| www.intromedia.online/go/74042076-5fe5-4083-9ea3-245e04871316?cost=0.005500&visitor_id=812087192573714432&zoneid=5548992&campaignid=8147509&survey_exit_type=social&country=CO&connection.type=satellite&carrier=claro-co&device=other&browser=firefox®ion=10&useragent=Mozilla/5.0(Android14;Mobile;rv:125.0)Gecko/125.0Firefox/125.0&osversion=android14&os=android&browserversion=125/ | 35.158.71.179 | 302 Found | 340 B |
URL User Request GET HTTP/2www.intromedia.online/go/74042076-5fe5-4083-9ea3-245e04871316?cost=0.005500&visitor_id=812087192573714432&zoneid=5548992&campaignid=8147509&survey_exit_type=social&country=CO&connection.type=satellite&carrier=claro-co&device=other&browser=firefox®ion=10&useragent=Mozilla/5.0(Android14;Mobile;rv:125.0)Gecko/125.0Firefox/125.0&osversion=android14&os=android&browserversion=125/ IP35.158.71.179:443
CertificateIssuerLet's Encrypt Subjectwww.intromedia.online FingerprintB3:7D:E7:1E:95:97:4C:BD:BF:27:27:CD:E7:11:9D:E2:DF:6A:55:EA ValiditySat, 16 Mar 2024 17:20:47 GMT - Fri, 14 Jun 2024 17:20:46 GMT
File typeHTML document, ASCII text, with very long lines (340), with no line terminators Hashe607cacfcdd431d860fa4ca21f812150 85f207e43cdbd70a22217394aa8ef32c571ba37a 213b426237fcade244501c8ec323cbe9c0cbb3556508b041020061b6b605ec27
GET /go/74042076-5fe5-4083-9ea3-245e04871316?cost=0.005500&visitor_id=812087192573714432&zoneid=5548992&campaignid=8147509&survey_exit_type=social&country=CO&connection.type=satellite&carrier=claro-co&device=other&browser=firefox®ion=10&useragent=Mozilla/5.0(Android14;Mobile;rv:125.0)Gecko/125.0Firefox/125.0&osversion=android14&os=android&browserversion=125/ HTTP/1.1
Host: www.intromedia.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: openresty
date: Wed, 08 May 2024 19:23:59 GMT
content-type: text/html; charset=utf-8
content-length: 340
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Full-Version,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
access-control-allow-origin: *
location: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
set-cookie: bemob-viewer-id=d5f810a4-061c-4dc9-89f0-1dac358d4cc7; Domain=www.intromedia.online; Path=/; Expires=Thu, 08 May 2025 19:23:59 GMT; HttpOnly; Secure; SameSite=None
bemob-uniq-visit:74042076-5fe5-4083-9ea3-245e04871316=1; Domain=www.intromedia.online; Path=/; Expires=Thu, 09 May 2024 19:23:59 GMT; HttpOnly; Secure; SameSite=None
bemob-rotation:74042076-5fe5-4083-9ea3-245e04871316:random:ea49b68f004904f779e1f0fefae022e2=0-0-0; Domain=www.intromedia.online; Path=/; Expires=Thu, 09 May 2024 19:23:59 GMT; HttpOnly; Secure; SameSite=None
bemob-click-id=HRUa5MFsqB5LDasZGfVjyC; Domain=www.intromedia.online; Path=/; Expires=Fri, 07 Jun 2024 19:23:59 GMT; HttpOnly; Secure; SameSite=None
vary: Accept
x-response-time: 58.888ms
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
X-Firefox-Spdy: h2
|
|
| ledronin.com/img/rain/dollars-2.webp | 104.21.10.179 | 200 OK | 8.1 kB |
URL GET HTTP/3ledronin.com/img/rain/dollars-2.webp IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeRIFF (little-endian) data, Web/P image Hash8b4203d496c3f52b116af082a0cd4017 de5369e9459e240950bb7eb5261eaac1db26907f 8dd1f04088c25e20d15e1bc23129604830aab2b4d3d0a408a5f047f9768f39a4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/rain/dollars-2.webp HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 19:23:59 GMT
content-type: image/webp
content-length: 8140
last-modified: Wed, 08 May 2024 15:01:42 GMT
vary: Accept-Encoding
etag: "663b93d6-1fcc"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6497
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jPY6QOz3vYGyWgx%2FjtxE2uE6E56%2F3gLsaly%2F4W9jZ8VSdQ12gI3bbGq0jXUou2fKZVJmBffXaSh03I8X3jslAAV62qFHxrfdcHtnaRL%2BLFg7v0uMm0MKckdBfm973Bs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d28a3a56af-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/img/rain/dollars-3.webp | 104.21.10.179 | 200 OK | 5.9 kB |
URL GET HTTP/3ledronin.com/img/rain/dollars-3.webp IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeRIFF (little-endian) data, Web/P image Hash51ea76ff382bff8ef58a9943f7fd21d1 5c3d6ad6620fbde5ce3dddc88604e6d54621eba2 0240f30fc542fb5c2d532f33bc793b797199adaea75e22a7d9f04674b80d9a32
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/rain/dollars-3.webp HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 19:23:59 GMT
content-type: image/webp
content-length: 5938
last-modified: Wed, 08 May 2024 15:01:42 GMT
vary: Accept-Encoding
etag: "663b93d6-1732"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6497
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SlLgAFAAvulDxkfTgEsCdstfOppPd7%2BmkMNY%2BH5w3yvPvCNfGIADAoBV8yAaormRCmcrprGotD%2Fe1ssUABVKkiZERdrVgOTnQQvxGGEpUjD6HQrk2GebRNbDNYFpdsU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d28a3b56af-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/img/rain/dollars-1.webp | 104.21.10.179 | 200 OK | 10 kB |
URL GET HTTP/3ledronin.com/img/rain/dollars-1.webp IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeRIFF (little-endian) data, Web/P image Hasha5bef813a0113d018592091106451c8b 59365e96c4abca5eb98a0c56db0af0bb5cbffebb 036beb7de9c9d450e1442d593ff70ad392ca4be6754e7feaec249c0009e1bd83
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/rain/dollars-1.webp HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 19:23:59 GMT
content-type: image/webp
content-length: 10546
last-modified: Wed, 08 May 2024 15:01:42 GMT
vary: Accept-Encoding
etag: "663b93d6-2932"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6498
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9hr1hYgx1cV2uiDS7hMR7XiOISN7rutswdodRni12npAoFoLCpEEk%2BGm4IJhKhWaBmVVq0NJip34wBV9YbLwjIv6iA2jbofiG5R6%2F7%2B0m8wKB5f8XxtUcK6qIIf3hlw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d28a3356af-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/86.1605512c42332a2f.js | 104.21.10.179 | 200 OK | 6.7 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/86.1605512c42332a2f.js IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (2846), with no line terminators Hash4454dd8d20da57e5b4febc37bbc817c4 444023ea84fd9aaebd6126ddc692ef85dfd2b76b 67e0c13ad56e50a9388106a54d2e16a566b8aeba3e2b69b08c3accef0c522cd8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/86.1605512c42332a2f.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 19:23:59 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"663b93d6-b1e"
last-modified: Wed, 08 May 2024 15:01:42 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6498
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YsLvYHipMExEuLELn6NEXrUl8GOur0b6HdBHt3KbDvniAZ1TOxSIFVYgb8fy%2BmzXBWtmI4MhLeoTaP5V9a%2B6sshbz4OQbCXmUsj1q8PLr3H64tHLmEHP37YzDIoWhnI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d31b4756af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/main-beb6af9e60a8e042.js | 104.21.10.179 | 200 OK | 33 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/main-beb6af9e60a8e042.js IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash49c6f57370e917bd37dc7d4d4d0bdb56 f5b56f5b9498f3500055c5614808903d85303991 0409ec519061477c75738733ce598796a11cd445e95df1cd3e72d0ef58136fd4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/main-beb6af9e60a8e042.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 19:23:59 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=108887
etag: W/"663b93d6-1a957"
last-modified: Wed, 08 May 2024 15:01:42 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4835
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HLhX%2FTGCd6nYsEUS0PsnVoOG2UEeWhQu%2FpoXnruu7D%2BKfiwDm6vxC9S3blS9KfK0d8zdc3UwbhgAp7i9Ks9eG%2BiLRF%2FNuYAioBZfp9JDuvQqRSjBJiRPZz64Lqno59A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d1b90156af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 0 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://ledronin.com/
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 19:24:00 GMT
content-length: 0
access-control-allow-origin: https://ledronin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| ledronin.com/_next/static/chunks/2734.6269ca0cf725ea17.js | 104.21.10.179 | 200 OK | 4.5 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/2734.6269ca0cf725ea17.js IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (4147), with no line terminators Hash48072be51722d2894982d56f13a52372 c1fbbdcb8b12079d61205284dec041f93390f47b b0ab49765bb74cdb8c46c171f3adad413e1934203046a3ca23d4872c892894d5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/2734.6269ca0cf725ea17.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 19:23:59 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"663b93d6-1033"
last-modified: Wed, 08 May 2024 15:01:42 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6498
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QFcGZBJGSnqqdb1ooEXEtVlzNbvktLnABJxbi100IU4ERzA6kHc8C7Ey4Ea36c08ZeFs4i33uuVuqd1fnP%2BHysPNS7AUlufxrPdIZul6%2BwGZdirvzUb0CJaQ2j8lOag%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d31b4156af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/8904.3483b96ff749863d.js | 104.21.10.179 | 200 OK | 532 B |
URL GET HTTP/3ledronin.com/_next/static/chunks/8904.3483b96ff749863d.js IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (924), with no line terminators Hashcee832bf81efb1456d5d0148340d4637 a791d742d92ba54e70fe68f8b2d8474f12ea6c2d 7e36e894299f94c6da4448278a029a296d4de03c4b5273f5ce97ad63a9aa7ad0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/8904.3483b96ff749863d.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 19:23:59 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"663b93d6-39c"
last-modified: Wed, 08 May 2024 15:01:42 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6497
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6TQjUGGZZU9KKNcHrLXKlOBxclowCRdmon7lcnZm%2BoVNpxwxtHrD29NP4J4QZtVQStXtdjSYnKBX2%2Fzti22BquJRpDGDO5Qs6dsHYEGk%2BySgcONPRsvSbRJbpkTG6CQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d32b6b56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/4981.98665b45028a0071.js | 104.21.10.179 | 200 OK | 4.6 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/4981.98665b45028a0071.js IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (21726), with no line terminators Hash963a96f3908cb0596a226aeffe14dc34 de18095da054cddf22de10621d3d3c343be3cb3d 7520dd595fc911b1a1633b08bf17bd808f548bf71d727190b8292ac2f24be570
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/4981.98665b45028a0071.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 19:23:59 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"663b93d6-54de"
last-modified: Wed, 08 May 2024 15:01:42 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4835
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PP%2F2vt0rf5ysDLLzOUgaU1oztl%2FqauIHPUt9qIZbaAcOietxdyy6r3gZska%2FCnR8eG88PNewZlLXB%2Bfplth3tllbqQHdod79hRBwNo5UPAsOMJ5SuVPOMjFknl50tag%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d1b8ee56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/pages/_app-86b8656d77bdf985.js | 104.21.10.179 | 200 OK | 13 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/pages/_app-86b8656d77bdf985.js IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (42030), with no line terminators Hash9ced022534116c6aac35ccd0395dd456 71b5b37be93f8f8d6a4337d176e8c986b31b3d64 ed34b5751c10720a7314bd1eb3afc8ba171548d59f9f0377830baa0a7552a03d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/pages/_app-86b8656d77bdf985.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 19:23:59 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"663b93d6-a42e"
last-modified: Wed, 08 May 2024 15:01:42 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4835
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u6uvduo9tg18fQrQQp8697rHGmF%2FYU8aKyFNsNBATE8wO2%2F9w32YmX2tjyoxf%2Fwg9WvwWovle%2BIquchSPG0OZSHVCgqVrNRx7xdFRTrI2oh4p23uVf887go0%2FCPmyX8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d1b90356af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/6223.f75ac61ae8ab7ac1.js | 104.21.10.179 | 200 OK | 11 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/6223.f75ac61ae8ab7ac1.js IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (3821), with no line terminators Hash63e42624a0a2e938e43c9f253bdd2af1 6c4bd2c6c56338138db1d18413a1e333c08d6a40 6a5a6b8e03f61bbb48eb6c298071e6d028dda863efd959e45eefb94cef57ac2f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/6223.f75ac61ae8ab7ac1.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 19:23:59 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"663b93d6-eed"
last-modified: Wed, 08 May 2024 15:01:42 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6497
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3c0T33byLMTmcLjyzTrHD5EvkPqlMl9AJ3MiBdeRYm%2B1BIENNvGMIBaEZNq0jx8nDWHVeElnoJJ7x%2FFdnWnyF4gNXkRJ6wYijwLHhdnTg4Z8jRWFkRCeZVEAosyp5o4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d32b7b56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/img/comments/finance-survey-people/person-6.webp | 104.21.10.179 | 200 OK | 2.4 kB |
URL GET HTTP/3ledronin.com/img/comments/finance-survey-people/person-6.webp IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash7be25941ac032fcec25b1bb4ede296d2 cfc4fb3733844326076b6d7632087204c0bea34d 0ff9d28c4ab7516d2790e8df4d325cf602bc8f9eb787a7cd9b6554edd9530e4e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-6.webp HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 19:24:00 GMT
