| www.qqq1.site/go/592175d3-b144-40ec-81f1-fdc4bde38ff0?visitor_id=810991723105755136&zoneid=6962930&campaignid=8151830&country=NG&connection.type=xdsl&carrier=airtel-ng&device=other&browser=chrome®ion=7&isp=airtelnetworkslimited&useragent=Mozilla/5.0(Linux;Android10;K)AppleWebKit/537.36(KHTML,likeGecko)Chrome/123.0.0.0MobileSafari/537.36&cost=0.009600&os=android&browserversion=123&osversion=unspecified_android | 3.70.16.242 | 302 Found | 340 B |
URL User Request GET HTTP/2www.qqq1.site/go/592175d3-b144-40ec-81f1-fdc4bde38ff0?visitor_id=810991723105755136&zoneid=6962930&campaignid=8151830&country=NG&connection.type=xdsl&carrier=airtel-ng&device=other&browser=chrome®ion=7&isp=airtelnetworkslimited&useragent=Mozilla/5.0(Linux;Android10;K)AppleWebKit/537.36(KHTML,likeGecko)Chrome/123.0.0.0MobileSafari/537.36&cost=0.009600&os=android&browserversion=123&osversion=unspecified_android IP3.70.16.242:443
CertificateIssuerLet's Encrypt Subjectwww.qqq1.site FingerprintBD:D7:CE:79:17:95:1C:E8:67:82:10:91:E7:C7:4F:2E:80:BB:00:5E ValiditySat, 24 Feb 2024 03:55:52 GMT - Fri, 24 May 2024 03:55:51 GMT
File typeHTML document, ASCII text, with very long lines (340), with no line terminators Hash7a81dbaf298565e4edd577f533abbd80 f36f3f00243ca72005545fb1a9144083ba14b717 be94444eddd75fd94102c28cfd895149d6b64541f8109cfad2726623e39dfa88
GET /go/592175d3-b144-40ec-81f1-fdc4bde38ff0?visitor_id=810991723105755136&zoneid=6962930&campaignid=8151830&country=NG&connection.type=xdsl&carrier=airtel-ng&device=other&browser=chrome®ion=7&isp=airtelnetworkslimited&useragent=Mozilla/5.0(Linux;Android10;K)AppleWebKit/537.36(KHTML,likeGecko)Chrome/123.0.0.0MobileSafari/537.36&cost=0.009600&os=android&browserversion=123&osversion=unspecified_android HTTP/1.1
Host: www.qqq1.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: openresty
date: Sun, 05 May 2024 14:28:13 GMT
content-type: text/html; charset=utf-8
content-length: 340
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Full-Version,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
access-control-allow-origin: *
location: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
set-cookie: bemob-viewer-id=cc44be3c-3dea-450a-a929-7d6b09bed8eb; Domain=www.qqq1.site; Path=/; Expires=Mon, 05 May 2025 14:28:13 GMT; HttpOnly; Secure; SameSite=None
bemob-uniq-visit:592175d3-b144-40ec-81f1-fdc4bde38ff0=1; Domain=www.qqq1.site; Path=/; Expires=Mon, 06 May 2024 14:28:13 GMT; HttpOnly; Secure; SameSite=None
bemob-rotation:592175d3-b144-40ec-81f1-fdc4bde38ff0:random:47f1f08ad5a937fa7e69a24113d868b4=0-0-0; Domain=www.qqq1.site; Path=/; Expires=Mon, 06 May 2024 14:28:13 GMT; HttpOnly; Secure; SameSite=None
bemob-click-id=PGEdoQfqbTWo1y1PBeuW2g; Domain=www.qqq1.site; Path=/; Expires=Tue, 04 Jun 2024 14:28:13 GMT; HttpOnly; Secure; SameSite=None
vary: Accept
x-response-time: 10.182ms
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
X-Firefox-Spdy: h2
|
|
| ledronin.com/img/rain/dollars-1.webp | 172.67.131.174 | 200 OK | 10 kB |
URL GET HTTP/3ledronin.com/img/rain/dollars-1.webp IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeRIFF (little-endian) data, Web/P image Hasha5bef813a0113d018592091106451c8b 59365e96c4abca5eb98a0c56db0af0bb5cbffebb 036beb7de9c9d450e1442d593ff70ad392ca4be6754e7feaec249c0009e1bd83
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/rain/dollars-1.webp HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:13 GMT
content-type: image/webp
content-length: 10546
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: "6631038c-2932"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F2J0Bhf46UGHTnuMb1Ho226WgU%2BHTU%2FUKfrDG8yWuvZDwUXZgFWZfynAkThQvw22Qy56Is5%2Fr0dyF3QHmNn9seeDU05IUEGT%2BrTnouYnOZZgzVvkvS%2BKhJmHL8ttBvE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a70ba615695-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/pCw5QzD_EB0_mbmsqIUh2/_buildManifest.js | 172.67.131.174 | 200 OK | 8.8 kB |
URL GET HTTP/3ledronin.com/_next/static/pCw5QzD_EB0_mbmsqIUh2/_buildManifest.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeASCII text, with very long lines (1604), with no line terminators Hash9b0be0ca64dfcd3470105849ad852e52 686f12cc573767f7acf2253656af0a1930712f02 1eac21475ce5b24fa4383c5e0e2f67c5823986fa2297184968ba91fb0297c6b6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/pCw5QzD_EB0_mbmsqIUh2/_buildManifest.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:13 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-644"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CiTdA8AOkQdg4ilKDdVgB6CXdttKxY0RaXmp31cz7UXHIilMT0hhqomNgCzuz8C3wKG%2BFmNW5fqvFSBbFmqvd7hQ%2FyR5zu%2BQW1F21Ro1UMRI9Hxqg6xqCKmceEcAhDE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a7019e65695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/img/rain/dollars-3.webp | 172.67.131.174 | 200 OK | 5.9 kB |
URL GET HTTP/3ledronin.com/img/rain/dollars-3.webp IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeRIFF (little-endian) data, Web/P image Hash51ea76ff382bff8ef58a9943f7fd21d1 5c3d6ad6620fbde5ce3dddc88604e6d54621eba2 0240f30fc542fb5c2d532f33bc793b797199adaea75e22a7d9f04674b80d9a32
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/rain/dollars-3.webp HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:13 GMT
content-type: image/webp
content-length: 5938
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: "6631038c-1732"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HB35wScH1zBdMsg0hgvxcTXrvAM7C5gFdB4uhrM8pShFu6FB8Srx9wd2OrpBcygpuPUtnIpeXftQgGl0rgw583ls%2Bs1hvPi9i65rsR%2F7dngEVgyH9bVB3UlQ8VvrEms%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a70ca7d5695-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/css/0bc0cde260d08b97.css | 172.67.131.174 | 200 OK | 1.2 kB |
URL GET HTTP/3ledronin.com/_next/static/css/0bc0cde260d08b97.css IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeASCII text, with very long lines (1841), with no line terminators Hashff1d3d5d24ca0172d59b02e7505ddaa1 41e83ee08e21f369886b0fdad0ba01d8b20897b6 939b17f98d9d3585510edafa70c73c6619ea20d9b401b4396041272bed67ecf6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/css/0bc0cde260d08b97.css HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:13 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1843
etag: W/"6631038c-733"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V8d9rK2%2FI5ridAmuTb5CaKBQFxIaavXy9C7xZINU%2BizzTvQ7QsL5SruH5lgJSvU4Jsk%2BWvg49qQHRue5OHu9SnXN0p9v6WqrFBrbEoi1V%2FXDs2PS4p0VtAu5E9RZ1QY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a6ff9ae5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/4981.3c1daeeee82e08ea.js | 172.67.131.174 | 200 OK | 3.7 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/4981.3c1daeeee82e08ea.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (21617), with no line terminators Hashe5a18eccb2797e5391d6ce697f63eaba fd0cfa9d1d8af22b690973928c5d65b6be83389b 865d0997740868b6c2804f1949e997d55baffc23023235d8af966f8b999c2b84
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/4981.3c1daeeee82e08ea.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:13 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-5471"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NcyzgRjUFJNaNPS5geQ5FySXWk8TqpWL7J3kMnzSlm4r6NA%2BcGj1n5AgkHLAppxvZwThH17BMoVkfdVil0Iy%2B3YPH%2F2ep3%2BGR6F3U3hkbAYnbQ%2ByqE2IVgssfeU8cU4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a6ff9b65695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| my.rtmark.net/gid.js?userId=ntpgxbekhrbne7iswaf55z7h0vhl9yny | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=ntpgxbekhrbne7iswaf55z7h0vhl9yny IP139.45.195.8:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hash53b17de272cf8a18c24f83dd8dbcc947 fc7224fc61a4d5b7869223254da618e44fa6c0c5 199c1f846d14b8300d57e519cfb834f8149033b52b47192b2bebf36627728c14
GET /gid.js?userId=ntpgxbekhrbne7iswaf55z7h0vhl9yny HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ledronin.com/
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 14:28:13 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://ledronin.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=ntpgxbekhrbne7iswaf55z7h0vhl9yny; expires=Mon, 05 May 2025 14:28:13 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 0 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://ledronin.com/
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 14:28:13 GMT
content-length: 0
access-control-allow-origin: https://ledronin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ledronin.com/
Content-Type: application/json
Content-Length: 387
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 14:28:13 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: e64f5930304995a136dca7b5b8230c35
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ledronin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 0 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://ledronin.com/
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 14:28:14 GMT
content-length: 0
access-control-allow-origin: https://ledronin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| ledronin.com/_next/static/chunks/86.1605512c42332a2f.js | 172.67.131.174 | 200 OK | 11 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/86.1605512c42332a2f.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (2846), with no line terminators Hash4454dd8d20da57e5b4febc37bbc817c4 444023ea84fd9aaebd6126ddc692ef85dfd2b76b 67e0c13ad56e50a9388106a54d2e16a566b8aeba3e2b69b08c3accef0c522cd8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/86.1605512c42332a2f.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:13 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-b1e"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=80WAWkmtpnO9ru7GbyhXXiQLk9Mf9mk5Rctr%2F0B5MvLliBkgk4%2FC%2BfSWyye69NmrAw8ud3iQVbOCr5VFwHUQ55qPlWBCqRWOakhJH4r4k6jTLlJztFS8vev7QE7zoJY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a718b325695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/img/comments/finance-survey-people/person-3.webp | 172.67.131.174 | 200 OK | 1.5 kB |
URL GET HTTP/3ledronin.com/img/comments/finance-survey-people/person-3.webp IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hasha747d227c2e10b5178fd942484301d7a b3c5cf90dd5fd2c26c7b17dcb2d35b6dd47065be 9f4fb1281b7141b9dd48925953f7b039b6c411ea0e6e5b158d3e000d75316e9f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-3.webp HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:14 GMT
content-type: image/webp
content-length: 1454
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: "6631038c-5ae"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=08BClQbFxAyRykcGazia67ADLj%2BBbnYbVOL%2Fk%2FIVpEce%2B0QnmpuNqKjoDiBtPtYg2MAUjNOMkOk6AmFTSpeZqB6x%2FTGfDT%2Bd638If2UqKNa2vRzarbHVHU1L8PyEdEw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a73adb15695-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/main-beb6af9e60a8e042.js | 172.67.131.174 | 200 OK | 35 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/main-beb6af9e60a8e042.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash49c6f57370e917bd37dc7d4d4d0bdb56 f5b56f5b9498f3500055c5614808903d85303991 0409ec519061477c75738733ce598796a11cd445e95df1cd3e72d0ef58136fd4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/main-beb6af9e60a8e042.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:13 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=108887
etag: W/"6631038c-1a957"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Il5BmI7OHTU093ycXh8uPSiPaJJajbVoqigeIL%2FfWqQzbIriP8EA930gY4T%2FPmsI2fk66jJDlS6q3V3BVlZVzXyswsCgYZFLg0QfLx0nVivT2UBHwSImvxaE2cSau08%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a7009cf5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/img/comments/finance-survey-people/person-4.webp | 172.67.131.174 | 200 OK | 1.8 kB |
URL GET HTTP/3ledronin.com/img/comments/finance-survey-people/person-4.webp IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash5dc160f6b521dc8f6c670b140b354fed 22e15cda82b532067b99932ec28f86ea2cc1ecbc 09c6c6de57458ec0c4e7a3d2375e0c7b9c037de9366b63e3685cc0ca94d838b4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-4.webp HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:14 GMT
content-type: image/webp
content-length: 1798
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: "6631038c-706"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bU4WK82Gl1%2FpMesRqgcdSUkTl42cXyhOolXsccKg2v0pdqDPmx1ToaC6VqMCWzbXK2k83Y9NbjPHouyS%2BuVoLhnJ4YTddwvVFe9niGk9xnKkYsdcP9IDvQ4Oq429SVM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a73bdca5695-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/img/comments/finance-survey-people/person-5.webp | 172.67.131.174 | 200 OK | 2.4 kB |
URL GET HTTP/3ledronin.com/img/comments/finance-survey-people/person-5.webp IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash188dfcdf19da1d86ed162d54ed03536d 98b1baefbb803548b2894547091b4c7773406524 4f8251665e3cc796f127ea6cbdc00a9ec450adff16acb4ec74463c446b6f4ba6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-5.webp HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:14 GMT
content-type: image/webp
content-length: 2384
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: "6631038c-950"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z2EYI%2BhT%2F6v7k1vgSXlDaDVnpzKl68jWK1hE5bo65LtWgzccHye1zbzX%2F4oz7tKTNA%2BVWlEDwinanqdMdCh3Qx5cQt89ku5wZrQwg9TIFSBaNb6n%2FU5lc1o3VNn6EEs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a73adb45695-OSL
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ledronin.com/
Content-Type: application/json
Content-Length: 407
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 14:28:14 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 2f2826fbd4f33a9b414f50116d9930e8
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ledronin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| ledronin.com/img/comments/finance-survey-people/person-1.webp | 172.67.131.174 | 200 OK | 1.4 kB |
URL GET HTTP/3ledronin.com/img/comments/finance-survey-people/person-1.webp IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hashc5da2ea294623650bae71fc84401cf60 f1f62ea011cf81953cefe28254c134e992453b91 09a846c5b1af2c6100ff3193789be1e0e21ba9fc45c268f76f2007c78f1e4ac1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-1.webp HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:14 GMT
content-type: image/webp
content-length: 1402
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: "6631038c-57a"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rXl1WR5IWiYC7uQ5uRlDwDJs8yWUGxMwWHb9PwFKQvo10CKC%2BRmbvSIyhS7W%2BcRv7YH%2BF3nh6HTa1IfoU6QFNIvLdK4tsdIUC%2BsyQrsni%2FC3K6lLW2%2B207uNwdFd5ks%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a73bdc55695-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/finance-survey/icon-survey.svg | 172.67.131.174 | 200 OK | 736 B |
URL GET HTTP/3ledronin.com/finance-survey/icon-survey.svg IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeSVG Scalable Vector Graphics image Hash9a8ba19b913810bd358e5caf3a7c2a75 6eff5e84f2b82772bb6029088ed852a8161b3252 58b0a3aa24ef605d4b812bcf92cbaa2e7f78bd43f929ca6362bc259da610399a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /finance-survey/icon-survey.svg HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:14 GMT
content-type: image/svg+xml
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: W/"6631038c-a72"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VV7YqJbeBQM72T%2Fx0KK15Y%2BnlN18gHBWHPS34leGcF9JJAZfLPu1MypCXIUa%2F9W01WL0cK%2Fxpc%2BQF%2FN9LDmc7IuERJHBDmtasZAYNXiDgztgWjBbyBF9YrsORu%2F4m7M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a73dddb5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/1754.983ed55293c299ce.js | 172.67.131.174 | 200 OK | 2.4 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/1754.983ed55293c299ce.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (12711), with no line terminators Hashaaadd1fe7166e1641b80d4a871e91a77 44dd71230caa2b99dbe1a804fb3e444fa2dd8255 918408a27b1ee2472daf8940c82be10db3c347bf9111c15eb4b23bd34600153a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/1754.983ed55293c299ce.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:14 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-31a7"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZSAsV9RguJjc72%2FzLkUUjEERQAlHeSMIVxcRKNndSXJcHaxGeRoAMFLk3fydag2FHHsBmUFcjiRUXI3OEi7iMSutMOdFlZ2ciW7mhOe%2Fuc2PCauwcf%2BwvR2JB%2B1m9PE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a73edf95695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-do | 139.45.197.248 | 200 OK | 179 B |
IP139.45.197.248:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash081142aa1c9267422ee7fd25ac457579 cf8a223610da412aab4cc9aec68f6f304258b3ce 58084d495376ed2e41f026c352cabb187129c58109f2b15caeb1a539deb2cd19
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /sync-do HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ledronin.com/
Content-Type: application/json
Content-Length: 161
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 14:28:14 GMT
content-type: application/json; charset=utf-8
content-length: 179
x-trace-id: 6936eaa1cd78cdcd1795c4fc85b94e67
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ledronin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| ledronin.com/_next/static/chunks/2090-519478c186a3d867.js | 172.67.131.174 | 200 OK | 4.4 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/2090-519478c186a3d867.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (10752), with no line terminators Hash37545926cc9a6e537b9f3e95d7a16c1e c3cbfe1f9737817eda25770274e97feaf6b8cc68 d3ccc772608b2a03a543da22715903e2b6e2c14c42c2f475a0f483ac3cd64b37
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/2090-519478c186a3d867.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:13 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-2a00"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=63sayvnjyt8IcrCtyiLgK3CmGB50vlseSHscYwtCY0P1uP4dVP63%2F%2B6L60WRbRMrA8IyVcCP4X%2BPGvJDk4UwMjO7u2gERVXJP0koWerpEHBNTD3HR4tUd40XS6BNaCk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a7019d95695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/3183.fd81600fd1ec408a.js | 172.67.131.174 | 200 OK | 7.4 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/3183.fd81600fd1ec408a.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (19691), with no line terminators Hash7d35150b72e355e4ea7f1b364b4574fd 93a57b00bfe34fc0b09a4f2fefc438b699855144 17fef67045896f5900aea086d8c13b5a07409942fbac3180c6a8bfe66e86fea9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/3183.fd81600fd1ec408a.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:13 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-4ceb"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HWGmTUdHsSho6wJw5v23uDbcMuUPJ3%2BTTAVIav975yHWEiIl2OC1RiAn9RfC7dT6Bk8D65yN2ElAdP8baACRNZq%2FrN5A2SgV8Zwiq3lZIfz%2FThsimAoR7HQIxa%2BSO00%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a6ff9b95695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/6335.0b3b79af795b69d6.js | 172.67.131.174 | 200 OK | 35 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/6335.0b3b79af795b69d6.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (41407), with no line terminators Hash3dfda233d90a10b7c5cc845a44c2eba5 34507226ff3ec0131f1ce7330cf0423172a98aa6 e8507bf3364ac0352dfd4c6e204bc8c7d79e300182f53dd573d433708f7851d9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/6335.0b3b79af795b69d6.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:13 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-a1bf"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=77g%2BmPfPU3tS%2BH%2Fi%2BPAAGe6pqmA23WsGqoYUjrgqZEFfo4lchT1DgHSw6lpoOSCEUDvX9y3%2FNndK0nEMe4Isqbfgfi3cg27ke%2F1ccpmgKB%2BH9ImfeNm7Olz3XRn%2F%2FzA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a6ff9bb5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/zone?&pub=0&zone_id=6679105&is_mobile=false&domain=ledronin.com&var=5072357&ymid=6962930&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=f3fb9c60-fd71-49ab-a0e9-ad043107320f&action=prerequest | 172.67.131.174 | 200 OK | 0 B |
URL POST HTTP/3ledronin.com/zone?&pub=0&zone_id=6679105&is_mobile=false&domain=ledronin.com&var=5072357&ymid=6962930&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=f3fb9c60-fd71-49ab-a0e9-ad043107320f&action=prerequest IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /zone?&pub=0&zone_id=6679105&is_mobile=false&domain=ledronin.com&var=5072357&ymid=6962930&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=f3fb9c60-fd71-49ab-a0e9-ad043107320f&action=prerequest HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Cookie: OAID=ntpgxbekhrbne7iswaf55z7h0vhl9yny; syncedCookie=true; oaidts=1714919294
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:14 GMT
content-length: 0
x-trace-id: 5eef2a9cfbec79dc700e0c1f8f19b188
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ledronin.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7SRHHi4UnI5RufoJNr1eBPKZhLaLy3CX4RfT%2BtNRTfaiJWG0Op9fR0AzhQYQWOn3i3co90yu1sq6twtswcO%2BeRmjaZJeWLQbxDgXz%2FMiBt%2FDPIxTqghwxHgfjSbZaAQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a75c81d5695-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/track?dry=false&request_var=6962930&oaid=ntpgxbekhrbne7iswaf55z7h0vhl9yny&os_version=&var=5072357&var_3=&var_4=&variable2=PGEdoQfqbTWo1y1PBeuW2g&ymid=6962930&z=5072357&offer_id=2025 | 172.67.131.174 | 200 OK | 620 B |
URL GET HTTP/3ledronin.com/track?dry=false&request_var=6962930&oaid=ntpgxbekhrbne7iswaf55z7h0vhl9yny&os_version=&var=5072357&var_3=&var_4=&variable2=PGEdoQfqbTWo1y1PBeuW2g&ymid=6962930&z=5072357&offer_id=2025 IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
Hash518fbbd5a95951cd6212498955368d69 f6b781a48dee7d09f5b29745c4ced1397642bbe1 f8c19e1cf3423fb386d154c3effb94bc2774d81de6af91588f731e2ce2b6a4f8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /track?dry=false&request_var=6962930&oaid=ntpgxbekhrbne7iswaf55z7h0vhl9yny&os_version=&var=5072357&var_3=&var_4=&variable2=PGEdoQfqbTWo1y1PBeuW2g&ymid=6962930&z=5072357&offer_id=2025 HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
DNT: 1
Connection: keep-alive
Cookie: OAID=ntpgxbekhrbne7iswaf55z7h0vhl9yny; syncedCookie=true; oaidts=1714919294
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:14 GMT
content-type: application/json
vary: Accept-Encoding
x-trace-id: 42c527782d9ad6fe6f73e2aec36c416b
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ledronin.com/
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yVlOWGIR9HdWvtn2xpMAx%2FzD1x4B8uofiCaLqOfcj4RHP8eRfXm5VtWRD4FKH5LBQSnYvdjXJUALR8B%2B0hGzMfa%2Fg3IGgqTl%2F0zYoXsNgpUNxuS5fs%2ByhYBYo%2Fp4QuU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a74ef175695-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/custom | 172.67.131.174 | 200 OK | 42 B |
IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /custom HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 402
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Cookie: OAID=ntpgxbekhrbne7iswaf55z7h0vhl9yny; syncedCookie=true; oaidts=1714919294
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:14 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-trace-id: 263fad3262c1d327fdb899dcb3db122b
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ledronin.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gUisES3JHLMHKknuLjnWOyfC0W7yaccBLPOkuuEUZhTcVSjSVljyf51f1HJFuNeiB87PTXw4N8bAOHzrmmwfxyBc%2FH9SVc1jdfOaV2y0%2Bxn5ZzmJFUMP0piNidYgCLg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a75b80b5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 94 B |
IP139.45.197.250:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashad77cda3e989c63a97903dc1799ce44f 1211f13866f8a90ad8a1fed0879dd2ca49d6341f e58d863ad1b306c4536e9a82a56079c509af4449464cb6f79257b7f0372f9c2f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ledronin.com/
