| ledronin.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-eaddf0428a16426c.js | 172.67.131.174 | 200 OK | 6.3 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-eaddf0428a16426c.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (662), with no line terminators Hash06062156d99da1c306ff5966000be2c4 3c128ded6b30d8bcfb9a85b8f1d7551400c4eb60 9e0349f7ac8b75e95aff12e66f57065f040d20165ea783fe17366bea6a56751d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-eaddf0428a16426c.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:09 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6628e367-296"
last-modified: Wed, 24 Apr 2024 10:48:07 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4060
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ndtTLAs6IhHJ7tLFv68%2F%2Byza2e0c42WA9fQpHYXQzUlRfJjLOFYTlTD4PZoF6D0wgOj6nuvYfr6CBhes%2BjWeMf7JhFXPngIdmAjyatdJd5m%2FT%2F4nmLrYayb%2BRVyHtJs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab64683d712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/VQVlAmm3RyRtHopEWly_Q/_ssgManifest.js | 172.67.131.174 | 200 OK | 8.2 kB |
URL GET HTTP/3ledronin.com/_next/static/VQVlAmm3RyRtHopEWly_Q/_ssgManifest.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeASCII text, with no line terminators Hashd78f02cd11637a888af548f5e270c3af 9c90b573305ec9d6d2e7e74837c641a863d991b4 2357fd3fc3972384c0c7a714da244191da43a7bf5d91fd865a30d2deb0b6b517
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/VQVlAmm3RyRtHopEWly_Q/_ssgManifest.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:09 GMT
content-type: application/javascript
last-modified: Wed, 24 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
etag: W/"6629053f-b6"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=17dvEfkmyehlc%2BjVpVGPBR7lz3VV%2BJMPq5JXXAmuy0Hvgz34RQLSaDuqraNqpPJ3LsuNbEi0ESuPbOwEaq9oRquFkX%2FFk2rWOI3IDnQN2OwQt0BE8MQAybjV%2FzSxMFY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab64686c712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/VQVlAmm3RyRtHopEWly_Q/_buildManifest.js | 172.67.131.174 | 200 OK | 11 kB |
URL GET HTTP/3ledronin.com/_next/static/VQVlAmm3RyRtHopEWly_Q/_buildManifest.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeASCII text, with very long lines (1605), with no line terminators Hash8585a60ffdbb60dcba72318d5128d3a9 340958e7bdde2404acb4fbf19e477a1c7674b8d7 61f2ea060cf72a65e9e9ef0a45e9f04b0d3abc1762291843a7de442678cdc765
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/VQVlAmm3RyRtHopEWly_Q/_buildManifest.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:09 GMT
content-type: application/javascript
last-modified: Wed, 24 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
etag: W/"6629053f-645"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tLwXCPZ7%2FFLxZj%2Fm%2F9MMpzl%2FEpP0MPe7yda0bPKqrRddvCpCk1zCuaML9MYwZsKNh6WH3%2Bb%2F8AwkqgmYu6c1yIHUb%2B3WChrcuWIJZjylbFkViY2dUfolLGMmvwKSeyk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab646856712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/2610.1baf2de4c8779a0e.js | 172.67.131.174 | 200 OK | 2.9 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/2610.1baf2de4c8779a0e.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (13124), with no line terminators Hash285f6dd54ac88cdc30a796895c98adb3 f4ff40359e70d2a28b3ba2773e180ac93ce29a37 6dff74775e02f0f3618dcd683ce01b570ed044fca2a250051e6f7e6bb0cc2974
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/2610.1baf2de4c8779a0e.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:09 GMT
content-type: application/javascript
last-modified: Wed, 24 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
etag: W/"6629053f-3344"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yjtF6MgJU02IVY%2Bn1FZ3ggJxegu0H%2FxzDyIyT50I4ax7IG4ICDtquetsE8%2BlcBBBgBIziLjWZVQYo56Nnyot6lb%2BCpd6IJxxwhEDA59Es80RYZV8%2FweU7kAvc8VZVjc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab644813712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/8904.6fbc0cfd51623cbf.js | 172.67.131.174 | 200 OK | 580 B |
URL GET HTTP/3ledronin.com/_next/static/chunks/8904.6fbc0cfd51623cbf.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (925), with no line terminators Hash3d657d2d17983fccaac3b0512a0f9460 06faa560e966627855c424e23fbb0bb5aadde083 b9e3997d6a87385dd604b65dfa962fe50944dfc158c2e82c945d6b8664e2f81e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/8904.6fbc0cfd51623cbf.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6628e367-39d"
last-modified: Wed, 24 Apr 2024 10:48:07 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4060
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FvSTlqaGea4F4lp4RrR7LpNwipe2OCRkRetfzjbhWmqmkmNNazE0%2Bo6SAx1XQppWZN5JUZEkaXzvRlqEIQBWVM84O0mUUvajWCJ0Nzqw%2BY9j4Mu2PgKKK266sFWUbHg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab65ca69712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/css/0bc0cde260d08b97.css | 172.67.131.174 | 200 OK | 3.2 kB |
URL GET HTTP/3ledronin.com/_next/static/css/0bc0cde260d08b97.css IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeASCII text, with very long lines (1843), with no line terminators Hash64b2b4fa42c7d558d735e2cd28ecf88a 03d6da6e55b1201b51689590520da495a9233d67 2fdb3ce9ccba8355040e5ba3dfb2283194acba81858943b5d88f70030dbb71ea
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/css/0bc0cde260d08b97.css HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:09 GMT
content-type: text/css
last-modified: Wed, 24 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
etag: W/"6629053f-733"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w936molrdQ5Bv1wJtcH3LY%2BR3FGojrVPTFdQMosELnGMBXkSYWeMqk0FGAVWFFJQYxB89eNrgKcqDVpxz5WxHXeEtRprkTQMxo6sl%2FKofj3je9WQi%2Fop4KrazguJAg4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab644812712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/img/comments/finance-survey-people/person-3.webp | 172.67.131.174 | 200 OK | 1.5 kB |
URL GET HTTP/3ledronin.com/img/comments/finance-survey-people/person-3.webp IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hasha747d227c2e10b5178fd942484301d7a b3c5cf90dd5fd2c26c7b17dcb2d35b6dd47065be 9f4fb1281b7141b9dd48925953f7b039b6c411ea0e6e5b158d3e000d75316e9f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-3.webp HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: image/webp
content-length: 1454
last-modified: Wed, 24 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
etag: "6629053f-5ae"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ue4x1qwj%2FpdW0aEqQs4PPGF2lg8pvXS%2FXfiIEwL%2BnTE6Vu%2F0HKQ2NeF%2Fesn%2BvW4hJ631dXmSV9i%2FLTzgTZ5L%2Fwu5QmmyTCoBJ4LJ%2FcRHXuTc7VzEolQTgE40tvaaRa8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab66dba4712b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/img/comments/finance-survey-people/person-2.webp | 172.67.131.174 | 200 OK | 2.2 kB |
URL GET HTTP/3ledronin.com/img/comments/finance-survey-people/person-2.webp IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash8f8ffbb278de1342e5cf44cd0c677c23 1b4b4428e409479cc8a8acfce6f537c2aeea7556 ac4284ed6941963c4fa0db306537f42f3a0b1fa18710bc7b9e1e62188961d83a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-2.webp HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: image/webp
content-length: 2220
last-modified: Wed, 24 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
etag: "6629053f-8ac"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2jXObQ36Od0iCAoTjwk9ZlOKOHOnk2o1%2B0cqGXMgL%2FwSLCFQuvtC280uY6bnrZscA2IMvb%2Ft9XM1S9jrBNK7DAROG00VESauBxQk0fflozpCkmC0DUCxhEG1UUx4arU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab66dbb1712b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 0 B |
URL OPTIONS HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://ledronin.com/
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:09:10 GMT
content-length: 0
access-control-allow-origin: https://ledronin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| ledronin.com/_next/static/chunks/webpack-57d4eaea9c29e543.js | 172.67.131.174 | 200 OK | 4.3 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/webpack-57d4eaea9c29e543.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (6098), with no line terminators Hash652e29dc6ac951275307f4d64a59f90b 291cf320dca2186f01ed7a364c3db46b7c3a7795 0deb92883a70d7fc95800acfdd398f7c9ea5b66e4e8d977e1d533c1b62d4d914
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/webpack-57d4eaea9c29e543.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:09 GMT
content-type: application/javascript
last-modified: Wed, 24 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
etag: W/"6629053f-17d2"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bxGHMJXk3ppSyEGbBOqPcsCo7QonsNkNUek%2FfpJYut5rCsOVLel53saJB99EHMKnQMFwGNApgxPwu1y09Nj%2BiOvOjwlylOeklcDiABf92CdJRssDRCprLZoBKCPHXuI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab64581c712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL OPTIONS HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ledronin.com/
Content-Type: application/json
Content-Length: 355
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 2fab610101c0e10199bcf1d98248b3a1
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ledronin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 0 B |
URL OPTIONS HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://ledronin.com/
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:09:10 GMT
content-length: 0
access-control-allow-origin: https://ledronin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| ledronin.com/_next/static/chunks/2734.6269ca0cf725ea17.js | 172.67.131.174 | 200 OK | 4.3 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/2734.6269ca0cf725ea17.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (4147), with no line terminators Hash48072be51722d2894982d56f13a52372 c1fbbdcb8b12079d61205284dec041f93390f47b b0ab49765bb74cdb8c46c171f3adad413e1934203046a3ca23d4872c892894d5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/2734.6269ca0cf725ea17.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6628e367-1033"
last-modified: Wed, 24 Apr 2024 10:48:07 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4053
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1RRiXcvRLu0WRBr%2BiS7LSr4Utff6LKINZnBM%2FQDTUCXVwdxuTnT6TcMXIWya%2FozuudYgJrRdpZ3GEYadfBA%2FlH%2F7T63wyWX5kiq1NDgzWlS8ZgCbD2u2gSR5gjs3umM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab65ba3a712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/4981.3c1daeeee82e08ea.js | 172.67.131.174 | 200 OK | 5.5 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/4981.3c1daeeee82e08ea.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (21617), with no line terminators Hashe5a18eccb2797e5391d6ce697f63eaba fd0cfa9d1d8af22b690973928c5d65b6be83389b 865d0997740868b6c2804f1949e997d55baffc23023235d8af966f8b999c2b84
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/4981.3c1daeeee82e08ea.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:09 GMT
content-type: application/javascript
last-modified: Wed, 24 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
etag: W/"6629053f-5471"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=waS7cpLmLKwyq0gW6GtuNBOJH8mzIHfMcPa3xcT3RD3ghAz8Ph0pdZlpSmJIIhmC6tCFIdq%2BT1%2BofydDvPKWMxmQ8xFAfFwZf6b1bAbDVYekj%2ByUKGYjPrmPqJaI1yg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab644816712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-do | 139.45.197.248 | 200 OK | 0 B |
IP139.45.197.248:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /sync-do HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://ledronin.com/
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:09:10 GMT
content-length: 0
access-control-allow-origin: https://ledronin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL OPTIONS HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ledronin.com/
Content-Type: application/json
Content-Length: 375
