1... 47583 (AS-HOSTINGER)
5 1
Apex Domain
Subdomains
Transfer
5 nerdsleaze.com
nitro.nerdsleaze.com
134 KB
5 1
Domain Requested by
5 nitro.nerdsleaze.com nitro.nerdsleaze.com
5 1

This site contains no links.

Subject Issuer Validity Valid
nitro.nerdsleaze.com
ZeroSSL RSA Domain Secure Site CA
2023-09-25 -
2023-12-24
3 months crt.sh

This page contains 1 frames:

Primary Page: https://nitro.nerdsleaze.com/
Frame ID: 7342FE580138504B562E9EF739F23E78
Requests: 5 HTTP requests in this frame

Screenshot

Page Title

Lychee - Albums

Page Statistics

5
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

134 kB
Transfer

519 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
nitro.nerdsleaze.com/
59 KB
15 KB
Document
General
Full URL
https://nitro.nerdsleaze.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:b:1158:0:793:16b8:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
cf3956830a66b10ffce3f244b80403df7b81fa3cd8f56a3632151ee00a0a0882
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding
br
content-length
14589
content-security-policy
upgrade-insecure-requests
content-type
text/html
date
Sat, 25 Nov 2023 08:12:01 GMT
etag
"edea-652b3701-8f86638cab78ca75;br"
last-modified
Sun, 15 Oct 2023 00:49:05 GMT
platform
hostinger
server
LiteSpeed
vary
Accept-Encoding
main.css
nitro.nerdsleaze.com/dist/
25 KB
5 KB
Stylesheet
General
Full URL
https://nitro.nerdsleaze.com/dist/main.css
Requested by
Host: nitro.nerdsleaze.com
URL: https://nitro.nerdsleaze.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:b:1158:0:793:16b8:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
b73b9c2dcba023375c382762c39cf95da99daaa4a7619ffe87c28d3f0c0707ef
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nitro.nerdsleaze.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 25 Nov 2023 08:12:01 GMT
content-encoding
br
content-security-policy
upgrade-insecure-requests
last-modified
Sun, 15 Oct 2023 00:49:07 GMT
server
LiteSpeed
etag
"6379-652b3703-f0b2aef21cc9a7c5;br"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
platform
hostinger
content-length
5350
expires
Sat, 02 Dec 2023 08:12:01 GMT
main.js
nitro.nerdsleaze.com/dist/
435 KB
113 KB
Script
General
Full URL
https://nitro.nerdsleaze.com/dist/main.js
Requested by
Host: nitro.nerdsleaze.com
URL: https://nitro.nerdsleaze.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:b:1158:0:793:16b8:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
384eebbcac76cd7ee5ebea71752ab30fa20b7a9dc1334ccf7ba207a8fcfba2b5
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nitro.nerdsleaze.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 25 Nov 2023 08:12:02 GMT
content-encoding
br
content-security-policy
upgrade-insecure-requests
last-modified
Sun, 15 Oct 2023 00:49:08 GMT
server
LiteSpeed
etag
"6cc05-652b3704-53623db143d2ddbe;br"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=604800
accept-ranges
bytes
platform
hostinger
content-length
115780
expires
Sat, 02 Dec 2023 08:12:02 GMT
index.php
nitro.nerdsleaze.com/php/
64 B
459 B
XHR
General
Full URL
https://nitro.nerdsleaze.com/php/index.php
Requested by
Host: nitro.nerdsleaze.com
URL: https://nitro.nerdsleaze.com/dist/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a02:4780:b:1158:0:793:16b8:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed / PHP/7.4.33
Resource Hash
9030b1d4bceda519527ba29b8df654627eac457aefd9abf430e9058916cf2c3b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://nitro.nerdsleaze.com/
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma
no-cache
date
Sat, 25 Nov 2023 08:12:02 GMT
content-encoding
br
content-security-policy
upgrade-insecure-requests
server
LiteSpeed
x-powered-by
PHP/7.4.33
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
cache-control
no-store, no-cache, must-revalidate
platform
hostinger
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
68
expires
Thu, 19 Nov 1981 08:52:00 GMT
index.php
nitro.nerdsleaze.com/php/
42 B
68 B
XHR
General
Full URL
https://nitro.nerdsleaze.com/php/index.php
Requested by
Host: nitro.nerdsleaze.com
URL: https://nitro.nerdsleaze.com/dist/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a02:4780:b:1158:0:793:16b8:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed / PHP/7.4.33
Resource Hash
0e0a2128b90c8271e347b0f98a7bd1a613de0369f25a5e1954014550b82b9687
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://nitro.nerdsleaze.com/
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma
no-cache
date
Sat, 25 Nov 2023 08:12:02 GMT
content-encoding
br
content-security-policy
upgrade-insecure-requests
server
LiteSpeed
x-powered-by
PHP/7.4.33
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
cache-control
no-store, no-cache, must-revalidate
platform
hostinger
content-length
46
expires
Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

67 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| _taggedTemplateLiteral function| gup object| _templateObject object| _templateObject2 object| _templateObject3 object| _templateObject4 object| _templateObject5 object| _templateObject6 object| _templateObject7 object| _templateObject8 object| _templateObject9 object| _templateObject10 object| _templateObject11 object| _templateObject12 object| _templateObject13 object| _templateObject14 object| _templateObject15 object| _templateObject16 object| _templateObject17 object| _templateObject18 object| _templateObject19 object| _templateObject20 object| _templateObject21 object| _templateObject22 object| _templateObject23 object| _templateObject24 object| _templateObject25 object| _templateObject26 object| _templateObject27 object| _templateObject28 object| _templateObject29 object| _templateObject30 object| _templateObject31 object| _templateObject32 object| _templateObject33 object| _templateObject34 object| _templateObject35 object| _templateObject36 object| _templateObject37 object| _templateObject38 object| _templateObject39 object| _templateObject40 object| _templateObject41 function| $ function| jQuery function| Mousetrap object| basicContext object| basicModal object| album object| albums object| api object| build object| contextMenu object| header object| loadingBar object| lychee object| multiselect object| password object| photo object| search object| settings object| sidebar object| swipe object| upload object| view object| visible

1 Cookies

Domain/Path Name / Value
nitro.nerdsleaze.com/ Name: PHPSESSID
Value: 7994b8dc22afab3248b4fd7cb3f264c4

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests