Report - adbluemirror1.click/o/612528/53328360?s1=

Report Overview

Submitted URL
adbluemirror1.click/o/612528/53328360?s1=
IP
104.21.75.126
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-05 02:39:06
Access
public
Website Title
Participate in Our Exclusive Online Survey: Share Your Insight
Final URL
lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
106

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-05-03	459 B	743 B	139.45.195.8
cdntechone.com	64371	2021-12-24	2021-12-24	2024-05-03	398 B	20 kB	104.21.36.146
go.smartorfast.com	unknown	2024-04-18	2024-04-22	2024-04-26	555 B	502 B	34.91.234.242
lougroan.com	unknown	2024-04-22	2024-04-26	2024-04-26	26 kB	552 kB	172.67.169.116
arleavannya.com	unknown	2024-01-22	2024-01-22	2024-05-03	2.0 kB	3.3 kB	139.45.197.248
datatechonert.com	46154	2021-12-24	2021-12-24	2024-05-03	568 B	480 B	37.48.68.71
amunfezanttor.com	unknown	2023-03-31	2023-03-31	2024-05-03	2.0 kB	2.2 kB	139.45.197.250
adbluemirror1.click	unknown	unknown	No data	No data	497 B	1.4 kB	172.67.175.217

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	arleavannya.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	arleavannya.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	arleavannya.com	Sinkholed
2024-05-04	medium	arleavannya.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	amunfezanttor.com	Sinkholed
2024-05-04	medium	amunfezanttor.com	Sinkholed
2024-05-04	medium	amunfezanttor.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	amunfezanttor.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed
2024-05-04	medium	lougroan.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (27)

	URL	Size	First Seen	Last Seen
	lougroan.com/_next/static/chunks/main-beb6af9e60a8e042.js	109 kB	2024-03-02	2024-05-18
Pretty URL lougroan.com/_next/static/chunks/main-beb6af9e60a8e042.js IP 172.67.169.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-02 21:14:49 Last Seen2024-05-18 17:15:37 Times Seen713 Hash 49c6f57370e917bd37dc7d4d4d0bdb56 f5b56f5b9498f3500055c5614808903d85303991 0409ec519061477c75738733ce598796a11cd445e95df1cd3e72d0ef58136fd4 Loading...

	lougroan.com/_next/static/chunks/pages/_app-7ac21b6c354dd447.js	42 kB	2024-04-26	2024-05-07
Pretty URL lougroan.com/_next/static/chunks/pages/_app-7ac21b6c354dd447.js IP 172.67.169.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 14:10:32 Last Seen2024-05-07 09:27:07 Times Seen378 Hash 92ee35a274faa2df0c68f0def06a750e 8131ecf1752dbf3591bf213855896b2618f48734 47929dce053ec819a11270e42aaff07b95e02ee29513b8f5b73cf75f6cdeddd5 Loading...

	lougroan.com/_next/static/chunks/6223.36a8be3b6724c1ee.js	3.8 kB	2024-04-13	2024-05-07
Pretty URL lougroan.com/_next/static/chunks/6223.36a8be3b6724c1ee.js IP 172.67.169.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-13 13:54:11 Last Seen2024-05-07 09:27:07 Times Seen238 Hash c1f7e2120e9f45cf822bbe5e23ab5711 e5ab7ffa55c8122915c064b4e81387ff71ca018c 492f9bfb9b36328df2670323687dbb0d0ac9499199fe5bac3c7eb91dde9a34aa Loading...

	lougroan.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=6222300&ymid=434_612528&b=&campaignid=&click_id=810814261229786272&ab2r=&rhd=1&var_3=&oaid=kkzpghlwfqw1b3cp69rfpa1rvzuzdlxd&os_version=&btz=UTC&bto=0&z=6679107&cdn=1&domain=lougroan.com&ab2=&ab2_ttl=5184000	37 kB	2024-04-25	2024-05-15
Pretty URL lougroan.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=6222300&ymid=434_612528&b=&campaignid=&click_id=810814261229786272&ab2r=&rhd=1&var_3=&oaid=kkzpghlwfqw1b3cp69rfpa1rvzuzdlxd&os_version=&btz=UTC&bto=0&z=6679107&cdn=1&domain=lougroan.com&ab2=&ab2_ttl=5184000 IP 172.67.169.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 13:01:48 Last Seen2024-05-15 20:42:51 Times Seen2522 Hash 32d6dbd00a639e2cd10d1704b9159bd5 0dab4c95675393f1d0e13d20f13d80ee12e41d95 9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de Loading...

	lougroan.com/_next/static/chunks/3183.fd81600fd1ec408a.js	20 kB	2024-04-26	2024-05-07
Pretty URL lougroan.com/_next/static/chunks/3183.fd81600fd1ec408a.js IP 172.67.169.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 17:40:57 Last Seen2024-05-07 09:27:07 Times Seen289 Hash 7d35150b72e355e4ea7f1b364b4574fd 93a57b00bfe34fc0b09a4f2fefc438b699855144 17fef67045896f5900aea086d8c13b5a07409942fbac3180c6a8bfe66e86fea9 Loading...

	lougroan.com/_next/static/chunks/7903-dd238946c7924507.js	32 kB	2024-03-21	2024-05-18
Pretty URL lougroan.com/_next/static/chunks/7903-dd238946c7924507.js IP 172.67.169.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-21 14:18:29 Last Seen2024-05-18 19:16:14 Times Seen933 Hash b5dd343db67bd22544d11da18268f5c3 069b5b221dd75af58d93192460778b3d07835e74 6347f1d4083f7a0a2ac3d8b12aae8832d9ea6914aa6e137d16a4d41869d14ea5 Loading...

	lougroan.com/_next/static/chunks/3091.8141ef861c4fae96.js	2.4 kB	2024-04-24	2024-05-15
Pretty URL lougroan.com/_next/static/chunks/3091.8141ef861c4fae96.js IP 172.67.169.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 20:44:14 Last Seen2024-05-15 10:39:48 Times Seen416 Hash 8de4ecfc18371e9af83a020ad48a4839 f4cfd9509facd189f8e3487426a36cecfc77c090 954601b08c55f3c2e1c2a0a766e31a55e18b3ee0f6213cd1761decd4e4715f64 Loading...

	lougroan.com/_next/static/chunks/framework-8940d626f3bfb7e9.js	26 kB	2024-04-25	2024-05-18
Pretty URL lougroan.com/_next/static/chunks/framework-8940d626f3bfb7e9.js IP 172.67.169.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 15:50:08 Last Seen2024-05-18 19:16:14 Times Seen817 Hash 33a34c525e2bee14a166fe1289835308 4afb650772181930d19dca9a41490beea5087932 bebac61ce044debeb2025b1fbf1c95f1b9a4bc97d0702676dea22b0bb689b555 Loading...

	lougroan.com/_next/static/chunks/802-3e1f59b7c0fe3ef9.js	67 kB	2024-04-30	2024-05-07
Pretty URL lougroan.com/_next/static/chunks/802-3e1f59b7c0fe3ef9.js IP 172.67.169.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 19:35:37 Last Seen2024-05-07 09:27:07 Times Seen221 Hash 8288efc1729193ab69e39ae227fb924b b6cda864edfa8126c902b5de80229790a6f9be15 070ce71e2510a99695b81a839821823ddf3b49213f166212641fcf98adfef3f4 Loading...

	lougroan.com/_next/static/chunks/1754.983ed55293c299ce.js	13 kB	2024-04-25	2024-05-16
Pretty URL lougroan.com/_next/static/chunks/1754.983ed55293c299ce.js IP 172.67.169.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 15:50:08 Last Seen2024-05-16 10:26:21 Times Seen600 Hash aaadd1fe7166e1641b80d4a871e91a77 44dd71230caa2b99dbe1a804fb3e444fa2dd8255 918408a27b1ee2472daf8940c82be10db3c347bf9111c15eb4b23bd34600153a Loading...

	cdntechone.com/stattag.js	19 kB	2024-02-07	2024-05-18
Pretty URL cdntechone.com/stattag.js IP 104.21.36.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-07 19:13:47 Last Seen2024-05-18 19:16:14 Times Seen1230 Hash bec2755dff94190fec0365b0db53807b f98c36e7e9e06325d03fe39c3b98879062fc2704 ccb15ff22ece6946136f1501ab3ae74155399187c8e85beb10399d56bb8e149a Loading...

	lougroan.com/_next/static/chunks/4981.3c1daeeee82e08ea.js	22 kB	2024-04-02	2024-05-07
Pretty URL lougroan.com/_next/static/chunks/4981.3c1daeeee82e08ea.js IP 172.67.169.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-02 14:06:39 Last Seen2024-05-07 09:27:07 Times Seen362 Hash e5a18eccb2797e5391d6ce697f63eaba fd0cfa9d1d8af22b690973928c5d65b6be83389b 865d0997740868b6c2804f1949e997d55baffc23023235d8af966f8b999c2b84 Loading...

	lougroan.com/_next/static/chunks/2090-519478c186a3d867.js	11 kB	2024-04-25	2024-05-15
Pretty URL lougroan.com/_next/static/chunks/2090-519478c186a3d867.js IP 172.67.169.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 23:22:30 Last Seen2024-05-15 16:30:11 Times Seen724 Hash 37545926cc9a6e537b9f3e95d7a16c1e c3cbfe1f9737817eda25770274e97feaf6b8cc68 d3ccc772608b2a03a543da22715903e2b6e2c14c42c2f475a0f483ac3cd64b37 Loading...