content-type: image/webp
content-length: 2440
last-modified: Wed, 08 May 2024 15:01:42 GMT
vary: Accept-Encoding
etag: "663b93d6-988"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4195
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hXT7JBzZHgMHR8LsKLQhSn13SGdo%2FYV9vTF9ioBZyFIGfxQ2RdXF%2F00Szqxz4XcASo5UHyPevSLuVp%2FFcZ1mmU3TKW5Sj4fbx%2B4Y6cZgS8p5w%2BTDtclCQrVzIBTjbv8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d56f9d56af-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/img/comments/finance-survey-people/person-4.webp | 104.21.10.179 | 200 OK | 1.8 kB |
URL GET HTTP/3ledronin.com/img/comments/finance-survey-people/person-4.webp IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash5dc160f6b521dc8f6c670b140b354fed 22e15cda82b532067b99932ec28f86ea2cc1ecbc 09c6c6de57458ec0c4e7a3d2375e0c7b9c037de9366b63e3685cc0ca94d838b4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-4.webp HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 19:24:00 GMT
content-type: image/webp
content-length: 1798
last-modified: Wed, 08 May 2024 15:01:42 GMT
vary: Accept-Encoding
etag: "663b93d6-706"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4214
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hz4St3yrjsTtrudXB0AFInoToivOGFX4xGmFi%2BhHr8cq%2B5y%2Fp6hLJEcirFpMv6vYhD8FXhi6u%2BQ8qlfi%2FfyhJdO%2B6M4UcStq6t3eI5vuB8o5RlLgIeGGCdbZ06wAGL0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d56f8a56af-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/img/comments/finance-survey-people/person-2.webp | 104.21.10.179 | 200 OK | 2.2 kB |
URL GET HTTP/3ledronin.com/img/comments/finance-survey-people/person-2.webp IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash8f8ffbb278de1342e5cf44cd0c677c23 1b4b4428e409479cc8a8acfce6f537c2aeea7556 ac4284ed6941963c4fa0db306537f42f3a0b1fa18710bc7b9e1e62188961d83a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-2.webp HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 19:24:00 GMT
content-type: image/webp
content-length: 2220
last-modified: Wed, 08 May 2024 15:01:42 GMT
vary: Accept-Encoding
etag: "663b93d6-8ac"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4834
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U6sx4QXIGlQm8gz3nxdrsvqLLTOohktcUKIj6x06pVf8RC1y4jhduSVItKMogY9xJB9LvhCbIw5GkBNH56Qdz2npFwLHxjO5HV6H7WgJlPMN6g%2FkZkwNQi1nwpPdihg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d56fae56af-OSL
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 0 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://ledronin.com/
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 19:24:00 GMT
content-length: 0
access-control-allow-origin: https://ledronin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ledronin.com/
Content-Type: application/json
Content-Length: 407
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 19:24:00 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 627e6d094f5f37eb0a46728189da84a6
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ledronin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| ledronin.com/_next/static/chunks/812.72b1b2774f5e091e.js | 104.21.10.179 | 200 OK | 4.8 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/812.72b1b2774f5e091e.js IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (13123), with no line terminators Hash4746cb9c76676e766e71dc6aecb5136f bb22c941272fd23ba014218396b7f9eed51e84de faa62724f265c4355b761202cf48980bedbbfa4a8c8c044468e0024ddf1d0059
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/812.72b1b2774f5e091e.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 19:23:59 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"663b93d6-3343"
last-modified: Wed, 08 May 2024 15:01:42 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4835
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NYqL77v%2B8IIpiITq6hLomCuR76TLUtvPouRA9EKK%2BBP059GoD17E7SVJXbDeN2TUY%2BJjU4fCC%2BnNDZpP0ZAx35yiGQ2Zs1pQGZUJtf79gFYo8M9Q4AJEunPUIAAzPwI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d1b8eb56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-do | 139.45.197.248 | 200 OK | 179 B |
IP139.45.197.248:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash081142aa1c9267422ee7fd25ac457579 cf8a223610da412aab4cc9aec68f6f304258b3ce 58084d495376ed2e41f026c352cabb187129c58109f2b15caeb1a539deb2cd19
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /sync-do HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ledronin.com/
Content-Type: application/json
Content-Length: 161
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 19:24:00 GMT
content-type: application/json; charset=utf-8
content-length: 179
x-trace-id: 05adab1219e4eab3209232cdfef80cb8
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ledronin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| ledronin.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-5ff423d12141b8b9.js | 104.21.10.179 | 200 OK | 66 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-5ff423d12141b8b9.js IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (911), with no line terminators Hashf9749b57d51cdaf05842e266e0dd5469 155cbb73d53ba10bc29a2f1fb51495a9a343006b 94516b08da544c857d9b2a5bff821b6bc27bc4103cefefc223b411743b54a070
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-5ff423d12141b8b9.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 19:23:59 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"663b93d6-38f"
last-modified: Wed, 08 May 2024 15:01:42 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4835
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sHEiNNI%2BTE73PXVd9xGXOV8%2BVIn6lvvfcI%2BmfGJ21ajdtaEJf1yvg0RQYWAB8GCg6IOWKxPjLREjiRYJU8GPLnftSnAp%2FrOjbQUI8ytdCdtzVz1%2BMELYR2hXLm4WfFw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d1d90e56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/6335.23134a4078413df8.js | 104.21.10.179 | 200 OK | 9.2 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/6335.23134a4078413df8.js IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (41438), with no line terminators Hash6af3330d53b2cbd6bb73dc28c7f8945f 48669b6ee437c7d3cd11428559f2d55a9e3dfcfb 064ee4c4a06bda63a460e165286286c9022b00beb47c8bc30d49b56c9cf994da
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/6335.23134a4078413df8.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 19:23:59 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"663b93d6-a1de"
last-modified: Wed, 08 May 2024 15:01:42 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4835