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: ff7064f286c4ed4d34098fde05f7be78
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ledronin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-do | 139.45.197.248 | 200 OK | 179 B |
IP139.45.197.248:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash081142aa1c9267422ee7fd25ac457579 cf8a223610da412aab4cc9aec68f6f304258b3ce 58084d495376ed2e41f026c352cabb187129c58109f2b15caeb1a539deb2cd19
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /sync-do HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ledronin.com/
Content-Type: application/json
Content-Length: 161
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: application/json; charset=utf-8
content-length: 179
x-trace-id: 50bb6b6c8ee4c0b6b7963439da70874b
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ledronin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=1279e065-15d4-4b3e-9807-ecdd3a5bf934 | 139.45.195.253 | 200 OK | 12 B |
URL POST HTTP/1.1datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=1279e065-15d4-4b3e-9807-ecdd3a5bf934 IP139.45.195.253:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerSectigo Limited Subjectdatatechonert.com Fingerprint3F:E1:50:2C:9F:FC:F9:37:03:E3:B6:34:00:06:89:69:01:E7:C3:27 ValiditySun, 10 Dec 2023 00:00:00 GMT - Mon, 23 Dec 2024 23:59:59 GMT
Hashadb4650bfc9d2a73d4dd69583b0ceb14 1ce399d6e936232aaf2192cd7903a279c5015f22 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=1279e065-15d4-4b3e-9807-ecdd3a5bf934 HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1423
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Wed, 24 Apr 2024 14:09:10 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://ledronin.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://ledronin.com/
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://ledronin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| ofklefkian.com/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerLet's Encrypt Subjectofklefkian.com Fingerprint04:A9:FE:8D:C9:B9:EE:6F:3A:C4:29:EA:19:AD:C3:1D:7D:3E:14:02 ValiditySun, 14 Apr 2024 05:38:05 GMT - Sat, 13 Jul 2024 05:38:04 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /custom HTTP/1.1
Host: ofklefkian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 390
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 3044b285d95ac062771152a6daa3f267
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ledronin.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| ofklefkian.com/zone?&pub=0&zone_id=6679107&is_mobile=false&domain=ledronin.com&var=5072357&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.502&trace_id=c270b496-1b8f-451d-990d-955dbef695dc&action=prerequest | 139.45.197.251 | 200 OK | 0 B |
URL POST HTTP/2ofklefkian.com/zone?&pub=0&zone_id=6679107&is_mobile=false&domain=ledronin.com&var=5072357&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.502&trace_id=c270b496-1b8f-451d-990d-955dbef695dc&action=prerequest IP139.45.197.251:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerLet's Encrypt Subjectofklefkian.com Fingerprint04:A9:FE:8D:C9:B9:EE:6F:3A:C4:29:EA:19:AD:C3:1D:7D:3E:14:02 ValiditySun, 14 Apr 2024 05:38:05 GMT - Sat, 13 Jul 2024 05:38:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /zone?&pub=0&zone_id=6679107&is_mobile=false&domain=ledronin.com&var=5072357&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.502&trace_id=c270b496-1b8f-451d-990d-955dbef695dc&action=prerequest HTTP/1.1
Host: ofklefkian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:09:10 GMT
content-length: 0
x-trace-id: 7ae8b2efc76425595402f869d3fc2b46
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ledronin.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 94 B |
IP139.45.197.250:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hash8da94728f8980e1fc90d67d5216a0c75 88e7e379869a025ce8c9f9fbfcf6fff373d6b39d 05dbd4a4d3bbc79a5e03e3a1b4d18af2e5a246e6a10124fc5a0c8d101f0bb640
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ledronin.com/
Content-Type: application/json
Content-Length: 1774
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ledronin.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| ofklefkian.com/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerLet's Encrypt Subjectofklefkian.com Fingerprint04:A9:FE:8D:C9:B9:EE:6F:3A:C4:29:EA:19:AD:C3:1D:7D:3E:14:02 ValiditySun, 14 Apr 2024 05:38:05 GMT - Sat, 13 Jul 2024 05:38:04 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /custom HTTP/1.1
Host: ofklefkian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 391
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: e7b3f0a7ac2537d17d4eb8836e1f393b
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ledronin.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| ofklefkian.com/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerLet's Encrypt Subjectofklefkian.com Fingerprint04:A9:FE:8D:C9:B9:EE:6F:3A:C4:29:EA:19:AD:C3:1D:7D:3E:14:02 ValiditySun, 14 Apr 2024 05:38:05 GMT - Sat, 13 Jul 2024 05:38:04 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /custom HTTP/1.1
Host: ofklefkian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 388
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: a65a66cc9ebc5c18366ec8af301b1f2e
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ledronin.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| ledronin.com/favicon.ico | 172.67.131.174 | 204 No Content | 0 B |
IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Cookie: OAID=mkzirvldq1nmnv0l77a5km1f1c6tvznb; syncedCookie=true; oaidts=1713967750
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Wed, 24 Apr 2024 14:09:10 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SYIBK5bbT3kE2wD582%2B8QauZdxmrarFJOjZUurO5HfoRDu1HxsKKigXCMo8LI8hDp23aWrrkecjyhDNFfNvWTGG94BHRrmAmyawZff4qY%2FlH9qkB9y2XHQ1SBs2H8AQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8796ab6ad8eb712b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=5072357&ymid=&b=&campaignid=&click_id=&ab2r=&rhd=1&var_3=&oaid=mkzirvldq1nmnv0l77a5km1f1c6tvznb&os_version=&btz=UTC&bto=0&z=6679107&cdn=1&domain=ofklefkian.com&ab2=&ab2_ttl=5184000 | 172.67.131.174 | 200 OK | 14 kB |