	lougroan.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-f51e2daac4d078b4.js	661 B	2024-04-30	2024-05-08
Pretty URL lougroan.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-f51e2daac4d078b4.js IP 172.67.169.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 15:34:30 Last Seen2024-05-08 10:54:27 Times Seen183 Hash 277a97cfa8751f2eac57de60434b437b 9834fe466692865ccbe9a6aed4b57b0a0947aba3 f157395e1d5a2d7f75b801b761e419e990275ffefe3f7a768fbb51ea52d24ef7 Loading...

	lougroan.com/_next/static/chunks/86.1605512c42332a2f.js	2.8 kB	2024-04-24	2024-05-18
Pretty URL lougroan.com/_next/static/chunks/86.1605512c42332a2f.js IP 172.67.169.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 15:40:39 Last Seen2024-05-18 19:16:14 Times Seen469 Hash 4454dd8d20da57e5b4febc37bbc817c4 444023ea84fd9aaebd6126ddc692ef85dfd2b76b 67e0c13ad56e50a9388106a54d2e16a566b8aeba3e2b69b08c3accef0c522cd8 Loading...

	lougroan.com/_next/static/chunks/9270.11c63feb0694543d.js	11 kB	2024-04-27	2024-05-18
Pretty URL lougroan.com/_next/static/chunks/9270.11c63feb0694543d.js IP 172.67.169.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 01:41:14 Last Seen2024-05-18 11:04:52 Times Seen50 Hash 01ead0d6c1755cb5c26d0f26bf52678a 046ec4186ad3a9df0240837f0ac8275adf65eb24 9b97e6068e9c4989bed1565a5658e84cab168e46c05464c9bf1cf9bfa99b91bd Loading...

	lougroan.com/_next/static/chunks/6335.0b3b79af795b69d6.js	41 kB	2024-04-30	2024-05-07
Pretty URL lougroan.com/_next/static/chunks/6335.0b3b79af795b69d6.js IP 172.67.169.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 16:25:39 Last Seen2024-05-07 09:27:07 Times Seen210 Hash 3dfda233d90a10b7c5cc845a44c2eba5 34507226ff3ec0131f1ce7330cf0423172a98aa6 e8507bf3364ac0352dfd4c6e204bc8c7d79e300182f53dd573d433708f7851d9 Loading...

	lougroan.com/_next/static/chunks/webpack-c63afe4326372fa8.js	6.3 kB	2024-04-30	2024-05-07
Pretty URL lougroan.com/_next/static/chunks/webpack-c63afe4326372fa8.js IP 172.67.169.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 16:25:07 Last Seen2024-05-07 09:27:07 Times Seen164 Hash 6755b063bbe76414a7e1ae9cbbcb06c3 837fa01eee3bad11e2c839e1c34d360f15a65350 9298d7a0dcbc9bc7c6c8cd105543200fdeca2bc827bf03600e9257151e926416 Loading...

	lougroan.com/_next/static/pCw5QzD_EB0_mbmsqIUh2/_buildManifest.js	1.6 kB	2024-04-30	2024-05-07
Pretty URL lougroan.com/_next/static/pCw5QzD_EB0_mbmsqIUh2/_buildManifest.js IP 172.67.169.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 19:35:37 Last Seen2024-05-07 09:27:07 Times Seen165 Hash 9b0be0ca64dfcd3470105849ad852e52 686f12cc573767f7acf2253656af0a1930712f02 1eac21475ce5b24fa4383c5e0e2f67c5823986fa2297184968ba91fb0297c6b6 Loading...

	lougroan.com/_next/static/chunks/810.3c8446ab4166aeac.js	3.0 kB	2024-04-26	2024-05-07
Pretty URL lougroan.com/_next/static/chunks/810.3c8446ab4166aeac.js IP 172.67.169.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 17:40:57 Last Seen2024-05-07 09:27:07 Times Seen220 Hash 61131b8a333b875509fbe8f240ff4d62 93b25ff9783f3321a0408cdf69f686f6c439dec0 b01211f54977d65f26a1cf9dd30c9c4e251ad34fc09cfb176259b40af4f0f83d Loading...

	lougroan.com/_next/static/chunks/6037.086d113a52bb6dae.js	1.2 kB	2024-04-26	2024-05-18
Pretty URL lougroan.com/_next/static/chunks/6037.086d113a52bb6dae.js IP 172.67.169.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 08:50:24 Last Seen2024-05-18 11:04:52 Times Seen37 Hash ecb3413a820e90a02da866703decea54 942a5b6bace7e074d7d3f659443ccafc6bab9fdb 164d125334ef313d6b02f2935e8de09924e8df11aa5847daff03dfe893c8ced5 Loading...

	lougroan.com/_next/static/chunks/8904.6fbc0cfd51623cbf.js	925 B	2024-04-09	2024-05-07
Pretty URL lougroan.com/_next/static/chunks/8904.6fbc0cfd51623cbf.js IP 172.67.169.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-09 23:02:31 Last Seen2024-05-07 09:27:07 Times Seen256 Hash 3d657d2d17983fccaac3b0512a0f9460 06faa560e966627855c424e23fbb0bb5aadde083 b9e3997d6a87385dd604b65dfa962fe50944dfc158c2e82c945d6b8664e2f81e Loading...

	lougroan.com/_next/static/chunks/2734.6269ca0cf725ea17.js	4.1 kB	2024-04-24	2024-05-18
Pretty URL lougroan.com/_next/static/chunks/2734.6269ca0cf725ea17.js IP 172.67.169.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 10:54:43 Last Seen2024-05-18 19:16:14 Times Seen492 Hash 48072be51722d2894982d56f13a52372 c1fbbdcb8b12079d61205284dec041f93390f47b b0ab49765bb74cdb8c46c171f3adad413e1934203046a3ca23d4872c892894d5 Loading...

	lougroan.com/_next/static/chunks/5927.37a5338b8ac59a08.js	19 kB	2024-04-25	2024-05-17
Pretty URL lougroan.com/_next/static/chunks/5927.37a5338b8ac59a08.js IP 172.67.169.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 15:50:08 Last Seen2024-05-17 11:53:47 Times Seen625 Hash a385421104bc74c949dc4c6191ef7df9 30827209462e4ce7b901e71b238109574cc117ba 441f4699276f051e940137c231a4d48a7d4a0958ceeae78958482cd8a89663be Loading...

	lougroan.com/_next/static/chunks/2375.8acee6c083146147.js	5.4 kB	2024-04-25	2024-05-18
Pretty URL lougroan.com/_next/static/chunks/2375.8acee6c083146147.js IP 172.67.169.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 23:22:29 Last Seen2024-05-18 11:04:52 Times Seen41 Hash b7eed164f7ab90f807ca06a204f33810 a58a92f443967e0f552d88f5f2a4853dcb584a66 8ec83dcbb23a710a8df315e73059d065c1db40547f8c28d551b66c6b1d62f607 Loading...

	lougroan.com/_next/static/chunks/812.72b1b2774f5e091e.js	13 kB	2024-04-30	2024-05-09
Pretty URL lougroan.com/_next/static/chunks/812.72b1b2774f5e091e.js IP 172.67.169.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 16:25:39 Last Seen2024-05-09 15:45:18 Times Seen301 Hash 4746cb9c76676e766e71dc6aecb5136f bb22c941272fd23ba014218396b7f9eed51e84de faa62724f265c4355b761202cf48980bedbbfa4a8c8c044468e0024ddf1d0059 Loading...

	lougroan.com/_next/static/pCw5QzD_EB0_mbmsqIUh2/_ssgManifest.js	182 B	2024-04-18	2024-05-13
Pretty URL lougroan.com/_next/static/pCw5QzD_EB0_mbmsqIUh2/_ssgManifest.js IP 172.67.169.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 11:58:16 Last Seen2024-05-13 15:57:50 Times Seen453 Hash d78f02cd11637a888af548f5e270c3af 9c90b573305ec9d6d2e7e74837c641a863d991b4 2357fd3fc3972384c0c7a714da244191da43a7bf5d91fd865a30d2deb0b6b517 Loading...

HTTP Transactions (58)

URL IP Response Size

go.smartorfast.com/click?pid=434&offer_id=20016&sub6=Cdb29380c0e4a8&sub2=434_612528&sub4=0&sub5=20016

34.91.234.242

302 Found

0 B

URL User Request GET HTTP/2
go.smartorfast.com/click?pid=434&offer_id=20016&sub6=Cdb29380c0e4a8&sub2=434_612528&sub4=0&sub5=20016
IP
34.91.234.242:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Certificate
IssuerSectigo Limited
Subjectgo.smartorfast.com
FingerprintBA:89:6E:52:8E:15:10:32:B9:38:F7:B5:1D:3D:C1:97:D7:41:3D:9D
ValidityThu, 18 Apr 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?pid=434&offer_id=20016&sub6=Cdb29380c0e4a8&sub2=434_612528&sub4=0&sub5=20016 HTTP/1.1
Host: go.smartorfast.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Sun, 05 May 2024 02:38:40 GMT
content-length: 0
location: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=6636f1305980a00001d36742; expires=Mon, 05 May 2025 02:38:40 GMT; secure; SameSite=None
afoffers={"20016":1714876720}; expires=Mon, 05 May 2025 02:38:40 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2

lougroan.com/_next/static/chunks/6335.0b3b79af795b69d6.js

172.67.169.116

200 OK

19 kB

URL GET HTTP/3
lougroan.com/_next/static/chunks/6335.0b3b79af795b69d6.js
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
JavaScript source, ASCII text, with very long lines (41407), with no line terminators
Size
19 kB (19277 bytes)
Hash
3dfda233d90a10b7c5cc845a44c2eba5
34507226ff3ec0131f1ce7330cf0423172a98aa6
e8507bf3364ac0352dfd4c6e204bc8c7d79e300182f53dd573d433708f7851d9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/6335.0b3b79af795b69d6.js HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-a1bf"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6396
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KaKaRQuuTTd756wYlMpUq%2BsPTZnUltUrgWlUU5C%2F0mk1yX8LD6amxpW1JP4ZY%2FCqTpAfzZ%2F%2BpMdl3UgO%2FjTiWV4MaH1Sxa%2F7b3Pm9egJSLlFDMn1blOU15B701JSzzw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b12c8feb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lougroan.com/_next/static/css/0bc0cde260d08b97.css