Content-Type: application/json
Content-Length: 1806
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 14:28:14 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ledronin.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| o24257.ingest.sentry.io/api/4506297820381184/envelope/?sentry_key=846ab6d1b9297a0036310793eb8dd024&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.108.0 | 34.120.195.249 | 200 OK | 2 B |
URL POST HTTP/2o24257.ingest.sentry.io/api/4506297820381184/envelope/?sentry_key=846ab6d1b9297a0036310793eb8dd024&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.108.0 IP34.120.195.249:443 ASN#396982 GOOGLE-CLOUD-PLATFORM
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerDigiCert Inc Subjectingest.sentry.io Fingerprint60:82:0B:58:64:CD:37:FD:3F:C0:84:4F:0B:69:CF:58:05:15:97:9A ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hash99914b932bd37a50b983c5e7c90ae93b bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
POST /api/4506297820381184/envelope/?sentry_key=846ab6d1b9297a0036310793eb8dd024&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.108.0 HTTP/1.1
Host: o24257.ingest.sentry.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ledronin.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 421
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 14:28:14 GMT
content-type: application/json
content-length: 2
access-control-allow-origin: *
vary: origin,access-control-request-method,access-control-request-headers
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ledronin.com/rotate?zz=4292526%3B7000967%3B6543082%3B4949467%3B5381242%3B5381316%3B5381307%3B5381339&var=5072357&ymid=6962930&ab2r=&var_3=&var_4=&os_version=&uid=ntpgxbekhrbne7iswaf55z7h0vhl9yny | 172.67.131.174 | 200 OK | 13 kB |
URL GET HTTP/3ledronin.com/rotate?zz=4292526%3B7000967%3B6543082%3B4949467%3B5381242%3B5381316%3B5381307%3B5381339&var=5072357&ymid=6962930&ab2r=&var_3=&var_4=&os_version=&uid=ntpgxbekhrbne7iswaf55z7h0vhl9yny IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
Hashd5a1d0cd1812946239c8690dde1a5a6a 0138f205607f23b040b0ec7e14c67d56781c98ee 51930d4721d100093aefe86d08ebca067552130b7ba88e4a0d06ac12a7261bbe
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /rotate?zz=4292526%3B7000967%3B6543082%3B4949467%3B5381242%3B5381316%3B5381307%3B5381339&var=5072357&ymid=6962930&ab2r=&var_3=&var_4=&os_version=&uid=ntpgxbekhrbne7iswaf55z7h0vhl9yny HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
DNT: 1
Connection: keep-alive
Cookie: OAID=ntpgxbekhrbne7iswaf55z7h0vhl9yny; syncedCookie=true; oaidts=1714919294
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:14 GMT
content-type: application/javascript
vary: Accept-Encoding, Origin
x-trace-id: 0eea97e164e8d9876eee995c29c93679
timing-allow-origin: *
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
access-control-allow-origin: https://ledronin.com/
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
set-cookie: OAID=ntpgxbekhrbne7iswaf55z7h0vhl9yny; expires=Mon, 05 May 2025 14:28:14 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xXD3NJTP%2BbxGeLxUSTL9C9rYSSylXoyyUAUCuE0NAi97Nupe2Vw7u8WxCpeBSiCTaYIfKQCvxHLYirvNW1VH9gHtgz5LYjDDYdkLHIsHpgNlZGkuq60b3%2BwalBili3k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a74ff3f5695-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/sw/universal.js?var=5072357&ymid=6962930&ab2_ttl=5184000&zoneId=6679105 | 172.67.131.174 | 200 OK | 7.9 kB |
URL GET HTTP/3ledronin.com/sw/universal.js?var=5072357&ymid=6962930&ab2_ttl=5184000&zoneId=6679105 IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
Hash3720f9cee1df8fca36fe99491eab215b 1705d72778aac160278f15d86a8d1aa2bac785bf 08c09c04a09d4a2fe27fc50189a08f18cfe108a3b966d4a36c77819275c0d81d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sw/universal.js?var=5072357&ymid=6962930&ab2_ttl=5184000&zoneId=6679105 HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Cookie: OAID=ntpgxbekhrbne7iswaf55z7h0vhl9yny; syncedCookie=true; oaidts=1714919294
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:14 GMT
content-type: application/javascript
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: W/"6631038c-5b2"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iZY0nO7grMZsmgr383CS8pKPDArhouOErbLN39a%2BxLBDi%2BaMhuwLRVyUoKAVDPACfHVm8wG4CuhxN4Uan452N26HeLw%2FKTFrtNBoDxGyeyTSTzNDDND%2BCCyjYb2Obhk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a75b8105695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/812.72b1b2774f5e091e.js | 172.67.131.174 | 200 OK | 13 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/812.72b1b2774f5e091e.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (13123), with no line terminators Hash4746cb9c76676e766e71dc6aecb5136f bb22c941272fd23ba014218396b7f9eed51e84de faa62724f265c4355b761202cf48980bedbbfa4a8c8c044468e0024ddf1d0059
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/812.72b1b2774f5e091e.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:13 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-3343"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3WkSSZsv5PsF%2BhI7YjlFq5adeXMQc%2F2BtoPpt1Bz4yH5CXlNhn9HRhdgimXjyPSeIkU2WM28%2B6uxK13knwQpHQSh6W%2FlmY77vVvS%2Bs6YVb0ipSHMUXdkUuuEiytV1bU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a6ff9b45695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/favicon.ico | 172.67.131.174 | 204 No Content | 0 B |
IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 204 No Content
date: Sun, 05 May 2024 14:28:14 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9CWwysyqX1shbGOA%2BG8kli0jO0o%2BJSnRYQTAAuqGnF0v9KC%2FcD0VY2mhpFkYnJBRD4N6bs%2FrUqIPMlRQe7v6Dmd1R7SDh%2F1lOURMcbafj616urx%2ByOe3QQxUyji0OG0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f16a746e975695-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/3091.8141ef861c4fae96.js | 172.67.131.174 | 200 OK | 2.4 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/3091.8141ef861c4fae96.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (2431), with no line terminators Hashaff0a51ad60c666bf1f7f27ddff14217 9677799390dc5667eeda431957d59b25d6a40946 f495db20d41fe12519423d9776481cd5c3f1dabc346ea304b8a7201b032d4e87