URL GET HTTP/3ledronin.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=5072357&ymid=&b=&campaignid=&click_id=&ab2r=&rhd=1&var_3=&oaid=mkzirvldq1nmnv0l77a5km1f1c6tvznb&os_version=&btz=UTC&bto=0&z=6679107&cdn=1&domain=ofklefkian.com&ab2=&ab2_ttl=5184000 IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (36570), with no line terminators Hash9c707551764e528035154fcfc935d4da 8687a3418b6f0ded1dd3559be0c7ff8f6ed11e58 41f14ec09c4d467a2ff3351d0a9ff57dbbe0011995fd37afa97b3cbb5e40b0c2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=5072357&ymid=&b=&campaignid=&click_id=&ab2r=&rhd=1&var_3=&oaid=mkzirvldq1nmnv0l77a5km1f1c6tvznb&os_version=&btz=UTC&bto=0&z=6679107&cdn=1&domain=ofklefkian.com&ab2=&ab2_ttl=5184000 HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Cookie: OAID=mkzirvldq1nmnv0l77a5km1f1c6tvznb; syncedCookie=true; oaidts=1713967750
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: application/javascript
last-modified: Wed, 24 Apr 2024 08:29:25 GMT
vary: Accept-Encoding
etag: W/"6628c2e5-8eda"
access-control-allow-credentials: true
cache-control: max-age=1800
pragma: no-cache
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6TlLD1j61%2Bw%2BFqHmDHT0EPJL68M1q0VHGln12seWrQc0mNAnQrfkfbR7SB7WZ3t9mT3akxlfQ4KyvQB2fm2RSXi68lt01tHESBFNlLE4dIKiFS0S8AVybhtxggII1o4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab682d2e712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/86.1605512c42332a2f.js | 172.67.131.174 | 200 OK | 1.8 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/86.1605512c42332a2f.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (2846), with no line terminators Hash4454dd8d20da57e5b4febc37bbc817c4 444023ea84fd9aaebd6126ddc692ef85dfd2b76b 67e0c13ad56e50a9388106a54d2e16a566b8aeba3e2b69b08c3accef0c522cd8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/86.1605512c42332a2f.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: application/javascript
last-modified: Wed, 24 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
etag: W/"6629053f-b1e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fPaxZ9xJJ%2FB1%2FLpyjzDeyfS8yNAZlsjjJv0Sf6b1SB3fKNb%2FDzServW9ktOYXsNfqqKz1WaUHOvqQ1S8wMVGd9LwVsG73dfJn%2FhWDqIM4OziW5itYeM8IPjok1S9CMU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab65ba3d712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/sw/universal.js?var=5072357&ab2_ttl=5184000&zoneId=6679107 | 172.67.131.174 | 200 OK | 7.1 kB |
URL GET HTTP/3ledronin.com/sw/universal.js?var=5072357&ab2_ttl=5184000&zoneId=6679107 IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
Hash10b28f14a4642eb75e65f9babba5b2e5 83063f314d4e3f6568f4494abc796cdcbd87e3b4 0571c36e64ce7b589721a47fba1a604ca982a0b2a3694440db526d05dfb4e5a9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sw/universal.js?var=5072357&ab2_ttl=5184000&zoneId=6679107 HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Cookie: OAID=mkzirvldq1nmnv0l77a5km1f1c6tvznb; syncedCookie=true; oaidts=1713967750
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: application/javascript
last-modified: Wed, 24 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
etag: W/"6629053f-5b5"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gVAPL8PY%2FOnvMsvtm9TBrPTp3UiFKBg8DpPeIDTxCXsn6pe9J9gmuBqTuE6AKHGac9mcrkuR6u%2F6h1ZuQ7sTRYmaU8dmuSXUWe0%2BC2y4LP0sLlslLRKm6PXhyF3jQnU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab68fe4a712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/rotate?zz=4292523%3B5128285%3B6543082%3B4949467%3B5381241%3B5381316%3B5381307%3B5381339&var=5072357&ymid=&ab2r=&var_3=&var_4=&os_version=&uid=mkzirvldq1nmnv0l77a5km1f1c6tvznb | 172.67.131.174 | 200 OK | 9.9 kB |
URL GET HTTP/3ledronin.com/rotate?zz=4292523%3B5128285%3B6543082%3B4949467%3B5381241%3B5381316%3B5381307%3B5381339&var=5072357&ymid=&ab2r=&var_3=&var_4=&os_version=&uid=mkzirvldq1nmnv0l77a5km1f1c6tvznb IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
Hash1c7392049ff79afa266ebd7473728e7b 5d790b1d206f6680286cc4b4c10c9c2fb3fb94fe 52e3c478f38728371fd3a5e39148090ae99d720d862cbc4bc9b0a26ae0cff734
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /rotate?zz=4292523%3B5128285%3B6543082%3B4949467%3B5381241%3B5381316%3B5381307%3B5381339&var=5072357&ymid=&ab2r=&var_3=&var_4=&os_version=&uid=mkzirvldq1nmnv0l77a5km1f1c6tvznb HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
DNT: 1
Connection: keep-alive
Cookie: OAID=mkzirvldq1nmnv0l77a5km1f1c6tvznb; syncedCookie=true; oaidts=1713967750
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:11 GMT
content-type: application/javascript
vary: Accept-Encoding, Origin
x-trace-id: 944f15c325348aeb92f66f9e401c9cf7
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
timing-allow-origin: *
access-control-allow-origin: https://ledronin.com/
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
set-cookie: OAID=mkzirvldq1nmnv0l77a5km1f1c6tvznb; expires=Thu, 24 Apr 2025 14:09:11 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vZVL8U%2FQazb7eegMZGqHWaNOHc4rKKAqUFsHMJ35oEJiyyidvMbJw9V9MHbR%2BtyIH5%2F0uxZnQP9KKGsBBKe6edcGsJ4zcciE2OFDMP%2BV9r9zhbOdn6h7dmAhSg4Q4YA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab67bcb9712b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/img/rain/dollars-1.webp | 172.67.131.174 | 200 OK | 10 kB |
URL GET HTTP/3ledronin.com/img/rain/dollars-1.webp IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeRIFF (little-endian) data, Web/P image Hasha5bef813a0113d018592091106451c8b 59365e96c4abca5eb98a0c56db0af0bb5cbffebb 036beb7de9c9d450e1442d593ff70ad392ca4be6754e7feaec249c0009e1bd83
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/rain/dollars-1.webp HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: image/webp
content-length: 10546
last-modified: Wed, 24 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