172.67.169.116

200 OK

8.9 kB

URL GET HTTP/3
lougroan.com/_next/static/css/0bc0cde260d08b97.css
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
ASCII text, with very long lines (1841), with no line terminators
Size
8.9 kB (8859 bytes)
Hash
ff1d3d5d24ca0172d59b02e7505ddaa1
41e83ee08e21f369886b0fdad0ba01d8b20897b6
939b17f98d9d3585510edafa70c73c6619ea20d9b401b4396041272bed67ecf6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/css/0bc0cde260d08b97.css HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1843
etag: W/"6631038c-733"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6396
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IWerYYd9Rq4iQmmRUfh0Dw%2BoEWQ9fVQaP4f6xIzxO%2Bh4oZ8ZTstz%2Ffxis5uRpdBlAqSUYBvVFvQCjaYNn4GaPqLtqSU1tNUBfXMWFPrVXMHf2Fu%2BpftCSkXtG%2FuggsU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b12c8f6b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lougroan.com/_next/static/chunks/main-beb6af9e60a8e042.js

172.67.169.116

200 OK

38 kB

URL GET HTTP/3
lougroan.com/_next/static/chunks/main-beb6af9e60a8e042.js
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
38 kB (38293 bytes)
Hash
49c6f57370e917bd37dc7d4d4d0bdb56
f5b56f5b9498f3500055c5614808903d85303991
0409ec519061477c75738733ce598796a11cd445e95df1cd3e72d0ef58136fd4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/main-beb6af9e60a8e042.js HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=108887
etag: W/"6631038c-1a957"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6396
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3HESk9d%2FBd3VUP81swKu5kr8d2o8vVDqm9yMJV505zGEpfZyUyE9iTAgQbms1czVUIjFDplxnlfCKsRisP4KN1mW4lac6uZ1hN4%2FgFKkrfmFaVRDHlvcNNZReqAWTdg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b12d908b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lougroan.com/_next/static/chunks/4981.3c1daeeee82e08ea.js

172.67.169.116

200 OK

12 kB

URL GET HTTP/3
lougroan.com/_next/static/chunks/4981.3c1daeeee82e08ea.js
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
JavaScript source, ASCII text, with very long lines (21617), with no line terminators
Size
12 kB (12413 bytes)
Hash
e5a18eccb2797e5391d6ce697f63eaba
fd0cfa9d1d8af22b690973928c5d65b6be83389b
865d0997740868b6c2804f1949e997d55baffc23023235d8af966f8b999c2b84

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/4981.3c1daeeee82e08ea.js HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-5471"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6396
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FNJn7z417j3MIlH7J08%2FmYEod5RTpf%2Fyxvbe%2FoeT5m4bKvMAO4HVJ8lCkPb0AkhGg6uNdCvFDK4dNtRUk9TsMNluJbzTzR7nm2Susho12MTohwEHGIiLx6KsLOkWkQ8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b12c8fab4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lougroan.com/_next/static/chunks/2090-519478c186a3d867.js

172.67.169.116

200 OK

4.7 kB

URL GET HTTP/3
lougroan.com/_next/static/chunks/2090-519478c186a3d867.js
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
JavaScript source, ASCII text, with very long lines (10752), with no line terminators
Size
4.7 kB (4742 bytes)
Hash
37545926cc9a6e537b9f3e95d7a16c1e
c3cbfe1f9737817eda25770274e97feaf6b8cc68
d3ccc772608b2a03a543da22715903e2b6e2c14c42c2f475a0f483ac3cd64b37

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/2090-519478c186a3d867.js HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-2a00"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6396
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h4dMgRLIz5qggHx0s6uu7kQOlwvQunyg24JmPmKhBu5atujgfpzz4i3tF%2FMLwh0DF6wCD0YZhj491ZF3lXjzL8FI7NPu9Ko4nruMCaPVTMC0soNw49daxQta8lbFGig%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b12e90eb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lougroan.com/_next/static/chunks/webpack-c63afe4326372fa8.js

172.67.169.116

200 OK

8.4 kB

URL GET HTTP/3
lougroan.com/_next/static/chunks/webpack-c63afe4326372fa8.js
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
JavaScript source, ASCII text, with very long lines (6261), with no line terminators
Size
8.4 kB (8399 bytes)
Hash
6755b063bbe76414a7e1ae9cbbcb06c3
837fa01eee3bad11e2c839e1c34d360f15a65350
9298d7a0dcbc9bc7c6c8cd105543200fdeca2bc827bf03600e9257151e926416

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/webpack-c63afe4326372fa8.js HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-1875"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6396
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FuC3zkBHrI8A3HKMAZ8QzGGUs87QmLnZJ5SMVviOLOkYyt1blbL8pTjj34WfGTtvsSQocU8xF5MgTFUr3vtYbsPtIE7EC4aGB6Oz%2FlOO5JwBAFeIsc0yxB5pT%2FeCp50%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b12d903b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lougroan.com/_next/static/pCw5QzD_EB0_mbmsqIUh2/_ssgManifest.js

172.67.169.116

200 OK

606 B

URL GET HTTP/3
lougroan.com/_next/static/pCw5QzD_EB0_mbmsqIUh2/_ssgManifest.js
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
ASCII text, with no line terminators
Size
606 B (606 bytes)
Hash
d78f02cd11637a888af548f5e270c3af
9c90b573305ec9d6d2e7e74837c641a863d991b4
2357fd3fc3972384c0c7a714da244191da43a7bf5d91fd865a30d2deb0b6b517

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/pCw5QzD_EB0_mbmsqIUh2/_ssgManifest.js HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-b6"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6396
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CNxElLoQIK0yjHMNdBrsZYHlxsBwphfjVe8P9hKuIieOpVwupf3i1u3uKywAz9wyrprob6ZOs0IoM9pQSyxDcyukSYA5eg1V7vGsEZZkmqyOX%2FAT3j36y%2FWBBj4Gb4I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b12f920b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lougroan.com/img/comments/finance-survey-people/person-4.webp

172.67.169.116

200 OK

1.8 kB

URL GET HTTP/3
lougroan.com/img/comments/finance-survey-people/person-4.webp
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
1.8 kB (1798 bytes)
Hash
5dc160f6b521dc8f6c670b140b354fed
22e15cda82b532067b99932ec28f86ea2cc1ecbc
09c6c6de57458ec0c4e7a3d2375e0c7b9c037de9366b63e3685cc0ca94d838b4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/comments/finance-survey-people/person-4.webp HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: image/webp
content-length: 1798
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: "6631038c-706"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1941
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lhFh1V3OW9i0WqicKQC%2BWQ2Na4HLZVEGXE1Ad%2BRr8scitCzwN%2ByY%2BWR0JJ5Y9fu9pvWKFWYq6GOotY84bKUQ8MRIO3dZUOsiq8zLwi5RayD%2FyoSZhb48R5BW8Y5u%2FTA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b15ca2cb4ee-OSL
alt-svc: h3=":443"; ma=86400

lougroan.com/img/comments/finance-survey-people/person-3.webp

172.67.169.116

200 OK

1.5 kB

URL GET HTTP/3
lougroan.com/img/comments/finance-survey-people/person-3.webp
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
1.5 kB (1454 bytes)
Hash
a747d227c2e10b5178fd942484301d7a
b3c5cf90dd5fd2c26c7b17dcb2d35b6dd47065be
9f4fb1281b7141b9dd48925953f7b039b6c411ea0e6e5b158d3e000d75316e9f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/comments/finance-survey-people/person-3.webp HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: image/webp
content-length: 1454
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: "6631038c-5ae"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2474
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cj7TYFgyKr%2FhP5Q8hWZ%2FSmvcabfLX0epU1qfUuOVAJV8X%2BYz5eo1pc2zFj1QI982N8j6fa3oxX2u35Og3oGXrgf0C0jLDBICvn7Nhq1O3s7llfT6v1oCXgqwaxuDaaI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b15ca32b4ee-OSL
alt-svc: h3=":443"; ma=86400

lougroan.com/img/comments/finance-survey-people/person-1.webp

172.67.169.116

200 OK

1.4 kB

URL GET HTTP/3
lougroan.com/img/comments/finance-survey-people/person-1.webp
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
1.4 kB (1402 bytes)
Hash
c5da2ea294623650bae71fc84401cf60
f1f62ea011cf81953cefe28254c134e992453b91
09a846c5b1af2c6100ff3193789be1e0e21ba9fc45c268f76f2007c78f1e4ac1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/comments/finance-survey-people/person-1.webp HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: image/webp
content-length: 1402
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: "6631038c-57a"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6396
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q71unploqZfViviDPspcZh2Suh%2F8nRxspcpmMBu%2Bfeh1DaOKcOk7eFUEp5IaTsQDFZRgXzCFxxDEVJvKBXN0C8Axq9kj%2B6npYw4hJcM5PQfEG6%2FqRXW2d8ozumwOO3g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b15ca34b4ee-OSL
alt-svc: h3=":443"; ma=86400

lougroan.com/_next/static/chunks/6223.36a8be3b6724c1ee.js

172.67.169.116

200 OK

1.6 kB

URL GET HTTP/3
lougroan.com/_next/static/chunks/6223.36a8be3b6724c1ee.js
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
JavaScript source, ASCII text, with very long lines (3822), with no line terminators
Size
1.6 kB (1572 bytes)
Hash
c1f7e2120e9f45cf822bbe5e23ab5711
e5ab7ffa55c8122915c064b4e81387ff71ca018c
492f9bfb9b36328df2670323687dbb0d0ac9499199fe5bac3c7eb91dde9a34aa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/6223.36a8be3b6724c1ee.js HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-eee"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2835
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9tIQOnKJao5ua7%2FLoI%2FhSXDC9UtLexwPoOP4TyIea46txccIDeijLVnOIbLdWFrpnFXhhCMMmt50%2Bhi3r3WtQh5OqWxJf1O%2FkJghmSqywRk5e%2BqFSdO0fbhQp7RLQyk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b14197ab4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

arleavannya.com/sync-metrics

139.45.197.248

200 OK

17 B

URL POST HTTP/2
arleavannya.com/sync-metrics
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerLet's Encrypt
Subjectarleavannya.com
Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47
ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT

File type
JSON text data
Size
17 B (17 bytes)
Hash
5b64e8b89092b2e3dfd448b10700627f
484b3032619fa1acd135d114565b0a5166281c22
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lougroan.com/
Content-Type: application/json
Content-Length: 368
Origin: https://lougroan.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: aeb105bc1e4a73bca8871600dec36920
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://lougroan.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

lougroan.com/_next/static/chunks/1754.983ed55293c299ce.js

172.67.169.116

200 OK

2.4 kB

URL GET HTTP/3
lougroan.com/_next/static/chunks/1754.983ed55293c299ce.js
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
JavaScript source, ASCII text, with very long lines (12711), with no line terminators
Size
2.4 kB (2391 bytes)
Hash
aaadd1fe7166e1641b80d4a871e91a77
44dd71230caa2b99dbe1a804fb3e444fa2dd8255
918408a27b1ee2472daf8940c82be10db3c347bf9111c15eb4b23bd34600153a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/1754.983ed55293c299ce.js HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-31a7"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6396
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TM%2BxHXobGh6VqMLLMI%2Bw2s%2BWuHWqLUrUu8MxWURyMA5L3QMEo8DsQhF7I6Ty5DuhyKs7dsRn%2BdQp%2BLGvGnhSsEaxNZbAfp0yfV0QQxwvNKlPnR5PnG1%2FWafm4t2vibY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b15fa43b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

arleavannya.com/sync-metrics

139.45.197.248

200 OK

17 B

URL POST HTTP/2
arleavannya.com/sync-metrics
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerLet's Encrypt
Subjectarleavannya.com
Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47
ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT

File type
JSON text data
Size
17 B (17 bytes)
Hash
5b64e8b89092b2e3dfd448b10700627f
484b3032619fa1acd135d114565b0a5166281c22
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lougroan.com/
Content-Type: application/json
Content-Length: 388
Origin: https://lougroan.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 1d111fe9541f1be79ac1cd3bab31d1be
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://lougroan.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

lougroan.com/favicon.ico

172.67.169.116

204 No Content

0 B

URL GET HTTP/3
lougroan.com/favicon.ico
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Cookie: OAID=kkzpghlwfqw1b3cp69rfpa1rvzuzdlxd; syncedCookie=true; oaidts=1714876721
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Sun, 05 May 2024 02:38:41 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4971
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D8o8ZCirDAjqixNqVBEUdDJATWgeIUHh%2FfSzy3yTGPjfD3U9wdXevXgH0DyC7K3c4hhrMX3qxGpeDcx9tPB56k7rESH1hKp6I1VXFI4UftQJDy3d6LDjWtSzVo0HT8w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ed5b16eaa5b4ee-OSL
alt-svc: h3=":443"; ma=86400

lougroan.com/_next/static/chunks/812.72b1b2774f5e091e.js

172.67.169.116

200 OK

16 kB

URL GET HTTP/3
lougroan.com/_next/static/chunks/812.72b1b2774f5e091e.js
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
JavaScript source, ASCII text, with very long lines (13123), with no line terminators
Size
16 kB (15817 bytes)
Hash
4746cb9c76676e766e71dc6aecb5136f
bb22c941272fd23ba014218396b7f9eed51e84de
faa62724f265c4355b761202cf48980bedbbfa4a8c8c044468e0024ddf1d0059

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/812.72b1b2774f5e091e.js HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-3343"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6396
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gUVKlLWrO1EtENufYTifXGmEp2r2vjCCYbe4Xvr1dKSL7cm7Z7P24mMSDZ8TquzkG8z%2FVnUHHwlQgUJO04%2FHgewuBRVxaiBYmSpr1Id8zMZptOirmN20%2BddKVubHFkw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b12c8f8b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lougroan.com/_next/static/chunks/framework-8940d626f3bfb7e9.js

172.67.169.116

200 OK

23 kB

URL GET HTTP/3
lougroan.com/_next/static/chunks/framework-8940d626f3bfb7e9.js
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
JavaScript source, ASCII text, with very long lines (25995), with no line terminators
Size
23 kB (23107 bytes)
Hash
33a34c525e2bee14a166fe1289835308
4afb650772181930d19dca9a41490beea5087932
bebac61ce044debeb2025b1fbf1c95f1b9a4bc97d0702676dea22b0bb689b555

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/framework-8940d626f3bfb7e9.js HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-658b"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6396
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iGMPrX%2BsXgP%2Bak5gpLuoqcwbkCfUNbJYAlvr2cfM6KLyVWwEGOFjp%2BgBHw9bhl1%2B%2FvpTnwych8qD8f7SrIAvPlLbXikIovLM1rz198HNQLwZmcEEZm8rV9arv5P60rI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b12d905b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

arleavannya.com/sync-do

139.45.197.248

200 OK

0 B

URL OPTIONS HTTP/2
arleavannya.com/sync-do
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerLet's Encrypt
Subjectarleavannya.com
Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47
ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /sync-do HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://lougroan.com/
Origin: https://lougroan.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 02:38:41 GMT
content-length: 0
access-control-allow-origin: https://lougroan.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

arleavannya.com/sync-do

139.45.197.248

200 OK

179 B

URL OPTIONS HTTP/2
arleavannya.com/sync-do
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerLet's Encrypt
Subjectarleavannya.com
Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47
ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT

File type
JSON text data
Size
179 B (179 bytes)
Hash
081142aa1c9267422ee7fd25ac457579
cf8a223610da412aab4cc9aec68f6f304258b3ce
58084d495376ed2e41f026c352cabb187129c58109f2b15caeb1a539deb2cd19

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /sync-do HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lougroan.com/
Content-Type: application/json
Content-Length: 161
Origin: https://lougroan.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/json; charset=utf-8
content-length: 179
x-trace-id: 0936564a4f773ee6c5934126f1fe4bd9
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://lougroan.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=c9dbe661-5341-408c-bed0-9a132c805e6e

37.48.68.71

200 OK

12 B

URL POST HTTP/1.1
datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=c9dbe661-5341-408c-bed0-9a132c805e6e
IP
37.48.68.71:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerSectigo Limited
Subjectdatatechonert.com
Fingerprint3F:E1:50:2C:9F:FC:F9:37:03:E3:B6:34:00:06:89:69:01:E7:C3:27
ValiditySun, 10 Dec 2023 00:00:00 GMT - Mon, 23 Dec 2024 23:59:59 GMT

File type
JSON text data
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

HTTP Headers

POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=c9dbe661-5341-408c-bed0-9a132c805e6e HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1417
Origin: https://lougroan.com
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sun, 05 May 2024 02:38:41 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://lougroan.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

lougroan.com/zone?&pub=0&zone_id=6679105&is_mobile=false&domain=lougroan.com&var=6222300&ymid=434_612528&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=882c9d45-56b5-4869-b551-7d906f700b63&action=prerequest

172.67.169.116

200 OK

0 B

URL POST HTTP/3
lougroan.com/zone?&pub=0&zone_id=6679105&is_mobile=false&domain=lougroan.com&var=6222300&ymid=434_612528&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=882c9d45-56b5-4869-b551-7d906f700b63&action=prerequest
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /zone?&pub=0&zone_id=6679105&is_mobile=false&domain=lougroan.com&var=6222300&ymid=434_612528&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=882c9d45-56b5-4869-b551-7d906f700b63&action=prerequest HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lougroan.com
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Cookie: OAID=kkzpghlwfqw1b3cp69rfpa1rvzuzdlxd; syncedCookie=true; oaidts=1714876721
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:42 GMT
content-length: 0
x-trace-id: fae4df9a6c88f66113b96964916c6026
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://lougroan.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tY4dvYF4VI%2F58hRsFvPb%2B1t9KfemdQj6ez2TS4uRpg7kLf%2BPKBH%2FWNzE%2FlbQ8%2BzJQhREYcouzyJi04DBU62QeunQ3WfDi%2B3ftmNaJS0uhKjVvXpX%2FwiK%2FU4iykh920w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b180b1cb4ee-OSL
alt-svc: h3=":443"; ma=86400

lougroan.com/custom

172.67.169.116

200 OK

545 B

URL POST HTTP/3
lougroan.com/custom
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
JSON text data
Size
545 B (545 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /custom HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 385
Origin: https://lougroan.com
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Cookie: OAID=kkzpghlwfqw1b3cp69rfpa1rvzuzdlxd; syncedCookie=true; oaidts=1714876721
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-trace-id: 9b8f1ce46fa877c5815065f0ec64c885
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://lougroan.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ya3AKjv9%2FcKwkSqtA%2F7sV4Bl1Y1rthlh2abHjhLyVwF%2F0HwNql1%2Bx%2BMdRIeMLZrRtyPJd4U0h3LP361ohNZXLbFZhebB2zcgjmBArxjh%2FXXzTmXYepD%2BGaEE94cqPGY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b180b1bb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://lougroan.com/
Origin: https://lougroan.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 02:38:42 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://lougroan.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
7a2784aaec12ad40f405a0798bce9a13
8d00f2cec8c798a576059f114715f43aab107faf
80214705bdb7fb941ecbeb9229e7c10d534e0b713358eb141bbeb7dbcb5a88cc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lougroan.com/
Content-Type: application/json
Content-Length: 1798
Origin: https://lougroan.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 02:38:42 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://lougroan.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://lougroan.com/
Origin: https://lougroan.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 02:38:42 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://lougroan.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

lougroan.com/zone?&pub=0&zone_id=6679107&is_mobile=false&domain=lougroan.com&var=6222300&ymid=434_612528&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=7a1a3e77-49d1-423d-8517-0f11179f5f16&action=prerequest