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/3091.8141ef861c4fae96.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:13 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-951"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cbypSidRyV9yibfkqsFni3Nd9QKU126B1nCyis8bDBzRDRG%2B65ea2AS2MyyHSHWzHbW5YgY7mNGOjP3X%2FnECYR%2FKvbgR4K6l59RRviZ7OEIWajP90V%2FN5Qv0sODO4Ks%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a718b3c5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=5072357&ymid=6962930&b=&campaignid=&click_id=&ab2r=&rhd=1&var_3=&oaid=ntpgxbekhrbne7iswaf55z7h0vhl9yny&os_version=&btz=UTC&bto=0&z=6679105&cdn=1&domain=ledronin.com&ab2=&ab2_ttl=5184000 | 172.67.131.174 | 200 OK | 37 kB |
URL GET HTTP/3ledronin.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=5072357&ymid=6962930&b=&campaignid=&click_id=&ab2r=&rhd=1&var_3=&oaid=ntpgxbekhrbne7iswaf55z7h0vhl9yny&os_version=&btz=UTC&bto=0&z=6679105&cdn=1&domain=ledronin.com&ab2=&ab2_ttl=5184000 IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (37142), with no line terminators Hash32d6dbd00a639e2cd10d1704b9159bd5 0dab4c95675393f1d0e13d20f13d80ee12e41d95 9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=5072357&ymid=6962930&b=&campaignid=&click_id=&ab2r=&rhd=1&var_3=&oaid=ntpgxbekhrbne7iswaf55z7h0vhl9yny&os_version=&btz=UTC&bto=0&z=6679105&cdn=1&domain=ledronin.com&ab2=&ab2_ttl=5184000 HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Cookie: OAID=ntpgxbekhrbne7iswaf55z7h0vhl9yny; syncedCookie=true; oaidts=1714919294
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:14 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:49:22 GMT
vary: Accept-Encoding
etag: W/"662a3532-9116"
access-control-allow-credentials: true
cache-control: max-age=1800
pragma: no-cache
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GAUByxKHo92f7xZ4eX9tx2ZvuGqVP0ZVFRD5lh4I2jwhnUi6U15ipgCLuYpCtKDYmoiAadUwgojVUrzXXTMhhydIIRJNIcuhPL27hoaBwyuk5atM%2BZohQ6A%2BK4PDHTE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a750f515695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/webpack-c63afe4326372fa8.js | 172.67.131.174 | 200 OK | 6.3 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/webpack-c63afe4326372fa8.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (6507), with no line terminators Hashb4f4daa4446e65050b8af39fb465e9cc c922010fabb2e409bf1ac29f10563652f06f55aa 318ebdbd0768c4e17a59236e31a5a86a05769131d5e5637d55f78eb3f153d720
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/webpack-c63afe4326372fa8.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:13 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-1875"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MW4IC2MlXCgoB8QdQ%2BJliMJlZoY%2BVLR8EPvkb79ww8p6l9VqMLn84FqHmj5utWJklEbXmPQ3MEpWtdyOmuzPSBvjq49NCeH5KcRvxy8RTYsbcczKiOWU3ECJTu0vB2s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a7009c15695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/8904.6fbc0cfd51623cbf.js | 172.67.131.174 | 200 OK | 925 B |
URL GET HTTP/3ledronin.com/_next/static/chunks/8904.6fbc0cfd51623cbf.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (939), with no line terminators Hashe370c58940efd9305daf2c9601a7da0d ac6f3895617e4817d7bf86b7c637a231b13a12b7 acba948084ac297d876a066617c1a4c6d9f5a664d43514af605a4c6d1fe37315
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/8904.6fbc0cfd51623cbf.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:13 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-39d"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wMh0dlyhg3xGG9K1SiZr2WDoaEVakL3QtFoo8a7D1tJvREqkztInY%2Fm%2F0AS0Ut0ynEfoaDzLV3yCCgAOCic2kVFazVgVckTt8Qc1lVcwaRhQzMdWus8zvfVKAcYwauA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a718b365695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/img/comments/finance-survey-people/person-2.webp | 172.67.131.174 | 200 OK | 2.2 kB |
URL GET HTTP/3ledronin.com/img/comments/finance-survey-people/person-2.webp IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash8f8ffbb278de1342e5cf44cd0c677c23 1b4b4428e409479cc8a8acfce6f537c2aeea7556 ac4284ed6941963c4fa0db306537f42f3a0b1fa18710bc7b9e1e62188961d83a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-2.webp HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:14 GMT
content-type: image/webp
content-length: 2220
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: "6631038c-8ac"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AVpZuQOfkFk3t9RuCA%2B8qZkF9UeomQfdk5VwTqTFqRhc1ioU%2F7hukm1uhAlXClmsUIi5k5zyuWaxCYrirOi3HOUcU4iOEAEcB%2FLxWiRQwOSkn1rJHCM2L6RDyvPRz20%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a73adb75695-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/framework-8940d626f3bfb7e9.js | 172.67.131.174 | 200 OK | 26 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/framework-8940d626f3bfb7e9.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (25995), with no line terminators Hash33a34c525e2bee14a166fe1289835308 4afb650772181930d19dca9a41490beea5087932 bebac61ce044debeb2025b1fbf1c95f1b9a4bc97d0702676dea22b0bb689b555
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/framework-8940d626f3bfb7e9.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:13 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-658b"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dMAinBBYWbY1wbKyLd%2FN30YIf%2BDFmz7JQ10XwDqplBH%2F4RSUyuv49miv%2Bsrx5%2BSEiaiARU1OdxzHJaSRGJvkf9Qwx%2FftmhN%2Bf9atm1yTTiLj7495N3yiX4ooiypBPZo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a7009c35695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=2c315093-f7e5-4435-80ff-ea80d938b8be | 37.48.68.71 | 200 OK | 12 B |
URL POST HTTP/1.1datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=2c315093-f7e5-4435-80ff-ea80d938b8be IP37.48.68.71:443 ASN#60781 LeaseWeb Netherlands B.V.