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D9LRpomFv2qMfZX3gIq1bXA3IP%2FKFX75dQ1lJCdEDzHFE%2FPljv0SjjwEg3AYNepa3iD3QKOrRaei8shbK0yQyOIyphV%2FoBhkmbjsWR4MT0iPMEF4tEwraK4smFSbDDM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d1b8f756af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=55be7e8c-ee97-4e93-90b3-1cc940c54a45 | 139.45.195.253 | 200 OK | 12 B |
URL POST HTTP/1.1datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=55be7e8c-ee97-4e93-90b3-1cc940c54a45 IP139.45.195.253:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerSectigo Limited Subjectdatatechonert.com Fingerprint3F:E1:50:2C:9F:FC:F9:37:03:E3:B6:34:00:06:89:69:01:E7:C3:27 ValiditySun, 10 Dec 2023 00:00:00 GMT - Mon, 23 Dec 2024 23:59:59 GMT
Hashadb4650bfc9d2a73d4dd69583b0ceb14 1ce399d6e936232aaf2192cd7903a279c5015f22 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=55be7e8c-ee97-4e93-90b3-1cc940c54a45 HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1437
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Wed, 08 May 2024 19:24:00 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://ledronin.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
|
|
| ledronin.com/zone?&pub=0&zone_id=6679102&is_mobile=false&domain=ledronin.com&var=5072357&ymid=5548992&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=d335b2b2-2706-4767-b3ce-45d10366dab8&action=prerequest | 104.21.10.179 | 200 OK | 0 B |
URL POST HTTP/3ledronin.com/zone?&pub=0&zone_id=6679102&is_mobile=false&domain=ledronin.com&var=5072357&ymid=5548992&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=d335b2b2-2706-4767-b3ce-45d10366dab8&action=prerequest IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /zone?&pub=0&zone_id=6679102&is_mobile=false&domain=ledronin.com&var=5072357&ymid=5548992&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=d335b2b2-2706-4767-b3ce-45d10366dab8&action=prerequest HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Cookie: OAID=q9mc5em1ccjl4rnrebrapkvqgk82r094; syncedCookie=true; oaidts=1715196240
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 19:24:00 GMT
content-length: 0
x-trace-id: 297384828a654fac8ae23ce7e536c589
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ledronin.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=suSnyQj9qQWbplFjgGVf0HZxIFGEn82T7wb4ttcL95%2FGwsFf89A3%2FZ3nPY6h1LxsaYs6UZqnsPSbLNWm2B2IrngsQSXcBr6zd5dcmZhfBWy6G%2BEpOdJ6g%2FyHK982mh8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d7dc5256af-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/favicon.ico | 104.21.10.179 | 204 No Content | 0 B |
IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Wed, 08 May 2024 19:24:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4214
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BTQuNY8EBSpj84hBbabViOyZZQbY0nLMzVZlLFRzuuQrDuK6Z%2FFa7TOUs0alzJgNZg7qZjSQ%2FeVdZ3iVp6EcOrYbBypyQ16S0FP9BgskvmOhGZSiONzhuBhX%2B38GND0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bd3d98fc356af-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC | 104.21.10.179 | 200 OK | 8.0 kB |
URL User Request GET HTTP/2ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC IP104.21.10.179:443
CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (23799) Hash290906670e44128206886790f2ec2906 f75a356e6f074241cfd1b843e2d39bb606d6b63e 1e6778cbef0618c10a864819d41f8636529298d69f5b4551f96378a57da07ab5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 19:23:59 GMT
content-type: text/html
last-modified: Wed, 08 May 2024 15:01:44 GMT
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l%2BEtqbJNefCqhCE9ShwCWQh16TpW9IBlMu5gOsGMTHo5SKq9t1akU3MuJSU6JlTph0kdxXnKjiv7xiRsCE4FC2YsEXbk3xn7wy9WLPV6bCgQ7OftX0VCq6TYuZmHEsk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3ceb89a0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 94 B |
IP139.45.197.250:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hash584d6610e3d40f7afe5bcc4863dfa4b8 9f8cbfb41c832cb3a4802808d561e43b3329cffc 4af64c491267c4b6675e3b5c4c6dd287c5a025310b6177bd243bc048aabb635e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ledronin.com/
Content-Type: application/json
Content-Length: 1806
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 19:24:01 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ledronin.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml | 35.244.181.201 | | 444 B |
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP35.244.181.201:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typeXML 1.0 document, ASCII text, with very long lines (332) Hash3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463
GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=44JqE8Q2W241G0Yli8117OStOrw-slbEN28DzQuBeSYcUWoz3DLtQZItjoMAW659fj0xPGRAa_qkiIxAMZofVNMFwB5Xbjg38T9YUqwadP2i8kNuf7mpyq0dvxYtTe9c
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Wed, 08 May 2024 19:23:23 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 54
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ledronin.com/_next/static/chunks/webpack-05581b877cc00a6a.js | 104.21.10.179 | 200 OK | 6.3 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/webpack-05581b877cc00a6a.js IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (6510), with no line terminators Hash5a1bebb2c36a522c4caaf03c9a5841ef 614d24d0201e1829b94fe11e2e955e8b851a8ba2 a109437d847c0630da2947b50d730e01e90cac02262f4c77fe1fa2c66e7c8526
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/webpack-05581b877cc00a6a.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 19:23:59 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"663b93d6-1878"
last-modified: Wed, 08 May 2024 15:01:42 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4835
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LkLIBDHMSe%2BIMlmcJcDq%2FKHdZzUZtQX9b3Baa464l0p9OfOtg3rBvLBAmMl3SwTgx%2FE1BaOGWETEBNM8H92UsSn4OO%2B24PuXLOK9ZTK0E1WMIweAQ6TuLrP5FnTB0%2Fw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d1b8fe56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/css/0bc0cde260d08b97.css | 104.21.10.179 | 200 OK | 1.8 kB |
URL GET HTTP/3ledronin.com/_next/static/css/0bc0cde260d08b97.css IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeASCII text, with very long lines (1841), with no line terminators Hashff1d3d5d24ca0172d59b02e7505ddaa1 41e83ee08e21f369886b0fdad0ba01d8b20897b6 939b17f98d9d3585510edafa70c73c6619ea20d9b401b4396041272bed67ecf6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/css/0bc0cde260d08b97.css HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 19:23:59 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1843
etag: W/"663b93d6-733"