172.67.169.116

200 OK

0 B

URL POST HTTP/3
lougroan.com/zone?&pub=0&zone_id=6679107&is_mobile=false&domain=lougroan.com&var=6222300&ymid=434_612528&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=7a1a3e77-49d1-423d-8517-0f11179f5f16&action=prerequest
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /zone?&pub=0&zone_id=6679107&is_mobile=false&domain=lougroan.com&var=6222300&ymid=434_612528&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=7a1a3e77-49d1-423d-8517-0f11179f5f16&action=prerequest HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lougroan.com
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Cookie: OAID=kkzpghlwfqw1b3cp69rfpa1rvzuzdlxd; syncedCookie=true; oaidts=1714876721
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:42 GMT
content-length: 0
x-trace-id: 113cf9904613d884e45281c98bafbe51
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://lougroan.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k8ah%2Bv0ksCiXoyygiw6JUNkcpjzXRoigXjkK7%2Bok0VEQz0xagP7doTeZ%2FMvH9P49zuSSvzbfieyfRj%2BO4An3jJaepvIapaW84FYVjkSrPYJp1AQOUBuI1lTnO4k0hlg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b193b91b4ee-OSL
alt-svc: h3=":443"; ma=86400

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
e6c01273b2cea68455741fda536aa962
6d8017827ef69e39be50884a96677f26cfc5ab2a
d229b7d7a8181b4d73f2d15423dabe56dfc61b44b4d17e367204068a269c98ff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lougroan.com/
Content-Type: application/json
Content-Length: 1888
Origin: https://lougroan.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 02:38:42 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://lougroan.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

lougroan.com/sw/universal.js?var=6222300&ymid=434_612528&ab2_ttl=5184000&zoneId=6679105

172.67.169.116

200 OK

7.9 kB

URL GET HTTP/3
lougroan.com/sw/universal.js?var=6222300&ymid=434_612528&ab2_ttl=5184000&zoneId=6679105
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
ASCII text
Size
7.9 kB (7941 bytes)
Hash
3720f9cee1df8fca36fe99491eab215b
1705d72778aac160278f15d86a8d1aa2bac785bf
08c09c04a09d4a2fe27fc50189a08f18cfe108a3b966d4a36c77819275c0d81d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sw/universal.js?var=6222300&ymid=434_612528&ab2_ttl=5184000&zoneId=6679105 HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Cookie: OAID=kkzpghlwfqw1b3cp69rfpa1rvzuzdlxd; syncedCookie=true; oaidts=1714876721
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:42 GMT
content-type: application/javascript
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: W/"6631038c-5b2"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vhJy4BuBz13DctHn%2F%2FvhzX45qYvLENagoFo3v2lF5zQsyZJJEtj3huEPv6xPuLHqunthpflbkkospNJkPjAkIihecfMsRmcUeOBpanwfoBWDrWVq0tzqn%2F3I6gHnOzI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b180b19b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lougroan.com/track?dry=false&request_var=434_612528&oaid=kkzpghlwfqw1b3cp69rfpa1rvzuzdlxd&os_version=&var=6222300&var_3=&var_4=&variable2=6636f1305980a00001d36742&ymid=434_612528&z=6222300&offer_id=7636

172.67.169.116

200 OK

6.3 kB

URL GET HTTP/3
lougroan.com/track?dry=false&request_var=434_612528&oaid=kkzpghlwfqw1b3cp69rfpa1rvzuzdlxd&os_version=&var=6222300&var_3=&var_4=&variable2=6636f1305980a00001d36742&ymid=434_612528&z=6222300&offer_id=7636
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
JSON text data
Size
6.3 kB (6326 bytes)
Hash
c041e6c40775f55e219e662eaa71a71d
e1b527a180dccc7f695b8f449c4f717037974c47
b4a89d9e206bf6b2be180303ee1cbe71cf0a008e960cca59dcb8654e7f371aac

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /track?dry=false&request_var=434_612528&oaid=kkzpghlwfqw1b3cp69rfpa1rvzuzdlxd&os_version=&var=6222300&var_3=&var_4=&variable2=6636f1305980a00001d36742&ymid=434_612528&z=6222300&offer_id=7636 HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
DNT: 1
Connection: keep-alive
Cookie: OAID=kkzpghlwfqw1b3cp69rfpa1rvzuzdlxd; syncedCookie=true; oaidts=1714876721
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/json
vary: Accept-Encoding
x-trace-id: aeb99fe212789d024de353f0ce25fa64
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://lougroan.com/
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A6UjSM8HfltUNiB4mymEH4%2BCQEfoaxpoBEpAkqM0w87RGj2vnr%2B5O7Ve3CsTBZjpF3oZGXNC8KTGlBOoZrrWwsoPas89mtlqVuKPQCV5Fp8QBlCGE1duHIoEInUpYBk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b173abcb4ee-OSL
alt-svc: h3=":443"; ma=86400

lougroan.com/_next/static/chunks/86.1605512c42332a2f.js

172.67.169.116

200 OK

2.8 kB

URL GET HTTP/3
lougroan.com/_next/static/chunks/86.1605512c42332a2f.js
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
JavaScript source, ASCII text, with very long lines (2908), with no line terminators
Size
2.8 kB (2846 bytes)
Hash
f7cb4f746f2cabc625d1ab452426c2e5
32f7f8a18c1d477a41291637019374bd4d722df9
6e3c489f8505040ae3a765d615dd63b8e385d2baeecd0ba58a2da9bf079b1a9a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/86.1605512c42332a2f.js HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-b1e"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6396
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JRH01chyEm8oaVR0m9HHsLJxcNiIlN9u302Xj9u9q%2BR6rmQSk6fxhQOqQtGrkcQYoI1dBRkMp9wLnZjZxKwyJRq8D2dGBAWalsOIq77Zg%2B1QCsnJkltobMRQ%2F6nk4v8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b141976b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lougroan.com/_next/static/chunks/6037.086d113a52bb6dae.js

172.67.169.116

200 OK

1.2 kB

URL GET HTTP/3
lougroan.com/_next/static/chunks/6037.086d113a52bb6dae.js
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
JavaScript source, ASCII text, with very long lines (1240), with no line terminators
Size
1.2 kB (1216 bytes)
Hash
4c5f50c10ca520ba5c17c96557452e7a
a772f8756a93e5f2fb01e88f5f3856b5523ab97e
7cdd71c93dd078d4ba57cc70f3a6ac739ce902054d5cfba3b1a810d3d3e709bb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/6037.086d113a52bb6dae.js HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-4c0"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6396
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DciT7P23hA5HmMmXld9lpkux4W3L%2F%2FXWt9StxX9L0ljOXH4QPyUs%2B1fUrEq8ciqIsuLsncgHne1ejbs%2FkS5dUahBq0D4uujvFYq%2BqIX5uJfycSxoKiQGf3o%2FhjYBCAc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b14197cb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lougroan.com/_next/static/chunks/3183.fd81600fd1ec408a.js

172.67.169.116

200 OK

20 kB

URL GET HTTP/3
lougroan.com/_next/static/chunks/3183.fd81600fd1ec408a.js
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
JavaScript source, ASCII text, with very long lines (19691), with no line terminators
Size
20 kB (19691 bytes)
Hash
7d35150b72e355e4ea7f1b364b4574fd
93a57b00bfe34fc0b09a4f2fefc438b699855144
17fef67045896f5900aea086d8c13b5a07409942fbac3180c6a8bfe66e86fea9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/3183.fd81600fd1ec408a.js HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-4ceb"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6396
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ruNIRtn%2FzvvP%2FGooNy0xnR7xH%2FCr%2BMz%2FMfxZV%2F9LNPeXcqIy0T26IPZaDhA6EzUThgQ%2BlUIdLdT3xs8acDHLenKKGNXclw%2B6jkn%2FCoxpBCbevGL%2B5IyvoyesewW%2B2iY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b12c8fdb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lougroan.com/rotate?zz=4292525%3B5128285%3B4326652%3B4949467%3B5381241%3B5381316%3B5381307%3B5381339&var=6222300&ymid=434_612528&ab2r=&var_3=&var_4=&os_version=&uid=kkzpghlwfqw1b3cp69rfpa1rvzuzdlxd