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerSectigo Limited Subjectdatatechonert.com Fingerprint3F:E1:50:2C:9F:FC:F9:37:03:E3:B6:34:00:06:89:69:01:E7:C3:27 ValiditySun, 10 Dec 2023 00:00:00 GMT - Mon, 23 Dec 2024 23:59:59 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash6949f52318584a4b51c719a9b84a7287 9fbd870c6afd4bdd6fbbd87f52df2c81dd23e905 72603096ec3515dbc615ab8837fd1b15e91ee827bc7af41d71c9882b08699375
POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=2c315093-f7e5-4435-80ff-ea80d938b8be HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1437
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sun, 05 May 2024 14:28:14 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://ledronin.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
|
|
| ledronin.com/_next/static/chunks/810.3c8446ab4166aeac.js | 172.67.131.174 | 200 OK | 3.0 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/810.3c8446ab4166aeac.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (3075), with no line terminators Hash89aad15398a24ec92ac08d6463d4908a 2d0cb315034a49a9911b5e2944032eebd24dd191 4ca508ccfb1bf3aecb96b235882533a777359352dad1ddf4f13e6986bc548870
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/810.3c8446ab4166aeac.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:13 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-bb5"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uXNjo6ux3PAHHu66XlZm1SbaOB3XBpT%2BEvZpESJXATfVnxH8moFeEieT4PwZw0VqXvUddGiMWeyx4NJn1Ad5Z%2F4mSNbz4f7nY3nRa3dsSmMD6FdHbRCtc%2F1Rtv5M18g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a718b345695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g | 172.67.131.174 | 200 OK | 40 kB |
URL User Request GET HTTP/2ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g IP172.67.131.174:443
CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 14:28:13 GMT
content-type: text/html
last-modified: Tue, 30 Apr 2024 14:43:26 GMT
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t3XP2eUznM6MgL%2BqxugPeGT4rnfMS2ML84ch3Z4NugoD248eMVnkLB54EU7puAukKC6PnSbgmaHpR01B7GPhzx67vO%2FAUavxnVvz8JhrqHWVswP%2Fy6GHfUuIilGBfrY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a6dbad756b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| browser.sentry-cdn.com/7.108.0/bundle.min.js | 151.101.130.217 | 200 OK | 78 kB |
URL GET HTTP/2browser.sentry-cdn.com/7.108.0/bundle.min.js IP151.101.130.217:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGlobalSign nv-sa Subject*.sentry-cdn.com FingerprintF4:BF:96:D1:20:5D:BA:52:63:EB:1F:F7:56:39:FA:81:01:A3:64:DE ValidityTue, 01 Aug 2023 14:42:24 GMT - Sun, 01 Sep 2024 14:42:23 GMT
File typeJavaScript source, ASCII text, with very long lines (65446) Hashe8b9b14c26da487b1f60b6d83de21679 baf0e15e8a66d5f9a3941c795c879966d46b7394 ea656e60afb1837bad760edf51698f5f3d763875dad7342fba8b079acc0a980e
GET /7.108.0/bundle.min.js HTTP/1.1
Host: browser.sentry-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ledronin.com
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: public, max-age=31536000
expires: Sat, 22 Mar 2025 09:20:12 GMT
last-modified: Fri, 22 Mar 2024 08:50:10 GMT
etag: "31b0198dce84c8fb94a01597ce4fd852"
content-type: application/javascript; charset=utf-8
content-encoding: gzip
accept-ranges: bytes
date: Sun, 05 May 2024 14:28:14 GMT
age: 3820082
vary: Accept-Encoding
access-control-allow-origin: *
server: Fastly
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 26058
X-Firefox-Spdy: h2
|
|
| ledronin.com/img/comments/finance-survey-people/person-6.webp | 172.67.131.174 | 200 OK | 2.4 kB |
URL GET HTTP/3ledronin.com/img/comments/finance-survey-people/person-6.webp IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash7be25941ac032fcec25b1bb4ede296d2 cfc4fb3733844326076b6d7632087204c0bea34d 0ff9d28c4ab7516d2790e8df4d325cf602bc8f9eb787a7cd9b6554edd9530e4e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-6.webp HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:14 GMT
content-type: image/webp
content-length: 2440
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: "6631038c-988"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AlfzOQcoAH0cFAekVZydYnlX8H9D4ev5wGxYUZ1H3DHyxw6LsQShrxwyLxE5WaMc1phYo4KC5W9Usw8xYcfG9zhUuTkN0XXjjcmXGkjUdje%2Fw1Z25pPefcDW%2BksZuwU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a739dae5695-OSL
alt-svc: h3=":443"; ma=86400
|
|
| cdntechone.com/stattag.js | 188.114.96.1 | 200 OK | 19 kB |
URL GET HTTP/2cdntechone.com/stattag.js IP188.114.96.1:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectcdntechone.com Fingerprint3D:20:D4:11:5D:06:B3:63:9C:08:BF:D9:D9:16:22:D5:DC:3B:9A:CB ValidityMon, 22 Apr 2024 03:33:58 GMT - Sun, 21 Jul 2024 03:33:57 GMT
File typeJavaScript source, ASCII text, with very long lines (18452) Hashbec2755dff94190fec0365b0db53807b f98c36e7e9e06325d03fe39c3b98879062fc2704 ccb15ff22ece6946136f1501ab3ae74155399187c8e85beb10399d56bb8e149a
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 14:28:13 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:04 GMT
etag: W/"65c37cb8-4a9e"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 325
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LCpqhpoFqL3wJvozzeqJD3XZLWTyVbPCLqX8veeOVHV7L1ix1ee2N5dRcqQ%2BSHjQVuWvyb%2B2PHv8LvNU7j4cQereFfqgOVkzARPR4%2FyLGtscdEWZDukeR2jFpkGhAEdEng%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f16a72a87756cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ledronin.com/_next/static/pCw5QzD_EB0_mbmsqIUh2/_ssgManifest.js | 172.67.131.174 | 200 OK | 182 B |
URL GET HTTP/3ledronin.com/_next/static/pCw5QzD_EB0_mbmsqIUh2/_ssgManifest.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeASCII text, with no line terminators Hashca6aa05f78eb6859347a61db067f16dc 444e70f53eb809f0920de921925d854baccdd251 11ca6f5cc9bc3b5e4021fe0fdad57091b6e8b54a5018672cf9d8b6a7e4f0e229
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/pCw5QzD_EB0_mbmsqIUh2/_ssgManifest.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:13 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-b6"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lef4lCGkijMrKVxPnHJN5zkO2%2FZh7zMOMELO0IvS%2Bm3Vh5DVemcAIhmtn4WF6%2FuSMaw8SxTCqL7dkGGJMcP3zX6cghIxhDQsKbOH4sGOfPpEUhGEGlr57MxXQZCyRoo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a7019e75695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/7903-dd238946c7924507.js | 172.67.131.174 | 200 OK | 32 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/7903-dd238946c7924507.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (31896), with no line terminators Hashb5dd343db67bd22544d11da18268f5c3 069b5b221dd75af58d93192460778b3d07835e74 6347f1d4083f7a0a2ac3d8b12aae8832d9ea6914aa6e137d16a4d41869d14ea5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/7903-dd238946c7924507.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:13 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-7c98"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZWoAmFA6q%2Bok4%2BLRkU9PJg3hWJWIj%2B1amKxjH%2BUvEcyK5q4BvyqEWN%2FhtHVbEe6MHxjsJNrBs1HGRfLauPmC8DvCqlTs%2F6tVjMBe54MNdsj4RVRUzdd6s2OVd5c4UlQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a7009d25695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/5927.37a5338b8ac59a08.js | 172.67.131.174 | 200 OK | 19 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/5927.37a5338b8ac59a08.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (18708), with no line terminators Hasha385421104bc74c949dc4c6191ef7df9 30827209462e4ce7b901e71b238109574cc117ba 441f4699276f051e940137c231a4d48a7d4a0958ceeae78958482cd8a89663be
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/5927.37a5338b8ac59a08.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:13 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-4914"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9EsbfbWaa8u%2Bjxh1wMLgVNJUefRDJFrboqjjeNGi98%2BEJcl5Dz3PGZjBiOjaywXRCxzXziB7FFPIL4%2BO8y0Oif70xWwHNGHcAEpu%2FeqY90x%2Boy%2ByZLIgI8TPswRrOBk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a71bb635695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/802-3e1f59b7c0fe3ef9.js | 172.67.131.174 | 200 OK | 67 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/802-3e1f59b7c0fe3ef9.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash8288efc1729193ab69e39ae227fb924b b6cda864edfa8126c902b5de80229790a6f9be15 070ce71e2510a99695b81a839821823ddf3b49213f166212641fcf98adfef3f4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/802-3e1f59b7c0fe3ef9.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:13 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-10749"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pdBN%2BFz87j6wew5AURE01V8YPIjgU7Kf%2BXjc1IE1%2BBeAcRAOuDyjPFSyBIJlLxn2NXBa2IRXWY6BmG9AgwgGUPOzDN3seFKuoE2C5GBjPlrQW4x58zaZ%2FpfDCjUdYZs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a7019db5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/2734.6269ca0cf725ea17.js | 172.67.131.174 | 200 OK | 4.1 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/2734.6269ca0cf725ea17.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (4219), with no line terminators Hash98132c6c771aec065d3ab61e5c8c0f53 56484dafed6218ea17ef047fc8cd4c5a342c1890 ae09486720d6d4764b5126f0e26414962ee83eeebdc05db588bb7d86855e8b23
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/2734.6269ca0cf725ea17.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:13 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-1033"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GkUGnegEzN%2FCVd9qyfUqNzn9X2AU8x%2F%2BC0EzG1E6Ja1Z32PzkmyeYgC0znQMzjbQ9mKgtJPuJOaeMynfVR55JIyH09SZY0xB5tUJGjR%2BLIZmkKzKaITDXhVZuF9eHkQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a718b315695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/6223.36a8be3b6724c1ee.js | 172.67.131.174 | 200 OK | 3.8 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/6223.36a8be3b6724c1ee.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (3870), with no line terminators Hash1d892f4ab084b8290d79dcf9ec65b79a 17b0c18b7201dd8eb4bbd3db5be2f1d784000948 77e68c0c19f773bcf939398361c922509f29268cea7afe93f3f7050183115e14
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/6223.36a8be3b6724c1ee.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:13 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-eee"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mB6qwijHn7Jo71H3yBWOTPkipubu5iK5Z37aw9%2FVa0vrIdDiIryyczEB%2FZZWKVvCb5MFcKk88wo0U%2FGzlFNmXqpiph%2FilvnBoawikAcJLttmYkpEO1%2BTpL6J05usLDQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a718b385695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/pages/_app-7ac21b6c354dd447.js | 172.67.131.174 | 200 OK | 42 kB |
URL GET HTTP/3ledronin.com/_next/static/chunks/pages/_app-7ac21b6c354dd447.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (41515), with no line terminators Hash92ee35a274faa2df0c68f0def06a750e 8131ecf1752dbf3591bf213855896b2618f48734 47929dce053ec819a11270e42aaff07b95e02ee29513b8f5b73cf75f6cdeddd5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/pages/_app-7ac21b6c354dd447.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:13 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-a22b"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UbZR4zeyFQokJQl8aogSTzb2dBiFeDPE54wnGvAadW1AilUu%2BG54IbXnMzT0SUcPCEYelgDjH6Xn7f3KRM9BslOqI5LoA%2FIZu6oNmvSQIaxep7wp4vUu6dlyZvmlGdA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a7009d15695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-f51e2daac4d078b4.js | 172.67.131.174 | 200 OK | 661 B |
URL GET HTTP/3ledronin.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-f51e2daac4d078b4.js IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeJavaScript source, ASCII text, with very long lines (665), with no line terminators Hashf8e52c06430c8d613af8c236a1972a4a 8ac071e6c0908ee068e453ae47a6598d733d9a1a 7f75dbe159ba344bd4495842a3c902c147703b5f4835885f3a9e13f879cdcddc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-f51e2daac4d078b4.js HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:13 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-295"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Iw%2BdQf01gF%2FLJENBBeEjeIuwrgIwosH4yQ8CombyZQKP%2BrIoUmB2gU887Q3HQeq2rWdKeuixDF9uY3Uim6ejiHGE9jX3KbfAAaWK5sU%2FZ71WV9xjkbDOYYbBemB%2BIec%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a7019e05695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ledronin.com/img/rain/dollars-2.webp | 172.67.131.174 | 200 OK | 8.1 kB |
URL GET HTTP/3ledronin.com/img/rain/dollars-2.webp IP172.67.131.174:443
Requested byhttps://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g CertificateIssuerGoogle Trust Services LLC Subjectledronin.com FingerprintAF:38:E1:84:C8:27:77:3F:A5:A5:6F:4B:D2:0F:7D:DD:36:7C:1E:4D ValiditySun, 14 Apr 2024 02:12:10 GMT - Sat, 13 Jul 2024 02:12:09 GMT
File typeRIFF (little-endian) data, Web/P image Hash8b4203d496c3f52b116af082a0cd4017 de5369e9459e240950bb7eb5261eaac1db26907f 8dd1f04088c25e20d15e1bc23129604830aab2b4d3d0a408a5f047f9768f39a4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/rain/dollars-2.webp HTTP/1.1
Host: ledronin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ledronin.com/finance-survey.html?z=5072357&offer_id=2025&var=6962930&ymid=PGEdoQfqbTWo1y1PBeuW2g&ymid=PGEdoQfqbTWo1y1PBeuW2g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 14:28:13 GMT
content-type: image/webp
content-length: 8140
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: "6631038c-1fcc"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pu5%2BRtFZXNeo073so%2BtA%2BjDBmHC5eKCf3ChpZHmjx1GrauxNrBLPKDWqU1oqqsWr9F%2FVnDA2L3XzTT1B4cxiYFMawZG35MRBzxv8p6jD5PnK2tMnZcGg3FmwGr%2B0koM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f16a70ca795695-OSL
alt-svc: h3=":443"; ma=86400
|
|