last-modified: Wed, 08 May 2024 15:01:42 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4835
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5i38GvdNCBLaoNgmxZm7OP9F8DOpnBCuLlKBZFczxJgCdZoWX5v5nUJvn9jkGwqLvnSpmAFW5GAXVWxZtcaocw5q9xH8klqARFpkAN6uTLEHVCtV1lvKm%2FpCawLD8Ng%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d1b8e856af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/img/comments/finance-survey-people/person-5.webp | 104.21.10.179 | 200 OK | 2.4 kB |
URL GET HTTP/3ledronin.com/img/comments/finance-survey-people/person-5.webp IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash188dfcdf19da1d86ed162d54ed03536d 98b1baefbb803548b2894547091b4c7773406524 4f8251665e3cc796f127ea6cbdc00a9ec450adff16acb4ec74463c446b6f4ba6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-5.webp HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 19:24:00 GMT
content-type: image/webp
content-length: 2384
last-modified: Wed, 08 May 2024 15:01:42 GMT
vary: Accept-Encoding
etag: "663b93d6-950"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4214
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FxZGF6OL%2F%2BV1Wvt9OfgQL8N0tZSas5V6Xb6G%2Bv8H5IW2wjaPlwsDNVE1CXQhWtlp5g8QfNieppRrwR%2B%2BMJhHyZbkugVo5Kdorc97lQJ5iimaY6cEPPmPIH8B44Q5xcQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d56f9056af-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/finance-survey/icon-survey.svg | 104.21.10.179 | 200 OK | 2.7 kB |
URL GET HTTP/3ledronin.com/finance-survey/icon-survey.svg IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeSVG Scalable Vector Graphics image Hasha000ba4d0e7570d810feafb22bc50bef af8fce44a683d3dfebe69cbe856e747739c9a666 9ae848c180201d8ae5c59ce118b0b7ef395a01295fb04d57e81cfe0566100679
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /finance-survey/icon-survey.svg HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 19:24:00 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 15:01:42 GMT
vary: Accept-Encoding
etag: W/"663b93d6-a72"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4834
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VUhIdwRYoVD%2BhFSL%2FUO%2BQYKtHj0mrM427PbNgNcbmXJ6bjuxntD5Yqo3zhVa1pXhwndBcm75LDuhnIzy1b0RIyHQtLGFBhD11EuACBBgeu9kgSRsnW5kZr7inVHOxek%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d56fa256af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/1754.983ed55293c299ce.js | 104.21.10.179 | 200 OK | 13 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/1754.983ed55293c299ce.js IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (12711), with no line terminators Hashaaadd1fe7166e1641b80d4a871e91a77 44dd71230caa2b99dbe1a804fb3e444fa2dd8255 918408a27b1ee2472daf8940c82be10db3c347bf9111c15eb4b23bd34600153a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/1754.983ed55293c299ce.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 19:24:00 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"663b93d6-31a7"
last-modified: Wed, 08 May 2024 15:01:42 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6497
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=surkN2SJJP9RXeYemUK12qdvSi6oJWFN%2FkNAH0HyMRfUfo3iU57ilHm0g7Q%2BJXK4qSdh9TQ8VtHrH%2F88ck%2FwMPKbMGel%2B9UFuZMN4SqKCP0JHYKbxGL%2BVJBgnyZMTls%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d56fb256af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/custom | 104.21.10.179 | 200 OK | 39 B |
IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hashc16023891530fbce40f0a1244c3af01c e15d9dff768d82673e5e797a8395d1fa7d9049b7 c7d0061f2d2b9eb7b65b547c4bdf03f5f332cf34021bc972f64b6ad58d3a121a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /custom HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 404
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Cookie: OAID=q9mc5em1ccjl4rnrebrapkvqgk82r094; syncedCookie=true; oaidts=1715196240
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/3 200 OK
date: Wed, 08 May 2024 19:24:00 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-trace-id: 34e25af129417472764fa113a08e2bc0
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ledronin.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I2Sy7CcickW9w0J%2FBPwC2AX%2BYmSWvT%2FbjbG26D2Fauy43omyypdc9pFDcsSRurwxNFBMUiUFp5TcDO2q5iUawvXV9MEUMBE%2BDFQk49GqiIj9d2xzOFd%2BLgXgFdMxbAQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d7ec6056af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/3183.87e68b3f84319ef5.js | 104.21.10.179 | 200 OK | 20 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/3183.87e68b3f84319ef5.js IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (19690), with no line terminators Hashd9840411ae61fd6b9e6cd8784762d3a6 b778a026f81eab0fb136426d8ef139455b75467c 29a4d99c0031c5605e9e8abb84e678041d68fc461a20a17907a5901f6b246b83
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/3183.87e68b3f84319ef5.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 19:23:59 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"663b93d6-4cea"
last-modified: Wed, 08 May 2024 15:01:42 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4835
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d%2BmdF7qagoHzYxx1Ej3lh3nlq0RZ%2F1MXQg3j7kg8LjD0ZNKQzUM0%2FHBXPmlxMmBETL7veaMuO5Tdvkp%2F6ecPB0RQShkDzyRgxzrlRjW%2BPzbmdeoJlxk%2B4C%2F5WMCXa2w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d1b8f256af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/2090-519478c186a3d867.js | 104.21.10.179 | 200 OK | 11 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/2090-519478c186a3d867.js IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (10752), with no line terminators Hash37545926cc9a6e537b9f3e95d7a16c1e c3cbfe1f9737817eda25770274e97feaf6b8cc68 d3ccc772608b2a03a543da22715903e2b6e2c14c42c2f475a0f483ac3cd64b37
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/2090-519478c186a3d867.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 19:23:59 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"663b93d6-2a00"
last-modified: Wed, 08 May 2024 15:01:42 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4835
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=prftk5UvbmdUwnX602tGvW1ikGVccrHmJoM0DbkJBghOgXi8l9ENLmBEIXxN6nGEATV8Z8kpXztxpT%2FCGzQVo%2BhkbjyIPq%2BFPVlQ85Wy4A8rw8hveNoEJVys72vKcyU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d1b90856af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/KF_2PsOaUjAWUN4z9o3jF/_buildManifest.js | 104.21.10.179 | 200 OK | 1.6 kB |
URL GET HTTP/3ledronin.com/_next/static/KF_2PsOaUjAWUN4z9o3jF/_buildManifest.js IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeASCII text, with very long lines (1696), with no line terminators Hashf2be6cff3afaefa780b3704bb1fcb908 b2e148f8f54399924722f46f93e4d3fa5a3bc071 63d67546301401b8cbb879d40d55257bf00fe11cff8010144135101392897e4f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/KF_2PsOaUjAWUN4z9o3jF/_buildManifest.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 19:23:59 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"663b93d6-644"
last-modified: Wed, 08 May 2024 15:01:42 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4835
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vqolYONDt3bdLlaEDAWugPAVTahd4dP1tjsdt%2FqIwBsMHcEAXejCINM95UTx8SLPI5bHNkLn75KTK%2FlKEHsFo9SzYQH9IHRu2N7EenB0eRd%2Fz6GWLXvBMygeK3RSFUo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d1d90f56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/img/comments/finance-survey-people/person-3.webp | 104.21.10.179 | 200 OK | 1.5 kB |
URL GET HTTP/3ledronin.com/img/comments/finance-survey-people/person-3.webp IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hasha747d227c2e10b5178fd942484301d7a b3c5cf90dd5fd2c26c7b17dcb2d35b6dd47065be 9f4fb1281b7141b9dd48925953f7b039b6c411ea0e6e5b158d3e000d75316e9f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-3.webp HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 19:24:00 GMT
content-type: image/webp
content-length: 1454
last-modified: Wed, 08 May 2024 15:01:42 GMT
vary: Accept-Encoding
etag: "663b93d6-5ae"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4834
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yGYTyCR5l77mx53AVwWVYv7EverxNhMEjHEwlm9VF3wI2N0Q8yml7%2F4kmYFAyvm%2FIPnU18n1ysy6DDgzmBzrmoPNswrU4R9mo%2B0oMz9T8xFiJ%2B%2FxpTD9cOro4W5%2B4TY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d56f9556af-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/track?dry=false&request_var=5548992&oaid=q9mc5em1ccjl4rnrebrapkvqgk82r094&os_version=&var=5072357&var_3=&var_4=&variable2=HRUa5MFsqB5LDasZGfVjyC&ymid=5548992&z=5072357&offer_id=2025 | 104.21.10.179 | 200 OK | 182 B |
URL GET HTTP/3ledronin.com/track?dry=false&request_var=5548992&oaid=q9mc5em1ccjl4rnrebrapkvqgk82r094&os_version=&var=5072357&var_3=&var_4=&variable2=HRUa5MFsqB5LDasZGfVjyC&ymid=5548992&z=5072357&offer_id=2025 IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hashe6246b04b7d99b675f7086e756e1f242 9f3b5f5cb9b34830dc20448a0acc83bcce5d2727 5ecadcf1c19edd16643f48e47f530b024c97a5653f98a47e14c61d5270dd7881
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /track?dry=false&request_var=5548992&oaid=q9mc5em1ccjl4rnrebrapkvqgk82r094&os_version=&var=5072357&var_3=&var_4=&variable2=HRUa5MFsqB5LDasZGfVjyC&ymid=5548992&z=5072357&offer_id=2025 HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
DNT: 1
Connection: keep-alive
Cookie: OAID=q9mc5em1ccjl4rnrebrapkvqgk82r094; syncedCookie=true; oaidts=1715196240
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 19:24:00 GMT
content-type: application/json
vary: Accept-Encoding
x-trace-id: 68ac91e14a884a99bba9d7a8b71c07d0
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ledronin.com/
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AzsX5iejWODLMht7%2FyXK4SgZzRUfqoI8SC2NO8yDP5xbhG%2F0N8m3YpbiQBDwyW64IdI2CAKcPHEO18Jowz7A9dmKHqqHp7R0xrohx02JsGworaANRTumvUTY7%2BX5vPc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d689ba56af-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/custom | 104.21.10.179 | 200 OK | 39 B |
IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hashc16023891530fbce40f0a1244c3af01c e15d9dff768d82673e5e797a8395d1fa7d9049b7 c7d0061f2d2b9eb7b65b547c4bdf03f5f332cf34021bc972f64b6ad58d3a121a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /custom HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 402
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Cookie: OAID=q9mc5em1ccjl4rnrebrapkvqgk82r094; syncedCookie=true; oaidts=1715196240
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/3 200 OK
date: Wed, 08 May 2024 19:24:00 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-trace-id: 242cf22d4d950da3cd107d490ff3fb41
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ledronin.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sECYYVdBieKn%2BhFabOVplO1HQButhulmECs8lIL8Y5Y1ViMpfHg4FIi%2F4fGqb5TJsxVCYkQ1t25RP0vgAV4PuSTja%2FWPZEFmfXFIn9W7PsP7nUiKgVk7vrP0uuHhB3A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d78bba56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=5072357&ymid=5548992&b=&campaignid=&click_id=&ab2r=&rhd=1&var_3=&oaid=q9mc5em1ccjl4rnrebrapkvqgk82r094&os_version=&btz=UTC&bto=0&z=6679102&cdn=1&domain=ledronin.com&ab2=&ab2_ttl=5184000 | 104.21.10.179 | 200 OK | 37 kB |
URL GET HTTP/3ledronin.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=5072357&ymid=5548992&b=&campaignid=&click_id=&ab2r=&rhd=1&var_3=&oaid=q9mc5em1ccjl4rnrebrapkvqgk82r094&os_version=&btz=UTC&bto=0&z=6679102&cdn=1&domain=ledronin.com&ab2=&ab2_ttl=5184000 IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (37142), with no line terminators Hash32d6dbd00a639e2cd10d1704b9159bd5 0dab4c95675393f1d0e13d20f13d80ee12e41d95 9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=5072357&ymid=5548992&b=&campaignid=&click_id=&ab2r=&rhd=1&var_3=&oaid=q9mc5em1ccjl4rnrebrapkvqgk82r094&os_version=&btz=UTC&bto=0&z=6679102&cdn=1&domain=ledronin.com&ab2=&ab2_ttl=5184000 HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Cookie: OAID=q9mc5em1ccjl4rnrebrapkvqgk82r094; syncedCookie=true; oaidts=1715196240
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 19:24:00 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:49:22 GMT
vary: Accept-Encoding
etag: W/"662a3532-9116"
access-control-allow-credentials: true
cache-control: max-age=1800
pragma: no-cache
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F91INX%2BtvSndt2sdiA93HXvHGKw0itr%2FHAgTgWwquJCmdub95vf3F5Ytszhvt%2Bb9Krp6ebvjp7Ov0jxPCA5k56ExCNcx6Qxutv%2F2ocPG%2BqUXExW7pab91nfgmMS%2B%2FbE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d689cf56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/5927.37a5338b8ac59a08.js | 104.21.10.179 | 200 OK | 19 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/5927.37a5338b8ac59a08.js IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (18708), with no line terminators Hasha385421104bc74c949dc4c6191ef7df9 30827209462e4ce7b901e71b238109574cc117ba 441f4699276f051e940137c231a4d48a7d4a0958ceeae78958482cd8a89663be
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/5927.37a5338b8ac59a08.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 19:23:59 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"663b93d6-4914"
last-modified: Wed, 08 May 2024 15:01:42 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6496
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q5ic4wq%2BA4%2Bydx4p87%2Fmz0%2Bkbn9o8q76mWb%2FjzMRmGWAzunJWTVOkpI1cm2ejUpKamUu8hi9iWULKoNma7eq5F29FcqWtV%2BCiFvLO3LPV0NwiNlbdtEF69LOuD%2BCS3c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d33ba356af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/custom | 104.21.10.179 | 200 OK | 39 B |
IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hashc16023891530fbce40f0a1244c3af01c e15d9dff768d82673e5e797a8395d1fa7d9049b7 c7d0061f2d2b9eb7b65b547c4bdf03f5f332cf34021bc972f64b6ad58d3a121a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /custom HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 405
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Cookie: OAID=q9mc5em1ccjl4rnrebrapkvqgk82r094; syncedCookie=true; oaidts=1715196240
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/3 200 OK
date: Wed, 08 May 2024 19:24:00 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-trace-id: ba11d79ef39716d06a74f9f983bdf22d
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ledronin.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HPzB0D%2FqWfdrObUG%2FZyzxk4zWQJkSStRqgrn9F2%2B7iFwy8Q%2Fy1jgmNYzdyT2b31iA6jrwSsNWcoz%2BI%2FBi3tvUNfW54jUcanxXIBQXRWppoE4qB1Cij9plQCivxrEwGk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d7cc3556af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/framework-8940d626f3bfb7e9.js | 104.21.10.179 | 200 OK | 26 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/framework-8940d626f3bfb7e9.js IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (25995), with no line terminators Hash33a34c525e2bee14a166fe1289835308 4afb650772181930d19dca9a41490beea5087932 bebac61ce044debeb2025b1fbf1c95f1b9a4bc97d0702676dea22b0bb689b555
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/framework-8940d626f3bfb7e9.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 19:23:59 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"663b93d6-658b"
last-modified: Wed, 08 May 2024 15:01:42 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4835
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W97nnK56JiqDnrrf0ZvJjVF%2F%2FPkhEo8PZfVNNk4FhMFuRVrY5vi2gEXiK0%2F0%2B0TCSjvwpInc7vzpdfuCrGDV9pJUGhZnaW5eLX1puZHP1XXLRfzhY3k%2F3%2FpZT1Mxba8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d1b90056af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/810.a0608c12f2123e1d.js | 104.21.10.179 | 200 OK | 3.0 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/810.a0608c12f2123e1d.js IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (3074), with no line terminators Hash6cc4490ccff791f29be9ad2e2c0e83b3 ede3303c45d0de176f97822066b186d4e0ca603a 6e703777488800dbe82363bf1e4afae683f2743079eeca4b3119c21eb2f542eb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/810.a0608c12f2123e1d.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 19:23:59 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"663b93d6-bb4"
last-modified: Wed, 08 May 2024 15:01:42 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6497
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iL%2FNEgM4zzUtM%2F1ZsFVsvABeRJ4u%2BkPm5MLT4pIh8AXIIy2XtlP0I8sDH2opLNaVaqSI3e50qsSXt2Bqk06x2vyhDRld%2BDBuxlZabu%2Frnq%2FNPbZf5QXqU8rsNP0r1wo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d31b4f56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/KF_2PsOaUjAWUN4z9o3jF/_ssgManifest.js | 104.21.10.179 | 200 OK | 182 B |
URL GET HTTP/3ledronin.com/_next/static/KF_2PsOaUjAWUN4z9o3jF/_ssgManifest.js IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeASCII text, with no line terminators Hashca6aa05f78eb6859347a61db067f16dc 444e70f53eb809f0920de921925d854baccdd251 11ca6f5cc9bc3b5e4021fe0fdad57091b6e8b54a5018672cf9d8b6a7e4f0e229
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/KF_2PsOaUjAWUN4z9o3jF/_ssgManifest.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 19:23:59 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"663b93d6-b6"
last-modified: Wed, 08 May 2024 15:01:42 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4835
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a2C0F4x1TGjws9XGFpGdSnbJ4s0G3XTbTZxW2kb7QcJS4zYJGsJtt4Eg%2BYRbgrZzQDiQdcGxWYDP1VoykAZlvxxqcEB0fZAhInw09%2FM%2FYsY2z%2BfnME6%2FPRO2mCB31oM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d1d91356af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| my.rtmark.net/gid.js?userId=q9mc5em1ccjl4rnrebrapkvqgk82r094 | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=q9mc5em1ccjl4rnrebrapkvqgk82r094 IP139.45.195.8:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hashdd501ffe0e6ddb56364ded55292aed64 b8c13d3699d1015075604a0793bae199681bdb23 7b67a42b028a598b63ef65f30f90c6777a9d4699406d56b234b3c7a5f164195e
GET /gid.js?userId=q9mc5em1ccjl4rnrebrapkvqgk82r094 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ledronin.com/
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 19:24:00 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://ledronin.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=q9mc5em1ccjl4rnrebrapkvqgk82r094; expires=Thu, 08 May 2025 19:24:00 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| ledronin.com/sw/universal.js?var=5072357&ymid=5548992&ab2_ttl=5184000&zoneId=6679102 | 104.21.10.179 | 200 OK | 1.5 kB |
URL GET HTTP/3ledronin.com/sw/universal.js?var=5072357&ymid=5548992&ab2_ttl=5184000&zoneId=6679102 IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeASCII text, with very long lines (1540), with no line terminators Hash5edd43e1c6126829925eb36cdbaf7af3 e1baae48011f9077aa37e6ab31d4604d41aec303 38945b2621b28329b93e77cc757db7e8def95dd4f4ba1c13862018da2df83411
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sw/universal.js?var=5072357&ymid=5548992&ab2_ttl=5184000&zoneId=6679102 HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Cookie: OAID=q9mc5em1ccjl4rnrebrapkvqgk82r094; syncedCookie=true; oaidts=1715196240
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 19:24:00 GMT
content-type: application/javascript
last-modified: Wed, 08 May 2024 15:01:42 GMT
vary: Accept-Encoding
etag: W/"663b93d6-5b2"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1Mihp6HKWE62eowT%2Bl7Wubxisf5Z7h5SeIIfVtisgkYL4UTqytxO05rFb%2BXS3GDmR75%2FInsr0o8vW43YpG%2B%2FCk04KL%2Fw1J1N1u2EbR0nRbApoHza52y7fOQx%2BTN2csI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d78bbf56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/rotate?zz=4292526%3B7000963%3B4326652%3B4949467%3B5381241%3B5381316%3B5381307%3B5381339&var=5072357&ymid=5548992&ab2r=&var_3=&var_4=&os_version=&uid=q9mc5em1ccjl4rnrebrapkvqgk82r094 | 104.21.10.179 | 200 OK | 5.2 kB |