172.67.169.116

200 OK

5.0 kB

URL GET HTTP/3
lougroan.com/rotate?zz=4292525%3B5128285%3B4326652%3B4949467%3B5381241%3B5381316%3B5381307%3B5381339&var=6222300&ymid=434_612528&ab2r=&var_3=&var_4=&os_version=&uid=kkzpghlwfqw1b3cp69rfpa1rvzuzdlxd
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (5043), with no line terminators
Size
5.0 kB (4999 bytes)
Hash
ed5028b59d9ccec83f181ea797a3b9b2
a92d03953573c7f73be5af6ea96bdb140658eb0d
26d9aa5fb2053befb7ec3e499de90192a33b45209e6b7584361099830954403b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rotate?zz=4292525%3B5128285%3B4326652%3B4949467%3B5381241%3B5381316%3B5381307%3B5381339&var=6222300&ymid=434_612528&ab2r=&var_3=&var_4=&os_version=&uid=kkzpghlwfqw1b3cp69rfpa1rvzuzdlxd HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
DNT: 1
Connection: keep-alive
Cookie: OAID=kkzpghlwfqw1b3cp69rfpa1rvzuzdlxd; syncedCookie=true; oaidts=1714876721
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:42 GMT
content-type: application/javascript
vary: Accept-Encoding, Origin
x-trace-id: a4b39c94c2e74ecc06276c5abbf9f17a
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
timing-allow-origin: *
access-control-allow-origin: https://lougroan.com/
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
set-cookie: OAID=kkzpghlwfqw1b3cp69rfpa1rvzuzdlxd; expires=Mon, 05 May 2025 02:38:42 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uC3IHYO2lp10vUyfRlUYM2Lv1sm3vkaJwQIxaQ5eOoLmP8QgOEnJoGPzwJrWYKoqt3%2BzAi6veUNbeVNEynTFY3b2zlF2BFXsByBBKZn6hvyVvfcupkEqyNcHAXhr%2B6U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b173abdb4ee-OSL
alt-svc: h3=":443"; ma=86400

lougroan.com/_next/static/chunks/810.3c8446ab4166aeac.js

172.67.169.116

200 OK

3.0 kB

URL GET HTTP/3
lougroan.com/_next/static/chunks/810.3c8446ab4166aeac.js
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
JavaScript source, ASCII text, with very long lines (3075), with no line terminators
Size
3.0 kB (2997 bytes)
Hash
89aad15398a24ec92ac08d6463d4908a
2d0cb315034a49a9911b5e2944032eebd24dd191
4ca508ccfb1bf3aecb96b235882533a777359352dad1ddf4f13e6986bc548870

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/810.3c8446ab4166aeac.js HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-bb5"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6396
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zcw%2Ff6okZBF%2FwJUzq65uBWYkyRWUHR1l%2BefnNwUVimtKF8ptKQJMvI%2FY7mdlMrPnTGZV7%2F3N1AWF33ta60BNPAPlv3T1vwa%2FGpdpfqCk9peOuU9HMxbG8u0xkj2PhsI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b141978b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lougroan.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=6222300&ymid=434_612528&b=&campaignid=&click_id=&ab2r=&rhd=1&var_3=&oaid=kkzpghlwfqw1b3cp69rfpa1rvzuzdlxd&os_version=&btz=UTC&bto=0&z=6679105&cdn=1&domain=lougroan.com&ab2=&ab2_ttl=5184000

172.67.169.116

200 OK

37 kB

URL GET HTTP/3
lougroan.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=6222300&ymid=434_612528&b=&campaignid=&click_id=&ab2r=&rhd=1&var_3=&oaid=kkzpghlwfqw1b3cp69rfpa1rvzuzdlxd&os_version=&btz=UTC&bto=0&z=6679105&cdn=1&domain=lougroan.com&ab2=&ab2_ttl=5184000
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
JavaScript source, ASCII text, with very long lines (37142), with no line terminators
Size
37 kB (37142 bytes)
Hash
32d6dbd00a639e2cd10d1704b9159bd5
0dab4c95675393f1d0e13d20f13d80ee12e41d95
9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=6222300&ymid=434_612528&b=&campaignid=&click_id=&ab2r=&rhd=1&var_3=&oaid=kkzpghlwfqw1b3cp69rfpa1rvzuzdlxd&os_version=&btz=UTC&bto=0&z=6679105&cdn=1&domain=lougroan.com&ab2=&ab2_ttl=5184000 HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Cookie: OAID=kkzpghlwfqw1b3cp69rfpa1rvzuzdlxd; syncedCookie=true; oaidts=1714876721
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:49:22 GMT
vary: Accept-Encoding
etag: W/"662a3532-9116"
access-control-allow-credentials: true
cache-control: max-age=1800
pragma: no-cache
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KigXNV9cPvfDw6iwjglT9BDl%2F456zlx%2BBO7KwghMELLDBleDSLXEXS74DQF%2FmQy6b1eLqGXc5BOBPKmv0LsRn5tcjojajaOgzjNrSfC%2BBd7vOcPDYaqpkfRZwMD%2FX1s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b173abeb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lougroan.com/_next/static/chunks/7903-dd238946c7924507.js

172.67.169.116

200 OK

32 kB

URL GET HTTP/3
lougroan.com/_next/static/chunks/7903-dd238946c7924507.js
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
JavaScript source, ASCII text, with very long lines (31896), with no line terminators
Size
32 kB (31896 bytes)
Hash
b5dd343db67bd22544d11da18268f5c3
069b5b221dd75af58d93192460778b3d07835e74
6347f1d4083f7a0a2ac3d8b12aae8832d9ea6914aa6e137d16a4d41869d14ea5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/7903-dd238946c7924507.js HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-7c98"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6396
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ihSXG%2BAWDKmL%2BAiYudVCGla%2FISx57GABYTs3euO4DI8PlVrIJl%2BmtY97SLXg6UcTKfFDQTSKk%2BTTl8ZI0WN6vAZuyS0VV%2BucWrzXOxz%2FNOZcawxD%2BFWrYD0CwJxaVjA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b12d90cb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lougroan.com/_next/static/chunks/2734.6269ca0cf725ea17.js

172.67.169.116

200 OK

4.1 kB

URL GET HTTP/3
lougroan.com/_next/static/chunks/2734.6269ca0cf725ea17.js
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
JavaScript source, ASCII text, with very long lines (4219), with no line terminators
Size
4.1 kB (4147 bytes)
Hash
98132c6c771aec065d3ab61e5c8c0f53
56484dafed6218ea17ef047fc8cd4c5a342c1890
ae09486720d6d4764b5126f0e26414962ee83eeebdc05db588bb7d86855e8b23

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/2734.6269ca0cf725ea17.js HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-1033"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6396
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wTOdGGHLY2NJTvmiLDRkqwezwNzn1IBL8oBWQOVDmrS3Or%2FU2Tcyd2r4G%2BQKu%2BGBjcnDTCOjR%2Fb9PBoGa%2BP5%2Fk49d1X4AfSXFX5l45G1QJD34bz3H4Dk2J2rILCYPJs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b140974b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lougroan.com/_next/static/chunks/9270.11c63feb0694543d.js

172.67.169.116

200 OK

11 kB

URL GET HTTP/3
lougroan.com/_next/static/chunks/9270.11c63feb0694543d.js
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
JavaScript source, ASCII text, with very long lines (10691), with no line terminators
Size
11 kB (10691 bytes)
Hash
01ead0d6c1755cb5c26d0f26bf52678a
046ec4186ad3a9df0240837f0ac8275adf65eb24
9b97e6068e9c4989bed1565a5658e84cab168e46c05464c9bf1cf9bfa99b91bd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/9270.11c63feb0694543d.js HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-29c3"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6396
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cpl16iYkEKx7kxSxtvKdub03QqRmChHpBqoCQv%2FfM5QBqZD5e1jT5sZ9GeiKr%2BYaE6cprjwwNLpmREQAECdCnyJh8ma5HDf6FDBebT08E%2BAHbYEUjVx0%2BoLYEOE2TGg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b1489b4b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lougroan.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=6222300&ymid=434_612528&b=&campaignid=&click_id=810814261229786272&ab2r=&rhd=1&var_3=&oaid=kkzpghlwfqw1b3cp69rfpa1rvzuzdlxd&os_version=&btz=UTC&bto=0&z=6679107&cdn=1&domain=lougroan.com&ab2=&ab2_ttl=5184000

172.67.169.116

200 OK

37 kB

URL GET HTTP/3
lougroan.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=6222300&ymid=434_612528&b=&campaignid=&click_id=810814261229786272&ab2r=&rhd=1&var_3=&oaid=kkzpghlwfqw1b3cp69rfpa1rvzuzdlxd&os_version=&btz=UTC&bto=0&z=6679107&cdn=1&domain=lougroan.com&ab2=&ab2_ttl=5184000
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
JavaScript source, ASCII text, with very long lines (37142), with no line terminators
Size
37 kB (37142 bytes)
Hash
32d6dbd00a639e2cd10d1704b9159bd5
0dab4c95675393f1d0e13d20f13d80ee12e41d95
9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=6222300&ymid=434_612528&b=&campaignid=&click_id=810814261229786272&ab2r=&rhd=1&var_3=&oaid=kkzpghlwfqw1b3cp69rfpa1rvzuzdlxd&os_version=&btz=UTC&bto=0&z=6679107&cdn=1&domain=lougroan.com&ab2=&ab2_ttl=5184000 HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Cookie: OAID=kkzpghlwfqw1b3cp69rfpa1rvzuzdlxd; syncedCookie=true; oaidts=1714876721
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:42 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:49:22 GMT
vary: Accept-Encoding
etag: W/"662a3532-9116"
access-control-allow-credentials: true
cache-control: max-age=1800
pragma: no-cache
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v3duh9lM5qlbK56yRwpN7CmB86tFMAdPT%2BZdZomTtbzhb079SJyIVSbO8W0edpcSjJFBWmczkSQrMtFzIqMOJekyejF5GtfgtoNo%2FuolDyCrfud7frCQy9n2HSv1ar8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b185b3eb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

adbluemirror1.click/o/612528/53328360?s1=

172.67.175.217

200 OK

680 B

URL User Request GET HTTP/2
adbluemirror1.click/o/612528/53328360?s1=
IP
172.67.175.217:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectadbluemirror1.click
FingerprintDE:3D:16:EE:D7:28:C4:7A:70:FA:3A:FA:B5:51:82:BE:BC:65:01:8C
ValiditySun, 21 Apr 2024 03:51:39 GMT - Sat, 20 Jul 2024 03:51:38 GMT