etag: "6629053f-2932"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QDPZZcpACgDzokPCKFB6vptqbqzb%2BGxS0upjSNiGNMpq%2BUPXGuk31wjDap6df8VykqJnCSyAsS5RNWql28XhYhX%2BGu63V6qla%2FT1DlXQECo%2BflsfW%2Fg2Aj9au%2Bjg28Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab65294f712b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ | 172.67.131.174 | 200 OK | 40 kB |
URL User Request GET HTTP/2ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ IP172.67.131.174:443
CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 14:09:09 GMT
content-type: text/html
last-modified: Wed, 24 Apr 2024 13:12:32 GMT
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NSu8YDr9bjQt%2F58TfhIDP6oN2PwvdRupcD%2FlfE0vmJuqQkni%2FQ18pmK0rXyEdN0cSfVr9jzsAKC0b6u%2Fi3t9JF17IkbRHPg1BhKfIMbCLiZl01tP2YSVxSIygWogcRk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab626db256c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ledronin.com/_next/static/chunks/6223.36a8be3b6724c1ee.js | 172.67.131.174 | 200 OK | 3.8 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/6223.36a8be3b6724c1ee.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (3870), with no line terminators Hash1d892f4ab084b8290d79dcf9ec65b79a 17b0c18b7201dd8eb4bbd3db5be2f1d784000948 77e68c0c19f773bcf939398361c922509f29268cea7afe93f3f7050183115e14
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/6223.36a8be3b6724c1ee.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: application/javascript
last-modified: Wed, 24 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
etag: W/"6629053f-eee"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7zHWbk0T5kPHHjk4%2BaMFfm7CBjrH40O9vmgl5Am5g2IuNB8%2BVjBUSiYdHZfYoean9BE8T9ZeE%2FDK04KtA3vrrd6uezGSEPkJZnj2%2BpGaAXPQBpLEX%2FWBbIUobqSlwmE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab65ca6f712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/img/rain/dollars-2.webp | 172.67.131.174 | 200 OK | 8.1 kB |
URL GET HTTP/3ledronin.com/img/rain/dollars-2.webp IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeRIFF (little-endian) data, Web/P image Hash8b4203d496c3f52b116af082a0cd4017 de5369e9459e240950bb7eb5261eaac1db26907f 8dd1f04088c25e20d15e1bc23129604830aab2b4d3d0a408a5f047f9768f39a4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/rain/dollars-2.webp HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: image/webp
content-length: 8140
last-modified: Wed, 24 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
etag: "6629053f-1fcc"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hQtRxsqcvNq1XiZeDc9H7Bxf8m4%2FUR5EbkJFZVuAbTDnvf5fBR5Rlh2gaPTJmwk43PPLRXRoE0iNaZM8DUlQHzeaIgUCUSaDlmvCNyOvfFTI5EcyO0o5XFfmY1a9v%2BQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab653951712b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/framework-3281cb961088a9a3.js | 172.67.131.174 | 200 OK | 26 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/framework-3281cb961088a9a3.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (26042), with no line terminators Hash499fb17b15c09c2d76681f27dde9a031 5564d317c33112db56918ec372d392caabec70f2 9350c53e2fe847ec629962106d01d6af28a0d9c69feb57e7609b3c096935cdb2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/framework-3281cb961088a9a3.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:09 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6628e367-65ba"
last-modified: Wed, 24 Apr 2024 10:48:07 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4052
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CoLmggiDLtSDNi45sZm4B%2BRIuuA78leAYC0PpqfXwOrg7IPxrmuCK9t233OAXHByCcVfJRmzxaOfJPztqOgmhmQZKjC7ZT6RZl1gS6urkjSp%2FpTI4%2BQmWOR2COJoVEo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab64581e712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/9787.32846937d0160cf7.js | 172.67.131.174 | 200 OK | 1.8 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/9787.32846937d0160cf7.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (1771), with no line terminators Hashd269bc24ab428864c8a5d9fd90d791ae ff1943ecbdb21dd40483e22778b0826bce974cde 086e81568c991bb4f9d7f9bcb854f1f2bf66b7397b1eef5b0753889ccb86cb30
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/9787.32846937d0160cf7.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: application/javascript
last-modified: Wed, 24 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
etag: W/"6629053f-6e1"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PA9yhJeedCWX6ueeNlBSKTWpxQ19KHdSfDQbwkfe1F5bai4FonXtIKhwIxLf3NjR9y4wzh4qbZFeZsn4Rs0BcKRNdKZtH%2F3XoNrJQj6nmgRnbVpHwFZlcuQc23uwbSM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab660ab8712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/825.dc2233ab620d87e2.js | 172.67.131.174 | 200 OK | 40 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/825.dc2233ab620d87e2.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (39469), with no line terminators Hash72ac5913c12eaedbe7594c6acf1a627f 544008497f3ce02575d0fdd1df7aeecdb0b4d08b 2b3a1eabd05bc09901c3dcfc74e0ecadce09d0d29e9ddaf90f53fe22e169f05a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/825.dc2233ab620d87e2.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:09 GMT
content-type: application/javascript
last-modified: Wed, 24 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
etag: W/"6629053f-9a2d"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6Tvf%2BRgV1w%2FQFQBq%2BcTBd2ysWwF4D1uwv%2Bi%2B8k3NsXiC15I9tqZxc4%2BBput5yAsGVDZgNSosSsePU2QS5PAfSIQqk7pbabcTT4v5OCt9SQRp37tCsBAyqpPzwJwnS7Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab644819712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/1155-bfe64ad100e940a0.js | 172.67.131.174 | 200 OK | 65 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/1155-bfe64ad100e940a0.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (65221), with no line terminators Hash5f4500e306a4be1822b5aff8a4c6efe1 3935b212ffee10e8e0d4587bcc4f48ddc3e1b82c 8df090279564252c73ff6555c0bd188b44682e221d11206b64ee605b0df13249
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/1155-bfe64ad100e940a0.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:09 GMT
content-type: application/javascript
last-modified: Wed, 24 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
etag: W/"6629053f-fec5"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RsRHsWOoKiBVOaOsKJteTZuayxhQiFWs9tk5yrQbPIIqusxkYN2agO5YYtAzd925lu7RfgeM7A9%2B6chBAXIYFLyvGsiWKOaX5W6FTIIzOFI1AwOvK8H%2B0jRTfL1io8E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab645835712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/finance-survey/icon-survey.svg | 172.67.131.174 | 200 OK | 2.7 kB |
URL GET HTTP/3ledronin.com/finance-survey/icon-survey.svg IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeSVG Scalable Vector Graphics image Hasha000ba4d0e7570d810feafb22bc50bef af8fce44a683d3dfebe69cbe856e747739c9a666 9ae848c180201d8ae5c59ce118b0b7ef395a01295fb04d57e81cfe0566100679
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /finance-survey/icon-survey.svg HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
etag: W/"6629053f-a72"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PWULlbm%2FLl7i7Liber5ihTtxp7VpY9fyNe%2F1LeDhxW0G%2BLrVCjRTNSUoC39FQW2Dlvv53V8PT%2B90x85RTcuKYrgAJbZSS0fAXNqDgw3CfhNEcw1Ui763jSyZBTOkoSA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab675c3a712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/img/comments/finance-survey-people/person-5.webp | 172.67.131.174 | 200 OK | 2.4 kB |
URL GET HTTP/3ledronin.com/img/comments/finance-survey-people/person-5.webp IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash188dfcdf19da1d86ed162d54ed03536d 98b1baefbb803548b2894547091b4c7773406524 4f8251665e3cc796f127ea6cbdc00a9ec450adff16acb4ec74463c446b6f4ba6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-5.webp HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: image/webp
content-length: 2384
last-modified: Wed, 24 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
etag: "6629053f-950"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zRgLm%2FOXe95GjgSwRtPn58KHgGsU9M8AnG4oUqijTLPzucKAPraM04nOmubtkBda3b%2BtIkqAVJlh22C8vFum0uDHzul79yesd8mfDsQwEsUTTZRAU%2ForjhuK%2FZ5Yh0w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab675c3c712b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/img/rain/dollars-3.webp | 172.67.131.174 | 200 OK | 5.9 kB |
URL GET HTTP/3ledronin.com/img/rain/dollars-3.webp IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeRIFF (little-endian) data, Web/P image Hash51ea76ff382bff8ef58a9943f7fd21d1 5c3d6ad6620fbde5ce3dddc88604e6d54621eba2 0240f30fc542fb5c2d532f33bc793b797199adaea75e22a7d9f04674b80d9a32
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/rain/dollars-3.webp HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:09 GMT
content-type: image/webp
content-length: 5938
last-modified: Wed, 24 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
etag: "6629053f-1732"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SFpZnx0J%2FJJQPTDDGhK2FCEUFI%2FIRhpEHjytEDqFffkDeyLx2dFfjCHDqWfxOS8MH0uNs5OPvUecvOZu%2F4CvzN1wOsD1Ngd9sff%2FGuNBoVpOR4CHEWblUtF88RNFeVU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab653952712b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/3091.c21155d8b2396207.js | 172.67.131.174 | 200 OK | 2.4 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/3091.c21155d8b2396207.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (2429), with no line terminators Hash3b91a1044dbf61b756a3730050ebd45f 9336d892614e8c5ab834d493c1cc7c0aa8aacf1a 586c6e521c5ec066a20ba11265175c9c75446d1ae33fc954f14c7d4cd3be2a62
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/3091.c21155d8b2396207.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: application/javascript
last-modified: Wed, 24 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
etag: W/"6629053f-94d"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4p%2F5n5miDI8iB6m5rPuKCcrDj%2FBXx3G1uFg0tpkpskQu2el6jmfvCrZYhai4H9bPzZZusWh8iVY11LHDG3DinKEU%2BiGWXeQyWutY0fTArkSnuruUYctEKqlmFQa3kuU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab65ca7a712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/1706.8b7dd24879347088.js | 172.67.131.174 | 200 OK | 20 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/1706.8b7dd24879347088.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (19738), with no line terminators Hash7cd1db24e089a8319084d97207e5bab9 da0814161e7abc9c852b7219ad17af3db13774e7 46d44f30314f990c43945d6bc834b31b3051d68836c384244a632195e22df8e6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/1706.8b7dd24879347088.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:09 GMT
content-type: application/javascript
last-modified: Wed, 24 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
etag: W/"6629053f-4d1a"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2Z81Oochq5uSkFqeY3aV0w44cbpm1jQMw8K93jSQbnMVIzTCIAnWHhqCZMNtsJhsibc%2FXxiIPwISGItS0Bw%2BdwEtA8N2S46av%2Bu5pC6hc7dTzgDIc2aJyQG%2B9cW5hPk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab644818712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/track?dry=false&request_var=&oaid=mkzirvldq1nmnv0l77a5km1f1c6tvznb&os_version=&var=5072357&var_3=&var_4=&variable2=6aixzs2TLciAGJUaKcZKRQ&ymid=&z=5072357&offer_id=2025 | 172.67.131.174 | 200 OK | 182 B |
URL GET HTTP/3ledronin.com/track?dry=false&request_var=&oaid=mkzirvldq1nmnv0l77a5km1f1c6tvznb&os_version=&var=5072357&var_3=&var_4=&variable2=6aixzs2TLciAGJUaKcZKRQ&ymid=&z=5072357&offer_id=2025 IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hashe6246b04b7d99b675f7086e756e1f242 9f3b5f5cb9b34830dc20448a0acc83bcce5d2727 5ecadcf1c19edd16643f48e47f530b024c97a5653f98a47e14c61d5270dd7881
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /track?dry=false&request_var=&oaid=mkzirvldq1nmnv0l77a5km1f1c6tvznb&os_version=&var=5072357&var_3=&var_4=&variable2=6aixzs2TLciAGJUaKcZKRQ&ymid=&z=5072357&offer_id=2025 HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
DNT: 1
Connection: keep-alive
Cookie: OAID=mkzirvldq1nmnv0l77a5km1f1c6tvznb; syncedCookie=true; oaidts=1713967750
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: application/json
vary: Accept-Encoding
x-trace-id: 9856a703cd4e730911fa86490b1e94f1
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ledronin.com/
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e0yi8vuBQitonypOfF7zfpFKMuDwHzp%2BUQVyrOj6AEMm4Qn%2F0MFhJEK3iwpc7Te2SjTwHzKW9nwfCLWWb2xk2r4CQotfvRL4SFUNRO7kjfJO0rB9XG9gvKOrL%2FOZSWc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab67acb2712b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| my.rtmark.net/gid.js?userId=mkzirvldq1nmnv0l77a5km1f1c6tvznb | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=mkzirvldq1nmnv0l77a5km1f1c6tvznb IP139.45.195.8:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hashe83c6d224fd57f57a64855ac4e8bf73c 56bc310add55a4bd8986d6bb21dd047fd798414c 02c4465038498ece5486d52a621a5da70a072beb250c42f8ff4bf01bd8fe8a61
GET /gid.js?userId=mkzirvldq1nmnv0l77a5km1f1c6tvznb HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ledronin.com/
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://ledronin.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=mkzirvldq1nmnv0l77a5km1f1c6tvznb; expires=Thu, 24 Apr 2025 14:09:10 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| ledronin.com/img/comments/finance-survey-people/person-1.webp | 172.67.131.174 | 200 OK | 1.4 kB |
URL GET HTTP/3ledronin.com/img/comments/finance-survey-people/person-1.webp IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hashc5da2ea294623650bae71fc84401cf60 f1f62ea011cf81953cefe28254c134e992453b91 09a846c5b1af2c6100ff3193789be1e0e21ba9fc45c268f76f2007c78f1e4ac1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-1.webp HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: image/webp
content-length: 1402
last-modified: Wed, 24 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
etag: "6629053f-57a"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WYjjbncHMjJi15lD7Xwnoln4Sx9QrsGQDOMDcWyI7JeoUanKrI79CvOMDGmk1AaxSvN%2B5JZnQcq4Jn1oCoiQJTFbghXiI5WYizwCMbCTcxH19PIbQM83elvp%2BfpYG5U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab675c3b712b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/1754.9cd5cec6a6099ad4.js | 172.67.131.174 | 200 OK | 12 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/1754.9cd5cec6a6099ad4.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (12011), with no line terminators Hash97a720cc805d2afba1d18c848124b92e 600abde3f10a7008dcf63a06a38ddcee64d57824 67f19c84ea29e05d552357bf00c539946706d764dbe36d184af3b711ebd663b2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/1754.9cd5cec6a6099ad4.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: application/javascript
last-modified: Wed, 24 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
etag: W/"6629053f-2eeb"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BOVjnF1itXD44CvKEJT9%2F3Ju%2BjRP%2BtuatchkyfRzAwrQ0Rp5UNKoaoPTh5PusdrmxIi0y0oZdY%2F3sIrS70Pk%2FyItGa9Ma82sfOVyyh8BSCX4HhVituZKHxKjI5qvl%2B4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab675c46712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/pages/_app-300835a4e9aacf9c.js | 172.67.131.174 | 200 OK | 40 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/pages/_app-300835a4e9aacf9c.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (39993), with no line terminators Hashf3f209219f0234d519122940ffe82866 201086702881a34037583c151ad307c1f0ea5586 d74e2249aae2b85293388cb3577f6932e60bea804e7a1615a0204b9e4f707d1e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/pages/_app-300835a4e9aacf9c.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:09 GMT
content-type: application/javascript
last-modified: Wed, 24 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
etag: W/"6629053f-9c39"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8CMQ2abKCO4VWPCInhJUsC50gpo%2Be00MIzwYsG77%2FEuElogAowP5X8P5OtJ5%2FMo7VCMTKutdFzgYBJLt4qhOEE2wICyWZ3a0wHoPkQKDSd8F7CZrwJtz%2BFNBty6soJ4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab645825712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/7903-dd238946c7924507.js | 172.67.131.174 | 200 OK | 32 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/7903-dd238946c7924507.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (31896), with no line terminators Hashb5dd343db67bd22544d11da18268f5c3 069b5b221dd75af58d93192460778b3d07835e74 6347f1d4083f7a0a2ac3d8b12aae8832d9ea6914aa6e137d16a4d41869d14ea5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/7903-dd238946c7924507.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:09 GMT
content-type: application/javascript
last-modified: Wed, 24 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
etag: W/"6629053f-7c98"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MCvFRK8fA51KnNRFoTwYDrTOJEJE%2FF4eH7gPg%2Bn0oxc%2Fj18KKRIbomzKHjfYIBxx%2F6BootcH7fO%2Bw8ZD7Y5ojDo4jMV33WWei0E5FKvY4pcLMsjzzWSBaM%2FLlzsRT0Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab645829712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/2090-5c4f654224750f4b.js | 172.67.131.174 | 200 OK | 11 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/2090-5c4f654224750f4b.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (10772), with no line terminators Hash48a7086ede3da4d57eaa11bf2ba435dd a58e6ce70f2675ce2fdcaff04a63d33c4bc0744d 59750f2431678c96646d026ec016eeeb91df7913acfe972f7e9a3110b302dc3f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/2090-5c4f654224750f4b.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:09 GMT
content-type: application/javascript
last-modified: Wed, 24 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
etag: W/"6629053f-2a14"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uMJNu%2FSVmXM9ivSOZ8Kvfg3uhp6pTZU9NhEi3q22JzOZG0EB3J0ZmZslW%2F9vyWMPUYmfusx8X7TJAJ%2FtW73kpSU6D2rjt6U2cOTp%2BJgd3c5Ds2ozdX7vHjm%2FcNXN2nw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab64582c712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/main-beb6af9e60a8e042.js | 172.67.131.174 | 200 OK | 109 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/main-beb6af9e60a8e042.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size109 kB (108886 bytes) Hash49c6f57370e917bd37dc7d4d4d0bdb56 f5b56f5b9498f3500055c5614808903d85303991 0409ec519061477c75738733ce598796a11cd445e95df1cd3e72d0ef58136fd4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/main-beb6af9e60a8e042.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:09 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=108887
etag: W/"6628e367-1a957"
last-modified: Wed, 24 Apr 2024 10:48:07 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4052
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NErBbas%2Bzxz2uhdc321uJtfdgcy%2B1i2MX8cOkOMwjT6KSIp4DmeImCeywZe0yrMrjZeL7j6iHflPDaps76cVoRB%2FnEhy12f%2FgvJwcpCS6fSlpX%2B9uylPhjlDndvzsrg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab645820712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/5927.10a9d67f6732d4d8.js | 172.67.131.174 | 200 OK | 18 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/5927.10a9d67f6732d4d8.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (18514), with no line terminators Hasha430ce709a2b2e9b144810c17115f6c7 b0d435157a5614b2d58efdc0f2b5d94bfbfb5c2b d2461dafb3c86b97148ce5a6fe69d9f050cfe2aba4ba5fa311ebc3349504a7e2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/5927.10a9d67f6732d4d8.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: application/javascript
last-modified: Wed, 24 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
etag: W/"6629053f-4852"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=60vG8jb6cb0atCNevLDdc3DabPIotCk9y2vQnWbHbEZLoBX8GKzXH3jtBqIyIVph97WbcKDgN0TAxg2rks2v4IT1T6jrtelmnfB%2FXbV6LFWmPCGFnBUOBwvbuM4737g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab65ea97712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/img/comments/finance-survey-people/person-6.webp | 172.67.131.174 | 200 OK | 2.4 kB |
URL GET HTTP/3ledronin.com/img/comments/finance-survey-people/person-6.webp IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash7be25941ac032fcec25b1bb4ede296d2 cfc4fb3733844326076b6d7632087204c0bea34d 0ff9d28c4ab7516d2790e8df4d325cf602bc8f9eb787a7cd9b6554edd9530e4e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-6.webp HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: image/webp
content-length: 2440
last-modified: Wed, 24 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
etag: "6629053f-988"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JoKsPFcwiQr9HTaBMdckVCAl%2FSkkUqxMKHooIkB6GPEtfn8AMWM%2FS8DP9p6VIV3k79YXwPUIH3NBJZIvLH%2B2dLNQkwYW3D4grGfpCkw%2BnteTiD8yCQ6AXb%2Fi21Jcglg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab66dbaa712b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| cdntechone.com/stattag.js | 188.114.96.1 | 200 OK | 19 kB |
URL GET HTTP/2cdntechone.com/stattag.js IP188.114.96.1:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectcdntechone.com Fingerprint3D:20:D4:11:5D:06:B3:63:9C:08:BF:D9:D9:16:22:D5:DC:3B:9A:CB ValidityMon, 22 Apr 2024 03:33:58 GMT - Sun, 21 Jul 2024 03:33:57 GMT
File typeJavaScript source, ASCII text, with very long lines (18452) Hashbec2755dff94190fec0365b0db53807b f98c36e7e9e06325d03fe39c3b98879062fc2704 ccb15ff22ece6946136f1501ab3ae74155399187c8e85beb10399d56bb8e149a
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:04 GMT
etag: W/"65c37cb8-4a9e"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 6793
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BzvipeTAimPAEWxuOcrRN3vkGoJpJdZ%2BN5426C6iMOmxdGVDACEiWgyBdAyAqGAKjN39YUBsbxIRDQczSN43SdBbWZbnCVx0%2FHGkqOBNus8mbSoNitAtHVuONZBNOMKzkA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8796ab67bfccb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ledronin.com/img/comments/finance-survey-people/person-4.webp | 172.67.131.174 | 200 OK | 1.8 kB |
URL GET HTTP/3ledronin.com/img/comments/finance-survey-people/person-4.webp IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash5dc160f6b521dc8f6c670b140b354fed 22e15cda82b532067b99932ec28f86ea2cc1ecbc 09c6c6de57458ec0c4e7a3d2375e0c7b9c037de9366b63e3685cc0ca94d838b4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-4.webp HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: image/webp
content-length: 1798
last-modified: Wed, 24 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
etag: "6629053f-706"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2dBdx7ak3lDtL7U3JQbFfv4RBKRjhFcw%2FqhpUAHFQDzr2eNETHjKWXbDNoAs5lH7EXsMf1Alnk6V3sDvXlsmoQ6uoAtb%2BiVu%2FpV7gcmEYSNq16txK%2BGXQmfod4bmtdY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab675c38712b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/3978.f48a53d50c258a97.js | 172.67.131.174 | 200 OK | 3.0 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/3978.f48a53d50c258a97.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (3033), with no line terminators Hash74bc667253313da76d87a4a986be1be8 9fa4f4b0ef93eb4d387552e257796321d197540f 1c06c61294617665f38c1276deec5d74330236351921feeef0061359cdf139c7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/3978.f48a53d50c258a97.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=&ymid=6aixzs2TLciAGJUaKcZKRQ&ymid=6aixzs2TLciAGJUaKcZKRQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:09:10 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6628e367-b8b"
last-modified: Wed, 24 Apr 2024 10:48:07 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4060
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8ic5JKITEilcIcpPVFtYLVXhVkEyiPuSnM0AL5hGP2BJgbfcGgbkpMNKGpFyLgOuyrxWHrQvl5wby7gyGQxLI%2FXdXAlPAgMe%2B1y52Qm16PObV82XexWRJ%2FXnTJvSkro%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8796ab65ca5e712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|