URL GET HTTP/3ledronin.com/rotate?zz=4292526%3B7000963%3B4326652%3B4949467%3B5381241%3B5381316%3B5381307%3B5381339&var=5072357&ymid=5548992&ab2r=&var_3=&var_4=&os_version=&uid=q9mc5em1ccjl4rnrebrapkvqgk82r094 IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (5287), with no line terminators Hash306566605503ff3261159f38a564c02d fe78a0eef3e56ef56a26643ccbdff6864f4c5052 012486deaef60fe0650b473d996cb681f57506ae9e7d81f5b0014c5f39cb7d25
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /rotate?zz=4292526%3B7000963%3B4326652%3B4949467%3B5381241%3B5381316%3B5381307%3B5381339&var=5072357&ymid=5548992&ab2r=&var_3=&var_4=&os_version=&uid=q9mc5em1ccjl4rnrebrapkvqgk82r094 HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
DNT: 1
Connection: keep-alive
Cookie: OAID=q9mc5em1ccjl4rnrebrapkvqgk82r094; syncedCookie=true; oaidts=1715196240
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 19:24:01 GMT
content-type: application/javascript
vary: Accept-Encoding, Origin
x-trace-id: d63e4d7564cc380fb0b2e0e8e250ee79
pragma: no-cache
timing-allow-origin: *
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://ledronin.com/
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
set-cookie: OAID=q9mc5em1ccjl4rnrebrapkvqgk82r094; expires=Thu, 08 May 2025 19:24:01 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LZ1iyUEXSEx%2F0LY7J5%2BVN7%2Fxcgz7usynLvXuagAIRWo6V2M8U1KgsTHjeGVCRaQfBBjJXRtodE9Hsv11ehhaSeZTtjIhxpuRnM%2BwJng4M1g9jUezLomvo17w%2BURL8tY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d689c756af-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/3091.8141ef861c4fae96.js | 104.21.10.179 | 200 OK | 2.4 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/3091.8141ef861c4fae96.js IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (2431), with no line terminators Hashaff0a51ad60c666bf1f7f27ddff14217 9677799390dc5667eeda431957d59b25d6a40946 f495db20d41fe12519423d9776481cd5c3f1dabc346ea304b8a7201b032d4e87
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/3091.8141ef861c4fae96.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 19:23:59 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"663b93d6-951"
last-modified: Wed, 08 May 2024 15:01:42 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6496
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CbZxfAimCvCG1M3IAB%2BDpgL%2BPiXadoIDz8qDvNCE%2FkEqtWvnNmnRD1ooWg45xQMR4WSKUNAaVKOR1tV5q3VYTn4v86l6eMuXuMl3MmRfsBj1tr1hgg94wp6XiqIcAX4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d32b7f56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| cdntechone.com/stattag.js | 188.114.96.1 | 200 OK | 19 kB |
URL GET HTTP/2cdntechone.com/stattag.js IP188.114.96.1:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectcdntechone.com Fingerprint3D:20:D4:11:5D:06:B3:63:9C:08:BF:D9:D9:16:22:D5:DC:3B:9A:CB ValidityMon, 22 Apr 2024 03:33:58 GMT - Sun, 21 Jul 2024 03:33:57 GMT
File typeJavaScript source, ASCII text, with very long lines (18452) Hashbec2755dff94190fec0365b0db53807b f98c36e7e9e06325d03fe39c3b98879062fc2704 ccb15ff22ece6946136f1501ab3ae74155399187c8e85beb10399d56bb8e149a
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 19:24:00 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:04 GMT
etag: W/"65c37cb8-4a9e"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2954
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0yeQVzXkpVrbKYAiJBNBBMldqQF2VJib1x8q45x0HVcc8lbtqnbhWiMk6daD%2FtGscSgUNjuv6SK0pbXaWeUJZhqSgkz2uPwap3xszF25JL0IxCCIprb8cdxPIuSDXfQM0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bd3d41d23568e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ledronin.com/img/comments/finance-survey-people/person-1.webp | 104.21.10.179 | 200 OK | 1.4 kB |
URL GET HTTP/3ledronin.com/img/comments/finance-survey-people/person-1.webp IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hashc5da2ea294623650bae71fc84401cf60 f1f62ea011cf81953cefe28254c134e992453b91 09a846c5b1af2c6100ff3193789be1e0e21ba9fc45c268f76f2007c78f1e4ac1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-1.webp HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 19:24:00 GMT
content-type: image/webp
content-length: 1402
last-modified: Wed, 08 May 2024 15:01:42 GMT
vary: Accept-Encoding
etag: "663b93d6-57a"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4834
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g2dpZGnCIgolQhK0NU2zE2UV9rKQRh9OGPMIX3j8LCZlF27QnNRg0LIizMlNFKMCaQIfVVG7bBqZvt%2Fo7VztWD%2Fta65SZm%2BIdppbmdCrPEBHhybcHGdSEni96cSIAuY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d56faa56af-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/7903-dd238946c7924507.js | 104.21.10.179 | 200 OK | 32 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/7903-dd238946c7924507.js IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (31896), with no line terminators Hashb5dd343db67bd22544d11da18268f5c3 069b5b221dd75af58d93192460778b3d07835e74 6347f1d4083f7a0a2ac3d8b12aae8832d9ea6914aa6e137d16a4d41869d14ea5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/7903-dd238946c7924507.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 19:23:59 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"663b93d6-7c98"
last-modified: Wed, 08 May 2024 15:01:42 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4835
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p5Kl0%2FnDIFO75gDy7f4PG3OPgPQUZ1x0C8O9xnfxPtKyqmLsU7qcecx3YI4e%2Bi9W1ASH%2F1x9fYcdFp3WPPnlvnP68SRmWBjzEWICpGlZBMMqEeLwQ%2FHbqnQ4tf2a7t0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d1b90656af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/802-fc6c2b0de6438662.js | 104.21.10.179 | 200 OK | 70 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/802-fc6c2b0de6438662.js IP104.21.10.179:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashbf935c8564cf6e7a803e5adc588f2f95 ef051af348959420802d02a5b75db92c3fb890fb f1c9ed5f31148c7451bcd03b563e3716e37bcd9a0f20d2aea45fb7d1337926d3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/802-fc6c2b0de6438662.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=5548992&ymid=HRUa5MFsqB5LDasZGfVjyC&ymid=HRUa5MFsqB5LDasZGfVjyC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 19:23:59 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"663b93d6-10fb2"
last-modified: Wed, 08 May 2024 15:01:42 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4835
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sukMRyPLE4mSvAY4MfYSQGlwkOeQ35PaKc0dVP0%2F8uS11QnW8yrISX2rv3%2F4mbtf67NbjcI0lpunf2RpM50g6aHV%2FioyLcAAK4XwpOpmlKMgqF2f1eJJQmJq2RGdYhg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bd3d1d90d56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|