File type
JavaScript source, ASCII text, with very long lines (701), with no line terminators
Size
680 B (680 bytes)
Hash
1299be192f1ce64ceee04a9ecece330e
63b5e70704da1b60638074e98ba02375cc315ac6
426ff4ac036b91165b4b180f400fea390ded1e9a8cf1c6511831eabbfa3fc06f

HTTP Headers

GET /o/612528/53328360?s1= HTTP/1.1
Host: adbluemirror1.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 02:38:40 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.11
set-cookie: dynamo_v_id=Vdb2e216e39f7b; expires=Mon, 06-May-2024 02:38:39 GMT; Max-Age=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jj7LnnzRQVSIOi39ax636bSX2QXeQYUXAclXgGInuIwC%2B7Rch5lnfkLd0S%2FRkGBinkFBN4oarPUQC%2FeXFDWI5w7sIjHvI%2Fbn1kJVcAz0KLLkQIA6sjFlDR2Trr7zyLGcZJ1RJmGO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b096f2456cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

lougroan.com/_next/static/chunks/802-3e1f59b7c0fe3ef9.js

172.67.169.116

200 OK

67 kB

URL GET HTTP/3
lougroan.com/_next/static/chunks/802-3e1f59b7c0fe3ef9.js
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
67 kB (67401 bytes)
Hash
8288efc1729193ab69e39ae227fb924b
b6cda864edfa8126c902b5de80229790a6f9be15
070ce71e2510a99695b81a839821823ddf3b49213f166212641fcf98adfef3f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/802-3e1f59b7c0fe3ef9.js HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-10749"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6396
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=foES3rMAHWobKBtqVfauB73785zMa5nlJIQqOwpk56dW4XvbpYugJUvNVWwJCaYSt7Ytk2HU8zOYALKSBdgjWY9KzW5nc5LKV%2FIPoGT982qq9%2BSHYSJgvFVhwAWWam0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b12e917b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lougroan.com/img/rain/dollars-2.webp

172.67.169.116

200 OK

8.1 kB

URL GET HTTP/3
lougroan.com/img/rain/dollars-2.webp
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
RIFF (little-endian) data, Web/P image
Size
8.1 kB (8140 bytes)
Hash
8b4203d496c3f52b116af082a0cd4017
de5369e9459e240950bb7eb5261eaac1db26907f
8dd1f04088c25e20d15e1bc23129604830aab2b4d3d0a408a5f047f9768f39a4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/rain/dollars-2.webp HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: image/webp
content-length: 8140
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: "6631038c-1fcc"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6396
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B%2B%2B0AblVMvlf0FUzQd3rT9tkH8eYeVxjw65okwtYY9%2BmR2H4PiL7%2Fkh4UIcz8lrwga5mf7piXchr9VGivrhZfiDl9BCsmK1lZQvmNNonYayjo%2FhsA%2Bp6nOFrFwI%2F1bs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b13a95bb4ee-OSL
alt-svc: h3=":443"; ma=86400

lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742

172.67.169.116

200 OK

39 kB

URL User Request GET HTTP/2
lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type

Size
39 kB (39131 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742 HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 02:38:40 GMT
content-type: text/html
last-modified: Tue, 30 Apr 2024 14:43:26 GMT
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rby%2BPdCihLhhNqFDHncTQRjlvOBIaVcJ%2FKhSjGclTN4Cf1n7noXncyhrToyRxs%2Btec6sANspz7ljuRbcJ2g5L7bjACgy27lDGxf52NepEqTQ4OF3JTO7XHFseq6Bxvo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b111ca156a8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

lougroan.com/_next/static/chunks/pages/_app-7ac21b6c354dd447.js

172.67.169.116

200 OK

42 kB

URL GET HTTP/3
lougroan.com/_next/static/chunks/pages/_app-7ac21b6c354dd447.js
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
JavaScript source, ASCII text, with very long lines (41515), with no line terminators
Size
42 kB (41515 bytes)
Hash
92ee35a274faa2df0c68f0def06a750e
8131ecf1752dbf3591bf213855896b2618f48734
47929dce053ec819a11270e42aaff07b95e02ee29513b8f5b73cf75f6cdeddd5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/pages/_app-7ac21b6c354dd447.js HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-a22b"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6396
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yLz%2BbJyc2qkS9Q21HJM2JIbtF7I25w4eeguNDFPnrX0xaWK5TYSc9AJrSa3Zck41%2Fi8IGtxK0OdDeyfqXaKDcATSHVpSBF0fIN8gNSpAIDvGi8gWYkh7BqEtb5NmyGc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b12d90bb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lougroan.com/img/rain/dollars-1.webp

172.67.169.116

200 OK

10 kB

URL GET HTTP/3
lougroan.com/img/rain/dollars-1.webp
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
RIFF (little-endian) data, Web/P image
Size
10 kB (10546 bytes)
Hash
a5bef813a0113d018592091106451c8b
59365e96c4abca5eb98a0c56db0af0bb5cbffebb
036beb7de9c9d450e1442d593ff70ad392ca4be6754e7feaec249c0009e1bd83

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/rain/dollars-1.webp HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: image/webp
content-length: 10546
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: "6631038c-2932"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6396
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q3FnbAL40Wzu6aecTmUey7JFEUOSR8Ts%2BfVmYBkOzW0u3GKul5EIUa9b2o%2BxXfEleYdUD9p1TkuvhesDJTaEmBhNEq9lG51OZL81uB%2B0OPlAb43Jl%2BkfFfuoQ7OVqt4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b13a959b4ee-OSL
alt-svc: h3=":443"; ma=86400

lougroan.com/sw/universal.js?var=6222300&ymid=434_612528&ab2_ttl=5184000&zoneId=6679107

172.67.169.116

200 OK

1.5 kB

URL GET HTTP/3
lougroan.com/sw/universal.js?var=6222300&ymid=434_612528&ab2_ttl=5184000&zoneId=6679107
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
ASCII text, with very long lines (1540), with no line terminators
Size
1.5 kB (1458 bytes)
Hash
5edd43e1c6126829925eb36cdbaf7af3
e1baae48011f9077aa37e6ab31d4604d41aec303
38945b2621b28329b93e77cc757db7e8def95dd4f4ba1c13862018da2df83411

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sw/universal.js?var=6222300&ymid=434_612528&ab2_ttl=5184000&zoneId=6679107 HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Cookie: OAID=kkzpghlwfqw1b3cp69rfpa1rvzuzdlxd; syncedCookie=true; oaidts=1714876721
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:42 GMT
content-type: application/javascript
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: W/"6631038c-5b2"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uotuozvyLx%2BD1MAPSqj7ca1uT%2Bqq%2BpWwN6v%2FwcA1CA2HwZFXOpRB%2FTg4%2FHYN10Ct7DDXrwnyzSFf%2BOAXO5PkIRBEmgOk3G93kyAy7kdWqRWpYHX4ahWno1nRTjQBbNc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b192b8bb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

my.rtmark.net/gid.js?userId=kkzpghlwfqw1b3cp69rfpa1rvzuzdlxd

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=kkzpghlwfqw1b3cp69rfpa1rvzuzdlxd
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
65 B (65 bytes)
Hash
8f52063ddcc93f2ff6b1ad350e5766a6
3487f20340344ce62c191d1e8443ed78ecdfc8a3
761e89678a1977e84a87c0de1f2641c8a0fa9dd7d22944f101c683c5cadc2e83

HTTP Headers

GET /gid.js?userId=kkzpghlwfqw1b3cp69rfpa1rvzuzdlxd HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lougroan.com/
Origin: https://lougroan.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://lougroan.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=kkzpghlwfqw1b3cp69rfpa1rvzuzdlxd; expires=Mon, 05 May 2025 02:38:41 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

lougroan.com/img/comments/finance-survey-people/person-2.webp

172.67.169.116

200 OK

2.2 kB

URL GET HTTP/3
lougroan.com/img/comments/finance-survey-people/person-2.webp
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
2.2 kB (2220 bytes)
Hash
8f8ffbb278de1342e5cf44cd0c677c23
1b4b4428e409479cc8a8acfce6f537c2aeea7556
ac4284ed6941963c4fa0db306537f42f3a0b1fa18710bc7b9e1e62188961d83a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/comments/finance-survey-people/person-2.webp HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: image/webp
content-length: 2220
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: "6631038c-8ac"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2269
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D8W8rqmgxXJPuQyCpJz07naXtItkh676mPRW7n9uWIhFsKD3Rx18DwSXJENVRrKTez4CqGl2KpIA%2BPvtbXLUUGAJnbNx6pd9MmyWBTj9MrwAyVRCezk6ohMP1gZ%2BZBI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b157a08b4ee-OSL
alt-svc: h3=":443"; ma=86400

lougroan.com/finance-survey/icon-survey.svg

172.67.169.116

200 OK

2.7 kB

URL GET HTTP/3
lougroan.com/finance-survey/icon-survey.svg
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
SVG Scalable Vector Graphics image
Size
2.7 kB (2674 bytes)
Hash
a000ba4d0e7570d810feafb22bc50bef
af8fce44a683d3dfebe69cbe856e747739c9a666
9ae848c180201d8ae5c59ce118b0b7ef395a01295fb04d57e81cfe0566100679

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /finance-survey/icon-survey.svg HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: image/svg+xml
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: W/"6631038c-a72"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2835
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6sA7Xptg6Khy70M4VhioAwHZXPDY8qyxEXDrb73YBi2aaEBU0VWHWqv1utiHs57gGPRLMgg0AQr%2F9fW5dwt7I4x%2BiVSEj9e8LqZMrOLlPQNU9fAmtmoo28KyzXdnAeo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b15ca2eb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lougroan.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-f51e2daac4d078b4.js

172.67.169.116

200 OK

661 B

URL GET HTTP/3
lougroan.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-f51e2daac4d078b4.js
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
JavaScript source, ASCII text, with very long lines (665), with no line terminators
Size
661 B (661 bytes)
Hash
f8e52c06430c8d613af8c236a1972a4a
8ac071e6c0908ee068e453ae47a6598d733d9a1a
7f75dbe159ba344bd4495842a3c902c147703b5f4835885f3a9e13f879cdcddc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-f51e2daac4d078b4.js HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-295"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6396
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hCVPGlcvIzXhFmGnPXRQO5Qmf9WDhabZgLEDQykrKcl1QXo%2BihqVMvvkBkL0qI8zXzTGM8AHr95%2BEPywv%2FE2JWWBOsyylw3e50RVeSsnAZsRwzSVWJJbkNHYKTkMefw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b12e919b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lougroan.com/img/rain/dollars-3.webp

172.67.169.116

200 OK

5.9 kB

URL GET HTTP/3
lougroan.com/img/rain/dollars-3.webp
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
RIFF (little-endian) data, Web/P image
Size
5.9 kB (5938 bytes)
Hash
51ea76ff382bff8ef58a9943f7fd21d1
5c3d6ad6620fbde5ce3dddc88604e6d54621eba2
0240f30fc542fb5c2d532f33bc793b797199adaea75e22a7d9f04674b80d9a32

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/rain/dollars-3.webp HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: image/webp
content-length: 5938
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: "6631038c-1732"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6396
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tka%2BASZzHUOMdt1Ve7f7c3rbdcVAMVyvv5p%2FxFRZ9eWyMezwOXD4h4yQa8D2JBz%2Bei9r0may4InRDjRvtR6dYINUChmOaTq%2FDRFCeNx23yQB%2FqwFwPZaXYTnn8kDe3E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b13b95cb4ee-OSL
alt-svc: h3=":443"; ma=86400

lougroan.com/_next/static/chunks/2375.8acee6c083146147.js

172.67.169.116

200 OK

5.4 kB

URL GET HTTP/3
lougroan.com/_next/static/chunks/2375.8acee6c083146147.js
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
JavaScript source, ASCII text, with very long lines (5515), with no line terminators
Size
5.4 kB (5363 bytes)
Hash
75b7e9e3afe783ac48f3b0a596533794
cf62f608185c63ae8d4e7e8ba5e4d5d5ccd46a06
fd0ae086ce1abbdf6fcd73054df46f851e593e09723c1d4042be84165c757a3b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/2375.8acee6c083146147.js HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-14f3"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6396
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4LSvD2tKuY%2BMsTnSyweOTPakM8sgkLOn%2FIQrj260E2VlNhbhYUlCyPx%2BnwD3I0RvqeUFtTeYWXFD3pN%2FXF7FtioNT1cPg8foTiLwxo79W6dPyzRxIPRelArWOYFHssQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b15ea42b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lougroan.com/_next/static/chunks/5927.37a5338b8ac59a08.js

172.67.169.116

200 OK

19 kB

URL GET HTTP/3
lougroan.com/_next/static/chunks/5927.37a5338b8ac59a08.js
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
JavaScript source, ASCII text, with very long lines (18708), with no line terminators
Size
19 kB (18708 bytes)
Hash
a385421104bc74c949dc4c6191ef7df9
30827209462e4ce7b901e71b238109574cc117ba
441f4699276f051e940137c231a4d48a7d4a0958ceeae78958482cd8a89663be

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/5927.37a5338b8ac59a08.js HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-4914"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6396
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bWNbqSG0o421DQ7KiV%2FW9Fe%2FOfSwb1jNMkSGppmLPzO0mBSElB3Ct5xTB0LaLLsW4AmHhWswSm6BHXn7EuhEatXaOW%2BWRR2GYw66ndDGxKv0WKQnkAisRMcC%2Fz4%2BRFw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b14197eb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdntechone.com/stattag.js

104.21.36.146

200 OK

19 kB

URL GET HTTP/2
cdntechone.com/stattag.js
IP
104.21.36.146:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectcdntechone.com
Fingerprint3D:20:D4:11:5D:06:B3:63:9C:08:BF:D9:D9:16:22:D5:DC:3B:9A:CB
ValidityMon, 22 Apr 2024 03:33:58 GMT - Sun, 21 Jul 2024 03:33:57 GMT

File type
JavaScript source, ASCII text, with very long lines (18452)
Size
19 kB (19102 bytes)
Hash
bec2755dff94190fec0365b0db53807b
f98c36e7e9e06325d03fe39c3b98879062fc2704
ccb15ff22ece6946136f1501ab3ae74155399187c8e85beb10399d56bb8e149a

HTTP Headers

GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:04 GMT
etag: W/"65c37cb8-4a9e"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 996
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YANZc6kE5tbFFP3MWdpqhbpYQPWpPlOLe1tESejFYe2RS9bjmS1K%2BbaCYbIXePYtPly53B6QtAw1P%2B7jl9WhdAt09cWOxU2aDZQFUjZ8vYDwnU7TdBv09tGNTeSBlD1N9A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ed5b14b9b00b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

lougroan.com/_next/static/pCw5QzD_EB0_mbmsqIUh2/_buildManifest.js

172.67.169.116

200 OK

1.6 kB

URL GET HTTP/3
lougroan.com/_next/static/pCw5QzD_EB0_mbmsqIUh2/_buildManifest.js
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
ASCII text, with very long lines (1696), with no line terminators
Size
1.6 kB (1604 bytes)
Hash
543651efa338e66f345fe8c6095592e0
6108342c3f5cdd637443746d0c07a5b7a528aa36
8d80f5e899864f3590935e867f8814fe3bb8eb6b87ab6d84c3e1d609d971583c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/pCw5QzD_EB0_mbmsqIUh2/_buildManifest.js HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-644"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6396
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wPBHhur8LHBiYBW402pl6pXl5v0SPAqMNBgcKod2nLI2xyikCv5wGnhjrKUaSvL%2FOQ8JFYW1g%2FwGwH4Q2VVIf5EJeYTxFy5cncskmpJxqeAkqRp0cMbuCr6j%2Bkd%2BTzM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b12f91fb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lougroan.com/_next/static/chunks/8904.6fbc0cfd51623cbf.js

172.67.169.116

200 OK

925 B

URL GET HTTP/3
lougroan.com/_next/static/chunks/8904.6fbc0cfd51623cbf.js
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
JavaScript source, ASCII text, with very long lines (939), with no line terminators
Size
925 B (925 bytes)
Hash
e370c58940efd9305daf2c9601a7da0d
ac6f3895617e4817d7bf86b7c637a231b13a12b7
acba948084ac297d876a066617c1a4c6d9f5a664d43514af605a4c6d1fe37315

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/8904.6fbc0cfd51623cbf.js HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-39d"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6396
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xm4%2BIa0601zGuaJ%2Bl6EbbjQXBW0yZ3%2B23pdDxq9mEPfu6XUJDWa%2Bpu%2ByUW2x%2BgmzxsoIWBfN0Zj%2B6gw2ZI%2FIFLDmxG3nWisr11hfhafp8iIeji1EunaMXGlNO0DHyEE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b141979b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lougroan.com/_next/static/chunks/3091.8141ef861c4fae96.js

172.67.169.116

200 OK

2.4 kB

URL GET HTTP/3
lougroan.com/_next/static/chunks/3091.8141ef861c4fae96.js
IP
172.67.169.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Certificate
IssuerGoogle Trust Services LLC
Subjectlougroan.com
Fingerprint0D:3D:32:EE:D4:AA:33:AA:A9:B1:38:D5:A1:C9:99:A1:11:92:BC:8E
ValidityMon, 22 Apr 2024 11:30:49 GMT - Sun, 21 Jul 2024 11:30:48 GMT

File type
JavaScript source, ASCII text, with very long lines (2431), with no line terminators
Size
2.4 kB (2385 bytes)
Hash
aff0a51ad60c666bf1f7f27ddff14217
9677799390dc5667eeda431957d59b25d6a40946
f495db20d41fe12519423d9776481cd5c3f1dabc346ea304b8a7201b032d4e87

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/3091.8141ef861c4fae96.js HTTP/1.1
Host: lougroan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lougroan.com/finance-survey.html?z=6222300&offer_id=7636&var=434_612528&ymid=6636f1305980a00001d36742
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 May 2024 02:38:41 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-951"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6396
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z30%2FjgIdrI%2FHlpK%2ByrAP3AbrP2w2a8Z9R83c2x1dlYDKrEhN8rx86tzwcH1gkMamwmu%2B46V9rhDK0%2FtVHsiAfMKrAKG1NnJmFMdrE4CQHgmzonSIG0DEOBXFAOhd7gs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ed5b14197bb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (27)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML