Report - ofsnivyan.com/system-message/59?z=5369052&var=811843544011776881

Report Overview

Submitted URL
ofsnivyan.com/system-message/59?z=5369052&var=811843544011776881
IP
104.21.90.194
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-07 22:49:27
Access
public
Website Title
Participate in Our Exclusive Online Survey: Share Your Insight
Final URL
ofsnivyan.com/system-message/59?z=5369052&var=811843544011776881
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
56

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ofsnivyan.com	unknown	2023-09-26	2023-09-29	2024-04-18	14 kB	279 kB	104.21.90.194
arleavannya.com	unknown	2024-01-22	2024-01-22	2024-05-03	514 B	589 B	139.45.197.248
datatechonert.com	46154	2021-12-24	2021-12-24	2024-05-06	570 B	481 B	139.45.195.253
amunfezanttor.com	unknown	2023-03-31	2023-03-31	2024-05-07	491 B	642 B	139.45.197.250
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-05-06	460 B	742 B	139.45.195.8
cdntechone.com	64371	2021-12-24	2021-12-24	2024-05-03	399 B	20 kB	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	ofsnivyan.com	Sinkholed
2024-05-07	medium	ofsnivyan.com	Sinkholed
2024-05-07	medium	ofsnivyan.com	Sinkholed
2024-05-07	medium	ofsnivyan.com	Sinkholed
2024-05-07	medium	arleavannya.com	Sinkholed
2024-05-07	medium	ofsnivyan.com	Sinkholed
2024-05-07	medium	ofsnivyan.com	Sinkholed
2024-05-07	medium	ofsnivyan.com	Sinkholed
2024-05-07	medium	ofsnivyan.com	Sinkholed
2024-05-07	medium	ofsnivyan.com	Sinkholed
2024-05-07	medium	ofsnivyan.com	Sinkholed
2024-05-07	medium	amunfezanttor.com	Sinkholed
2024-05-07	medium	ofsnivyan.com	Sinkholed
2024-05-07	medium	ofsnivyan.com	Sinkholed
2024-05-07	medium	ofsnivyan.com	Sinkholed
2024-05-07	medium	ofsnivyan.com	Sinkholed
2024-05-07	medium	ofsnivyan.com	Sinkholed
2024-05-07	medium	ofsnivyan.com	Sinkholed
2024-05-07	medium	ofsnivyan.com	Sinkholed
2024-05-07	medium	ofsnivyan.com	Sinkholed
2024-05-07	medium	ofsnivyan.com	Sinkholed
2024-05-07	medium	ofsnivyan.com	Sinkholed
2024-05-07	medium	ofsnivyan.com	Sinkholed
2024-05-07	medium	ofsnivyan.com	Sinkholed
2024-05-07	medium	ofsnivyan.com	Sinkholed
2024-05-07	medium	ofsnivyan.com	Sinkholed
2024-05-07	medium	ofsnivyan.com	Sinkholed
2024-05-07	medium	ofsnivyan.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (19)

	URL	Size	First Seen	Last Seen
	ofsnivyan.com/_next/static/chunks/framework-8940d626f3bfb7e9.js	26 kB	2024-04-25	2024-05-19
Pretty URL ofsnivyan.com/_next/static/chunks/framework-8940d626f3bfb7e9.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 15:50:08 Last Seen2024-05-19 22:46:25 Times Seen879 Hash 33a34c525e2bee14a166fe1289835308 4afb650772181930d19dca9a41490beea5087932 bebac61ce044debeb2025b1fbf1c95f1b9a4bc97d0702676dea22b0bb689b555 Loading...

	ofsnivyan.com/_next/static/chunks/main-beb6af9e60a8e042.js	109 kB	2024-02-12	2024-05-19
Pretty URL ofsnivyan.com/_next/static/chunks/main-beb6af9e60a8e042.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-12 18:57:12 Last Seen2024-05-19 17:37:04 Times Seen263 Hash 44ec1451f689d71d5f33a10d4aa44658 0f7e72050b7bf72366d9463a16038ae94e232f46 1708144463d376da261c16eab17b1d2fe5c49351847f43a46c6ae4b347fd9304 Loading...

	ofsnivyan.com/_next/static/chunks/pages/_app-77a6ab7dd178be7d.js	42 kB	2024-05-07	2024-05-08
Pretty URL ofsnivyan.com/_next/static/chunks/pages/_app-77a6ab7dd178be7d.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 17:36:56 Last Seen2024-05-08 15:17:42 Times Seen50 Hash 85eaf529660a53796f74da36540dd45c cf19d281001d7e20efff136f3f5036ed7688622b 4188ed1531d40419b2a26cd0e1ab62f5e02256b0db82d08fae96cf75c5b160fa Loading...

	ofsnivyan.com/_next/static/chunks/810.a0608c12f2123e1d.js	3.0 kB	2024-05-07	2024-05-14
Pretty URL ofsnivyan.com/_next/static/chunks/810.a0608c12f2123e1d.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 17:36:56 Last Seen2024-05-14 11:58:22 Times Seen166 Hash 21123338572e9bc9ecef1ae7f2a671a0 6bfd1a5a3a454c704c10a07f8d72ce96ba6d0cad e869ca9a1dd932f4220641f06ed73b7ff85e06587cf86e014a23b972388b4a12 Loading...

	cdntechone.com/stattag.js	19 kB	2024-02-07	2024-05-19
Pretty URL cdntechone.com/stattag.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-07 19:13:47 Last Seen2024-05-19 22:46:25 Times Seen1308 Hash bec2755dff94190fec0365b0db53807b f98c36e7e9e06325d03fe39c3b98879062fc2704 ccb15ff22ece6946136f1501ab3ae74155399187c8e85beb10399d56bb8e149a Loading...

	ofsnivyan.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=5369052&ymid=811843544011776881&b=&campaignid=&click_id=&ab2r=&rhd=1&var_3=&oaid=5wqydktbnjxuhn2lhvpo4m69nt37bye&os_version=&btz=UTC&bto=0&z=7250650&cdn=1&domain=ofsnivyan.com&ab2=&ab2_ttl=5184000	37 kB	2024-04-25	2024-05-15
Pretty URL ofsnivyan.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=5369052&ymid=811843544011776881&b=&campaignid=&click_id=&ab2r=&rhd=1&var_3=&oaid=5wqydktbnjxuhn2lhvpo4m69nt37bye&os_version=&btz=UTC&bto=0&z=7250650&cdn=1&domain=ofsnivyan.com&ab2=&ab2_ttl=5184000 IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 13:01:48 Last Seen2024-05-15 20:42:51 Times Seen2522 Hash 32d6dbd00a639e2cd10d1704b9159bd5 0dab4c95675393f1d0e13d20f13d80ee12e41d95 9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de Loading...

	ofsnivyan.com/_next/static/chunks/7903-dd238946c7924507.js	32 kB	2024-03-21	2024-05-19
Pretty URL ofsnivyan.com/_next/static/chunks/7903-dd238946c7924507.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-21 14:18:29 Last Seen2024-05-19 22:46:25 Times Seen995 Hash b5dd343db67bd22544d11da18268f5c3 069b5b221dd75af58d93192460778b3d07835e74 6347f1d4083f7a0a2ac3d8b12aae8832d9ea6914aa6e137d16a4d41869d14ea5 Loading...

	ofsnivyan.com/_next/static/chunks/2090-519478c186a3d867.js	11 kB	2024-04-25	2024-05-15
Pretty URL ofsnivyan.com/_next/static/chunks/2090-519478c186a3d867.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 23:22:30 Last Seen2024-05-15 16:30:11 Times Seen724 Hash 37545926cc9a6e537b9f3e95d7a16c1e c3cbfe1f9737817eda25770274e97feaf6b8cc68 d3ccc772608b2a03a543da22715903e2b6e2c14c42c2f475a0f483ac3cd64b37 Loading...

	ofsnivyan.com/_next/static/dAaIzUv4XtGx8iX-9U1Nb/_ssgManifest.js	182 B	2024-04-18	2024-05-13
Pretty URL ofsnivyan.com/_next/static/dAaIzUv4XtGx8iX-9U1Nb/_ssgManifest.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 11:58:16 Last Seen2024-05-13 15:57:50 Times Seen453 Hash d78f02cd11637a888af548f5e270c3af 9c90b573305ec9d6d2e7e74837c641a863d991b4 2357fd3fc3972384c0c7a714da244191da43a7bf5d91fd865a30d2deb0b6b517 Loading...

	ofsnivyan.com/_next/static/chunks/5057.7ec3a668fa27cd9c.js	3.3 kB	2024-05-08	2024-05-19
Pretty URL ofsnivyan.com/_next/static/chunks/5057.7ec3a668fa27cd9c.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 00:49:28 Last Seen2024-05-19 17:37:04 Times Seen25 Hash 62cc5f4477926fbc35a59f52062beda3 bb1a9878bdf7cb712febe660a71b9f14bbaa6506 078f52a425dbda5b56c9994c6d6735a0d03ef6335cff7fc616ed87865d40eefd Loading...

	ofsnivyan.com/_next/static/chunks/4016.b34d808c2d259f64.js	18 kB	2024-05-08	2024-05-08
Pretty URL ofsnivyan.com/_next/static/chunks/4016.b34d808c2d259f64.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 00:49:28 Last Seen2024-05-08 00:49:31 Times Seen4 Hash 1baade0da929e938464e0e06118d08f3 d51b06824e049811b73ce75601695874fb2c2935 93eb1e96f4a042209b295a35043c731a9ac3fde02aebce6fe3db8065ff1cd8a1 Loading...

	ofsnivyan.com/_next/static/chunks/802-957a719378528c6a.js	69 kB	2024-05-07	2024-05-08
Pretty URL ofsnivyan.com/_next/static/chunks/802-957a719378528c6a.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 20:11:08 Last Seen2024-05-08 10:54:27 Times Seen40 Hash 67ff0c30478f2fde5f99f9fed6b54d62 9a33b56729184164417c46bcd36c299e05a0fe95 1a896453de2a387b23019831c5bdb91687c69f7d16a163fc33300f685c4f162a Loading...

	ofsnivyan.com/_next/static/chunks/585.334272b77caf2262.js	3.9 kB	2024-05-02	2024-05-19
Pretty URL ofsnivyan.com/_next/static/chunks/585.334272b77caf2262.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 17:44:49 Last Seen2024-05-19 17:37:04 Times Seen14 Hash d49aaa8f3307ca64c375ab668dd8ef33 7375c938301020a383f7186901f07a879527e36d 185d200cb9b148451a7cbe5cd51b2a204d11f44abf0754296bebce22c09e9908 Loading...

	ofsnivyan.com/_next/static/chunks/3091.8141ef861c4fae96.js	2.4 kB	2024-04-24	2024-05-15
Pretty URL ofsnivyan.com/_next/static/chunks/3091.8141ef861c4fae96.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 20:44:14 Last Seen2024-05-15 10:39:48 Times Seen416 Hash 8de4ecfc18371e9af83a020ad48a4839 f4cfd9509facd189f8e3487426a36cecfc77c090 954601b08c55f3c2e1c2a0a766e31a55e18b3ee0f6213cd1761decd4e4715f64 Loading...

	ofsnivyan.com/_next/static/chunks/webpack-16c59117a5e33762.js	6.3 kB	2024-05-07	2024-05-08
Pretty URL ofsnivyan.com/_next/static/chunks/webpack-16c59117a5e33762.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 17:36:56 Last Seen2024-05-08 10:54:26 Times Seen31 Hash 4eb5df9e5d78c502c696eabc05766bc7 86884bc4b7a4039a94cef44266d5edb44607a1a8 db1e7bb1cfa50a05bea1fa08b276aa5eb2df3405b20dd6d28b4ebe7d6aff0aea Loading...

	ofsnivyan.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-f51e2daac4d078b4.js	661 B	2024-04-30	2024-05-08
Pretty URL ofsnivyan.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-f51e2daac4d078b4.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 15:34:30 Last Seen2024-05-08 10:54:27 Times Seen183 Hash 277a97cfa8751f2eac57de60434b437b 9834fe466692865ccbe9a6aed4b57b0a0947aba3 f157395e1d5a2d7f75b801b761e419e990275ffefe3f7a768fbb51ea52d24ef7 Loading...

	ofsnivyan.com/_next/static/dAaIzUv4XtGx8iX-9U1Nb/_buildManifest.js	1.6 kB	2024-05-07	2024-05-08
Pretty URL ofsnivyan.com/_next/static/dAaIzUv4XtGx8iX-9U1Nb/_buildManifest.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 20:11:08 Last Seen2024-05-08 10:54:27 Times Seen23 Hash b7905adbada1b876aeaa5c92faead5db c8f7aa11ea21150f55ceff3f4f15324980542286 d09188210aa12c50cdc15bfb3e074e84ed44f232754ea12610e48db1dadb21ae Loading...

	ofsnivyan.com/_next/static/chunks/2734.6269ca0cf725ea17.js	4.1 kB	2024-04-24	2024-05-19
Pretty URL ofsnivyan.com/_next/static/chunks/2734.6269ca0cf725ea17.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 10:54:43 Last Seen2024-05-19 22:46:25 Times Seen527 Hash 48072be51722d2894982d56f13a52372 c1fbbdcb8b12079d61205284dec041f93390f47b b0ab49765bb74cdb8c46c171f3adad413e1934203046a3ca23d4872c892894d5 Loading...

	ofsnivyan.com/_next/static/chunks/5356.cd117ab77e87aa94.js	1.3 kB	2024-02-28	2024-05-19
Pretty URL ofsnivyan.com/_next/static/chunks/5356.cd117ab77e87aa94.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-28 05:15:28 Last Seen2024-05-19 22:46:25 Times Seen229 Hash 48bc38caebc09f278d740e9a8302bf56 b687105616511f0eb1f493a5ff7cb35e6b445b5e d558e0466151e37fdefda1944ca4860ea0f63fc583e36ed00e2516d52774caa3 Loading...

HTTP Transactions (31)

URL IP Response Size

ofsnivyan.com/_next/static/css/0bc0cde260d08b97.css

104.21.90.194

200 OK

1.2 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/css/0bc0cde260d08b97.css
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
ASCII text, with very long lines (1843), with no line terminators
Size
1.2 kB (1218 bytes)
Hash
64b2b4fa42c7d558d735e2cd28ecf88a
03d6da6e55b1201b51689590520da495a9233d67
2fdb3ce9ccba8355040e5ba3dfb2283194acba81858943b5d88f70030dbb71ea

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/css/0bc0cde260d08b97.css HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 22:49:02 GMT
content-type: text/css
last-modified: Tue, 07 May 2024 16:11:10 GMT
vary: Accept-Encoding
etag: W/"663a529e-733"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5995
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CcVvyk619q%2BtRj31WlyXwkeYKX0uts5nEnlS5o1HIkmtAC3u4Ls0RvdYXKBS4XM90ESZe5yQRx7beY%2FLaxXQkoEqwfCL6JH4MuNb71RtqXoFihb%2FmeBdThX2v16HN%2FcR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804c2cd285e712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/_next/static/chunks/main-beb6af9e60a8e042.js

104.21.90.194

200 OK

33 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/main-beb6af9e60a8e042.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
33 kB (32864 bytes)
Hash
44ec1451f689d71d5f33a10d4aa44658
0f7e72050b7bf72366d9463a16038ae94e232f46
1708144463d376da261c16eab17b1d2fe5c49351847f43a46c6ae4b347fd9304

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/main-beb6af9e60a8e042.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 22:49:02 GMT
content-type: application/javascript
last-modified: Tue, 07 May 2024 16:11:10 GMT
vary: Accept-Encoding
etag: W/"663a529e-1a957"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5995
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gsExug1vU2mo7FQqhwCzIHFE3VJX3EnwEJMCHgGO7nGyT%2FzOpOSxXVsNi9WawKeMgIVf0MQmsygBEG9tRxr3cRKq5HJXey5P1y4FLeIGdkZSn8XeCzzxf6DOrg7xcVZi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804c2cd3869712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/_next/static/chunks/pages/_app-77a6ab7dd178be7d.js

104.21.90.194

200 OK

12 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/pages/_app-77a6ab7dd178be7d.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (41624), with no line terminators
Size
12 kB (12491 bytes)
Hash
85eaf529660a53796f74da36540dd45c
cf19d281001d7e20efff136f3f5036ed7688622b
4188ed1531d40419b2a26cd0e1ab62f5e02256b0db82d08fae96cf75c5b160fa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/pages/_app-77a6ab7dd178be7d.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 22:49:02 GMT
content-type: application/javascript
last-modified: Tue, 07 May 2024 16:11:10 GMT
vary: Accept-Encoding
etag: W/"663a529e-a298"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tp%2Bw5nGMMS8cAMqer3MksRcbFz4PTVfX8mqV3DIPtyqzNmwTA4QBkQJqqa6zbcFC87lv%2BAHmLlW8MoOmAUjG2%2BUs9Qs8782rKmtJsgLW0bSFQuAOLFsEQCv6o7ERN4q7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804c2cd386a712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/_next/static/chunks/5356.cd117ab77e87aa94.js

104.21.90.194

200 OK

721 B

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/5356.cd117ab77e87aa94.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (1298), with no line terminators
Size
721 B (721 bytes)
Hash
48bc38caebc09f278d740e9a8302bf56
b687105616511f0eb1f493a5ff7cb35e6b445b5e
d558e0466151e37fdefda1944ca4860ea0f63fc583e36ed00e2516d52774caa3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/5356.cd117ab77e87aa94.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 22:49:02 GMT
content-type: application/javascript
last-modified: Tue, 07 May 2024 16:11:09 GMT
vary: Accept-Encoding
etag: W/"663a529d-512"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5989
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=USCdiJpk1CuR1qylZPLHv1YgXRxFLkoHkb3G7m9k4V0L0KIxVmNXQnMWA%2BnfKVGlwkUSa7uVbEqD4J3%2F6OjMeyiqm1gvjCj9AemKLqzLpvcXzyYnt5l0%2BeSnEGS4sNEI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804c2ce290a712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

arleavannya.com/sync-metrics

139.45.197.248

200 OK

0 B

URL OPTIONS HTTP/2
arleavannya.com/sync-metrics
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Certificate
IssuerLet's Encrypt
Subjectarleavannya.com
Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47
ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://ofsnivyan.com/
Origin: https://ofsnivyan.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:49:02 GMT
content-length: 0
access-control-allow-origin: https://ofsnivyan.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ofsnivyan.com/_next/static/chunks/5057.7ec3a668fa27cd9c.js

104.21.90.194

200 OK

1.4 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/5057.7ec3a668fa27cd9c.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
gzip compressed data, from Unix
Size
1.4 kB (1430 bytes)
Hash
94b04f1440822659a7cdf483954c75da
d04905a9a61dfba4c1805cb73c9a05f380dc1922
f08c503e5c565014462c6fc3133d4e93a395fa1f610e63a4608472cff84faa26

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/5057.7ec3a668fa27cd9c.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 22:49:02 GMT
content-type: application/javascript
last-modified: Tue, 07 May 2024 16:11:09 GMT
vary: Accept-Encoding
etag: W/"663a529d-d0c"
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3vzcrEJGUNjfgJs755B6V7xL9ldcSBW932YKTP83xivNGEy0LLplIwTcDYQI%2BfNxxxHcMXP%2BZsix%2BMhE4w%2F8vDOu4alkK43yDjpEGFY7YadJz8jHfVCwIbZk%2FafSh0IU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804c2ce1903712f-OSL
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/favicon.ico

104.21.90.194

204 No Content

0 B

URL GET HTTP/3
ofsnivyan.com/favicon.ico
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Tue, 07 May 2024 22:49:02 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8oqzSAlmOkkGmreICI5bM5uNuy7N4D0yxc9rRvKG5HK5RflE6uhMisFFrSsBtO6CzhtY2DlIHxEKH5TSupXg4CaFuMyUPZefclQurUN%2BQhNL5A9HU3c7rk4O6AMNaK5I"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8804c2cf9a32712f-OSL
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/track?dry=false&request_var=811843544011776881&oaid=5wqydktbnjxuhn2lhvpo4m69nt37bye&os_version=&var=5369052&var_3=&var_4=&variable2=&ymid=811843544011776881&z=5369052

104.21.90.194

200 OK

589 B

URL GET HTTP/3
ofsnivyan.com/track?dry=false&request_var=811843544011776881&oaid=5wqydktbnjxuhn2lhvpo4m69nt37bye&os_version=&var=5369052&var_3=&var_4=&variable2=&ymid=811843544011776881&z=5369052
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JSON text data
Size
589 B (589 bytes)
Hash
518fbbd5a95951cd6212498955368d69
f6b781a48dee7d09f5b29745c4ced1397642bbe1
f8c19e1cf3423fb386d154c3effb94bc2774d81de6af91588f731e2ce2b6a4f8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /track?dry=false&request_var=811843544011776881&oaid=5wqydktbnjxuhn2lhvpo4m69nt37bye&os_version=&var=5369052&var_3=&var_4=&variable2=&ymid=811843544011776881&z=5369052 HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ofsnivyan.com/system-message/59?z=5369052&var=811843544011776881
DNT: 1
Connection: keep-alive
Cookie: OAID=5wqydktbnjxuhn2lhvpo4m69nt37bye; syncedCookie=true; oaidts=1715122142
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 22:49:02 GMT
content-type: application/json
vary: Accept-Encoding
x-trace-id: 4b2ec2171329db65df2e60c29f52a0cb
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ofsnivyan.com/
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tVeLMY1JcoT%2FJlvh00BbOltTm9s5s5BKgdWr0aaQHUFIOhNjJ7m8gQOAyZjdNfDOk%2BeBFX5pWxlrw83oVhniOrtXSdTQRdbarIWPLE6%2Fy58zAyZ4fMd1j5eE74AlQ9ci"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804c2cfca46712f-OSL
alt-svc: h3=":443"; ma=86400

datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=4a6ad5a1-3120-47fe-ad5b-9e2ad60ddbb5

139.45.195.253

200 OK

12 B

URL POST HTTP/1.1
datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=4a6ad5a1-3120-47fe-ad5b-9e2ad60ddbb5
IP
139.45.195.253:443
ASN
#9002 RETN Limited

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Certificate
IssuerSectigo Limited
Subjectdatatechonert.com
Fingerprint3F:E1:50:2C:9F:FC:F9:37:03:E3:B6:34:00:06:89:69:01:E7:C3:27
ValiditySun, 10 Dec 2023 00:00:00 GMT - Mon, 23 Dec 2024 23:59:59 GMT

File type
JSON text data
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

HTTP Headers

POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=4a6ad5a1-3120-47fe-ad5b-9e2ad60ddbb5 HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1388
Origin: https://ofsnivyan.com
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Tue, 07 May 2024 22:49:02 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://ofsnivyan.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

ofsnivyan.com/custom

104.21.90.194

200 OK

545 B

URL POST HTTP/3
ofsnivyan.com/custom
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JSON text data
Size
545 B (545 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /custom HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 354
Origin: https://ofsnivyan.com
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59?z=5369052&var=811843544011776881
Cookie: OAID=5wqydktbnjxuhn2lhvpo4m69nt37bye; syncedCookie=true; oaidts=1715122142
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 22:49:02 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-trace-id: 81331d4703a3807551042113b227096e
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ofsnivyan.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8ggniQNGs3JOFirjdaxwN3nNKEcKxWTxr3oFVd7ZVvEs8yWLFqyOKhnsHVnSAvd2c8Let%2BMcbF2PgFGUS5ZexPW0ohswH6155566iD%2B5%2F9JszuyNPQQ1XoiozjXMeYso"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804c2d09aae712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/zone?&pub=0&zone_id=7250650&is_mobile=false&domain=ofsnivyan.com&var=5369052&ymid=811843544011776881&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=f8060505-d94c-4bb1-9137-de7b9a4031ed&action=prerequest

104.21.90.194

200 OK

0 B

URL POST HTTP/3
ofsnivyan.com/zone?&pub=0&zone_id=7250650&is_mobile=false&domain=ofsnivyan.com&var=5369052&ymid=811843544011776881&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=f8060505-d94c-4bb1-9137-de7b9a4031ed&action=prerequest
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /zone?&pub=0&zone_id=7250650&is_mobile=false&domain=ofsnivyan.com&var=5369052&ymid=811843544011776881&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=f8060505-d94c-4bb1-9137-de7b9a4031ed&action=prerequest HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ofsnivyan.com
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59?z=5369052&var=811843544011776881
Cookie: OAID=5wqydktbnjxuhn2lhvpo4m69nt37bye; syncedCookie=true; oaidts=1715122142
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 22:49:02 GMT
content-length: 0
x-trace-id: cb93765af9408cc5d1c9f52fa4048f66
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ofsnivyan.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QjTPmOcHI9yuamqg0pwP1DwWA%2BRCOph3Ai6XBEMM7QKlH13aFfueRGlog%2F4PBgkFJxQDonoULJtJWMU4y9eJHt0Ez54o24x0l6aH53L6QTDwFjc8s2ZLeNxPBj6IZWlB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804c2d0aab7712f-OSL
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/sw/universal.js?var=5369052&ymid=811843544011776881&ab2_ttl=5184000&zoneId=7250650

104.21.90.194

200 OK

381 B

URL GET HTTP/3
ofsnivyan.com/sw/universal.js?var=5369052&ymid=811843544011776881&ab2_ttl=5184000&zoneId=7250650
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
ASCII text
Size
381 B (381 bytes)
Hash
3720f9cee1df8fca36fe99491eab215b
1705d72778aac160278f15d86a8d1aa2bac785bf
08c09c04a09d4a2fe27fc50189a08f18cfe108a3b966d4a36c77819275c0d81d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sw/universal.js?var=5369052&ymid=811843544011776881&ab2_ttl=5184000&zoneId=7250650 HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59?z=5369052&var=811843544011776881
Cookie: OAID=5wqydktbnjxuhn2lhvpo4m69nt37bye; syncedCookie=true; oaidts=1715122142
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 22:49:02 GMT
content-type: application/javascript
last-modified: Tue, 07 May 2024 16:11:10 GMT
vary: Accept-Encoding
etag: W/"663a529e-5b2"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3544
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rU%2B1Saxn4LKKX72wFKQLMxkC13zfL27bEr834O6Qlw%2BqtncPDiPKkXD231SxzQHvFR7FhJMSNma%2Bvgy4hPJBZ0z%2F6fZRkcZxZWSSFqwvGMSeSTtYddrS%2BFOHmUTw9s9Q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804c2d09ab1712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
d5e3cdb9680a8924e41243cc1ad9aee9
f7c2cd9f40820f21f895591d468d4ebc4fb85131
a14853ca13511986a96c086562b4d95fd0abb7aa48d080cb54bfe939967b4a2b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ofsnivyan.com/
Content-Type: application/json
Content-Length: 1806
Origin: https://ofsnivyan.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:49:02 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ofsnivyan.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ofsnivyan.com/_next/static/chunks/7903-dd238946c7924507.js

104.21.90.194

200 OK

13 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/7903-dd238946c7924507.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (31896), with no line terminators
Size
13 kB (12638 bytes)
Hash
b5dd343db67bd22544d11da18268f5c3
069b5b221dd75af58d93192460778b3d07835e74
6347f1d4083f7a0a2ac3d8b12aae8832d9ea6914aa6e137d16a4d41869d14ea5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/7903-dd238946c7924507.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 22:49:02 GMT
content-type: application/javascript
last-modified: Tue, 07 May 2024 16:11:10 GMT
vary: Accept-Encoding
etag: W/"663a529e-7c98"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5993
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NHxrbZB8c6%2BlJ6fSY98dx8yPssgzmk2v6pRPMOqdXd6LrLBBlwJmUIVagwNvO9O3Hx0GtRcaJnZz1J8YTbG%2FRhCleGyLXyPzjCej2kugN3v7Vz7QIoZPmNrDcAWIZfcC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804c2cd386b712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/system-message/59?z=5369052&var=811843544011776881

104.21.90.194

301 Moved Permanently

7.1 kB

URL User Request GET HTTP/2
ofsnivyan.com/system-message/59?z=5369052&var=811843544011776881
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type

Size
7.1 kB (7126 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /system-message/59?z=5369052&var=811843544011776881 HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Tue, 07 May 2024 22:49:01 GMT
content-type: text/html
location: http://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9fJjjw8W2oqduDqH66P8aRPYh42aDCGY7X8Ql8kPZuxW4KhnS8TvR03J6Dw1IMoZJ8LoDXhamK7NznO%2FE0eWd4WDVXnR%2FvsR8l1Nenk8Qjx9FzSdJ33LcFAghKmztFre"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804c2c99f80b4f7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ofsnivyan.com/_next/static/chunks/4016.b34d808c2d259f64.js

104.21.90.194

200 OK

18 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/4016.b34d808c2d259f64.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (17639), with no line terminators
Size
18 kB (17639 bytes)
Hash
1baade0da929e938464e0e06118d08f3
d51b06824e049811b73ce75601695874fb2c2935
93eb1e96f4a042209b295a35043c731a9ac3fde02aebce6fe3db8065ff1cd8a1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/4016.b34d808c2d259f64.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 22:49:02 GMT
content-type: application/javascript
last-modified: Tue, 07 May 2024 16:11:09 GMT
vary: Accept-Encoding
etag: W/"663a529d-44e7"
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 6812
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HWQVC3EdSeHHvcRkkPaVBU86PjM%2FDdz2S%2FnsPPAriVBJav8JWjd5fCfSh%2B0mqfI%2B8w02CgEfWVFsZ7fiEClRXKDqvaJmiJ8itPumse0fNwDxO6qCz7hRII%2F4pGDh8BIY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804c2cd2861712f-OSL
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/_next/static/chunks/webpack-16c59117a5e33762.js

104.21.90.194

200 OK

6.3 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/webpack-16c59117a5e33762.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (6510), with no line terminators
Size
6.3 kB (6264 bytes)
Hash
d81ebd41233b313209c6788f8bf99e9b
879fcb49ae623ffb907e5f7ae831f4d76138c707
57832517a25ef775088811869c48e168c1bcc09ad92ad79c3c2c53c21ac71448

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/webpack-16c59117a5e33762.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 22:49:02 GMT
content-type: application/javascript
last-modified: Tue, 07 May 2024 16:11:10 GMT
vary: Accept-Encoding
etag: W/"663a529e-1878"
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 5995
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GemRa5BF%2Be7qj6eIE6SFYPFVK9vqVhIFxam0wM6I0beSbhFxyvkD6zMyOImTQHvbO37cu9Wh5650qxtbC4UY4uERRxGIcPvrjJF2CN9VbHDYq7ZW5WRraOVyUfvJ2iNB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804c2cd2863712f-OSL
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881

104.21.90.194

200 OK

7.1 kB

URL User Request GET HTTP/3
ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
HTML document, ASCII text, with very long lines (7652), with no line terminators
Size
7.1 kB (7126 bytes)
Hash
0dd3d509f963a8d6e286187c48dc8ee7
491f7a7a61c05eca4389728443eda419caee2505
a62c1becd700a2e6ff578f19a08659504ecbae5a13c21cad3b1236163513dac8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /system-message/59/?z=5369052&var=811843544011776881 HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 22:49:01 GMT
content-type: text/html
last-modified: Tue, 07 May 2024 16:11:12 GMT
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tk9YC395AW2X3kYLYOi3NG1vbcUTVi0o2usv2gkAqtW3lxITUTFNhOqpAddWT3yvLFTdrN%2BHE1lfv4oOmt3U2ngPQz7jtxynbccSy0phz86lEz0ScHlF7BYGAsxsIB1K"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804c2ca4eae712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/_next/static/chunks/2090-519478c186a3d867.js

104.21.90.194

200 OK

11 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/2090-519478c186a3d867.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (10752), with no line terminators
Size
11 kB (10752 bytes)
Hash
37545926cc9a6e537b9f3e95d7a16c1e
c3cbfe1f9737817eda25770274e97feaf6b8cc68
d3ccc772608b2a03a543da22715903e2b6e2c14c42c2f475a0f483ac3cd64b37

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/2090-519478c186a3d867.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 22:49:02 GMT
content-type: application/javascript
last-modified: Tue, 07 May 2024 16:11:09 GMT
vary: Accept-Encoding
etag: W/"663a529d-2a00"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5993
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0ajHJTsQLpSGRh9bQlWz8oO3TeI6lUfGxrtRo4t754E2DUpkxjFGkYdKXDJTBVhbZvMbfpnLIdXUDbUactyy1LNqDBfy8APrICxXfBR6mjEAjYjhKEChQPRo3d%2F5qaub"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804c2cd386d712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/_next/static/dAaIzUv4XtGx8iX-9U1Nb/_buildManifest.js

104.21.90.194

200 OK

1.6 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/dAaIzUv4XtGx8iX-9U1Nb/_buildManifest.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
ASCII text, with very long lines (1696), with no line terminators
Size
1.6 kB (1604 bytes)
Hash
355192c5cac7966c2c0ea46afde68c35
1afb3d39fa9e18eef37b2b353581e916b3db4683
a9662fb68ec260744897dc85cf8b13e59a0726e2e353e3a8ef55a13f238982c2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/dAaIzUv4XtGx8iX-9U1Nb/_buildManifest.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 22:49:02 GMT
content-type: application/javascript
last-modified: Tue, 07 May 2024 16:11:10 GMT
vary: Accept-Encoding
etag: W/"663a529e-644"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zhpm1V%2Bk7GpkbegBmpmh%2FtFKFaCsjhQgGR6Z%2FFHG%2BQ%2FnNx%2BkwQb8X33Pi9x2RVN77VPvIPValvYiJR5Owkq403L%2BV7Gl%2FNrfuCudx7z5vH4ypeZYdS26CyFWG6cNx8O6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804c2cd3872712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/_next/static/chunks/3091.8141ef861c4fae96.js

104.21.90.194

200 OK

2.4 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/3091.8141ef861c4fae96.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (2431), with no line terminators
Size
2.4 kB (2385 bytes)
Hash
aff0a51ad60c666bf1f7f27ddff14217
9677799390dc5667eeda431957d59b25d6a40946
f495db20d41fe12519423d9776481cd5c3f1dabc346ea304b8a7201b032d4e87

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/3091.8141ef861c4fae96.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 22:49:02 GMT
content-type: application/javascript
last-modified: Tue, 07 May 2024 16:11:10 GMT
vary: Accept-Encoding
etag: W/"663a529e-951"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xtJQfwU0Ct%2FrGNHL4MRm7itXVPBMwe%2F62cBGW5sQ%2Bsm8rdmKBJ3Kffyk0doGTomG7MH2d0N36pMUbujLUO3TEM9QPlFOaTiQRWZbr9WMf6tmD0OVjD7JajxBkwHQmPu3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804c2ce2906712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/_next/static/dAaIzUv4XtGx8iX-9U1Nb/_ssgManifest.js

104.21.90.194

200 OK

182 B

URL GET HTTP/3
ofsnivyan.com/_next/static/dAaIzUv4XtGx8iX-9U1Nb/_ssgManifest.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
ASCII text, with no line terminators
Size
182 B (182 bytes)
Hash
ca6aa05f78eb6859347a61db067f16dc
444e70f53eb809f0920de921925d854baccdd251
11ca6f5cc9bc3b5e4021fe0fdad57091b6e8b54a5018672cf9d8b6a7e4f0e229

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/dAaIzUv4XtGx8iX-9U1Nb/_ssgManifest.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 22:49:02 GMT
content-type: application/javascript
last-modified: Tue, 07 May 2024 16:11:10 GMT
vary: Accept-Encoding
etag: W/"663a529e-b6"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5992
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FWbuBYHcNjKRCV4JQ3daMt0HbDTBFyjTSV5NULkBX8j7KRbc%2F16zKIObnAC72YRlD7KiMCsjoRAJPSiLBLxRGbXqXvr%2FJkf90kP89ojo7JOAxExkPCZKMfbz%2FWx6KR3R"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804c2cd3874712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

my.rtmark.net/gid.js?userId=5wqydktbnjxuhn2lhvpo4m69nt37bye

139.45.195.8

200 OK

64 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=5wqydktbnjxuhn2lhvpo4m69nt37bye
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
64 B (64 bytes)
Hash
343e291ba5f73cf6ca635e9646bbb7b8
c94e76c7bbe0584d764456e8a3951b98e3ea440e
62224bbf12abea247267cf240230a5bcaee66742ab596e7d658ea4c1d4fc7301

HTTP Headers

GET /gid.js?userId=5wqydktbnjxuhn2lhvpo4m69nt37bye HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ofsnivyan.com/
Origin: https://ofsnivyan.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:49:02 GMT
content-type: application/json; charset=utf-8
content-length: 64
access-control-allow-origin: https://ofsnivyan.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=5wqydktbnjxuhn2lhvpo4m69nt37bye; expires=Wed, 07 May 2025 22:49:02 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ofsnivyan.com/_next/static/chunks/810.a0608c12f2123e1d.js

104.21.90.194

200 OK

3.0 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/810.a0608c12f2123e1d.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (3074), with no line terminators
Size
3.0 kB (2996 bytes)
Hash
6cc4490ccff791f29be9ad2e2c0e83b3
ede3303c45d0de176f97822066b186d4e0ca603a
6e703777488800dbe82363bf1e4afae683f2743079eeca4b3119c21eb2f542eb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/810.a0608c12f2123e1d.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 22:49:02 GMT
content-type: application/javascript
last-modified: Tue, 07 May 2024 16:11:10 GMT
vary: Accept-Encoding
etag: W/"663a529e-bb4"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5989
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tHj7PNbR%2BJxeHFT4yu7utIo22F2mWtJZdYjaHsuHyT44Pn5lSrQoAozBrbKBO9G8BHzPXeZ8KXg4PBVzEETLwQtuJXhreM352kCXxGAdsC2l%2Fb9tUQ5riOo9p%2FhhK4Jr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804c2ce1901712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=5369052&ymid=811843544011776881&b=&campaignid=&click_id=&ab2r=&rhd=1&var_3=&oaid=5wqydktbnjxuhn2lhvpo4m69nt37bye&os_version=&btz=UTC&bto=0&z=7250650&cdn=1&domain=ofsnivyan.com&ab2=&ab2_ttl=5184000

104.21.90.194

200 OK

37 kB

URL GET HTTP/3
ofsnivyan.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=5369052&ymid=811843544011776881&b=&campaignid=&click_id=&ab2r=&rhd=1&var_3=&oaid=5wqydktbnjxuhn2lhvpo4m69nt37bye&os_version=&btz=UTC&bto=0&z=7250650&cdn=1&domain=ofsnivyan.com&ab2=&ab2_ttl=5184000
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (37142), with no line terminators
Size
37 kB (37142 bytes)
Hash
32d6dbd00a639e2cd10d1704b9159bd5
0dab4c95675393f1d0e13d20f13d80ee12e41d95
9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=5369052&ymid=811843544011776881&b=&campaignid=&click_id=&ab2r=&rhd=1&var_3=&oaid=5wqydktbnjxuhn2lhvpo4m69nt37bye&os_version=&btz=UTC&bto=0&z=7250650&cdn=1&domain=ofsnivyan.com&ab2=&ab2_ttl=5184000 HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59?z=5369052&var=811843544011776881
Cookie: OAID=5wqydktbnjxuhn2lhvpo4m69nt37bye; syncedCookie=true; oaidts=1715122142
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 22:49:02 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:49:22 GMT
vary: Accept-Encoding
etag: W/"662a3532-9116"
access-control-allow-credentials: true
cache-control: max-age=14400
pragma: no-cache
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kwpdiSmJrKUOfYu5ywXFdU5CqGdo6D18xFPPAekmlj7XjA01vtCTUG1Ou1Td7AvbIEsIqeDp8VtomD5BqGnM2dlwY4hbNbCuihLnlC7OAWD2XhiWkozqyOewU2cmrQ6c"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804c2cfea52712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/_next/static/chunks/framework-8940d626f3bfb7e9.js

104.21.90.194

200 OK

26 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/framework-8940d626f3bfb7e9.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (25995), with no line terminators
Size
26 kB (25995 bytes)
Hash
33a34c525e2bee14a166fe1289835308
4afb650772181930d19dca9a41490beea5087932
bebac61ce044debeb2025b1fbf1c95f1b9a4bc97d0702676dea22b0bb689b555

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/framework-8940d626f3bfb7e9.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 22:49:02 GMT
content-type: application/javascript
last-modified: Tue, 07 May 2024 16:11:10 GMT
vary: Accept-Encoding
etag: W/"663a529e-658b"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5995
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WGrqyub%2BVz48csbFBk69AOOnDQfJGeB0Mom5Rx5NLmjXT2RGSZYLpg%2BIlah9F5Biuq0YzarVWcm4UqLr2PloADBYjKFvWEUaokGq66Lyo0GBUvE4LF0gY90OjVmyOMHy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804c2cd2867712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/_next/static/chunks/802-957a719378528c6a.js

104.21.90.194

200 OK

69 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/802-957a719378528c6a.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
69 kB (68622 bytes)
Hash
67ff0c30478f2fde5f99f9fed6b54d62
9a33b56729184164417c46bcd36c299e05a0fe95
1a896453de2a387b23019831c5bdb91687c69f7d16a163fc33300f685c4f162a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/802-957a719378528c6a.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 22:49:02 GMT
content-type: application/javascript
last-modified: Tue, 07 May 2024 16:11:10 GMT
vary: Accept-Encoding
etag: W/"663a529e-10c0e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vgbxq5a%2BPcJXdiaNMGjQjR%2BW3KL0XqXKOc0rR214aEcmkhAOHPwbi04jxDkgY6FuK00UiCUT1he%2Fo%2Bf3BqyUh31gSmAzBTN2ICnhwcbT2fYBlTzeSNwDI4f18pRjfbUw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804c2cd386e712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/_next/static/chunks/2734.6269ca0cf725ea17.js

104.21.90.194

200 OK

4.1 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/2734.6269ca0cf725ea17.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (4219), with no line terminators
Size
4.1 kB (4147 bytes)
Hash
98132c6c771aec065d3ab61e5c8c0f53
56484dafed6218ea17ef047fc8cd4c5a342c1890
ae09486720d6d4764b5126f0e26414962ee83eeebdc05db588bb7d86855e8b23

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/2734.6269ca0cf725ea17.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 22:49:02 GMT
content-type: application/javascript
last-modified: Tue, 07 May 2024 16:11:09 GMT
vary: Accept-Encoding
etag: W/"663a529d-1033"
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 5989
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=66TRwOmdfcwZzU8wgVI1KtmK6bdyNvcAMryelW471Sl92HaZ8vuf3W4QN%2B0H7ymjsxV62voNzOdgppytfEQM7mgUF6%2BZzxCVwu7OOpQWGZmHgWLv2V89FhlQQTSMYOfv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804c2ce1900712f-OSL
alt-svc: h3=":443"; ma=86400

cdntechone.com/stattag.js

188.114.97.1

200 OK

19 kB

URL GET HTTP/2
cdntechone.com/stattag.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Certificate
IssuerGoogle Trust Services LLC
Subjectcdntechone.com
Fingerprint3D:20:D4:11:5D:06:B3:63:9C:08:BF:D9:D9:16:22:D5:DC:3B:9A:CB
ValidityMon, 22 Apr 2024 03:33:58 GMT - Sun, 21 Jul 2024 03:33:57 GMT

File type
JavaScript source, ASCII text, with very long lines (18452)
Size
19 kB (19102 bytes)
Hash
bec2755dff94190fec0365b0db53807b
f98c36e7e9e06325d03fe39c3b98879062fc2704
ccb15ff22ece6946136f1501ab3ae74155399187c8e85beb10399d56bb8e149a

HTTP Headers

GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 22:49:02 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:04 GMT
etag: W/"65c37cb8-4a9e"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 957
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yLtnF5W%2FiTyDyudVF4gCUnH8s4k6xBbeXHt%2Fuwjc7r%2F9Pp9okS4vndPlGKWCcnrzwClRnvZXv%2BOrQouBpG4xnoWJqNh%2FcVbn6Knce6L9aYvrLnpGwPXzWSEWHg8mUdLJXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8804c2cee93b56a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ofsnivyan.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-f51e2daac4d078b4.js

104.21.90.194

200 OK

661 B

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-f51e2daac4d078b4.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (665), with no line terminators
Size
661 B (661 bytes)
Hash
f8e52c06430c8d613af8c236a1972a4a
8ac071e6c0908ee068e453ae47a6598d733d9a1a
7f75dbe159ba344bd4495842a3c902c147703b5f4835885f3a9e13f879cdcddc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-f51e2daac4d078b4.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 22:49:02 GMT
content-type: application/javascript
last-modified: Tue, 07 May 2024 16:11:10 GMT
vary: Accept-Encoding
etag: W/"663a529e-295"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5992
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jpE5VKcluqLal1lJZd%2FNZT1LDIdNVCvBRt%2FOA8zZMFVHyOY%2BQKF3LNjmK1a65jXe8JpabMpKFlxxv3d93zY4Yk3tiJmBQxieAKMd6PRqITLH%2BsFFBAHR1V3JG45IUvRR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804c2cd3870712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/_next/static/chunks/585.334272b77caf2262.js

104.21.90.194

200 OK

3.9 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/585.334272b77caf2262.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=811843544011776881
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (4120), with no line terminators
Size
3.9 kB (3941 bytes)
Hash
53b7aef78286c4dd02279461e8d43db4
070bec45dad4bfd1a9bd554ddc60956e0d44b9fb
5d0f3b3a245fad1386f3353ea619b1f6388ebea3826eab024e4f7ed9fa598cfc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/585.334272b77caf2262.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59?z=5369052&var=811843544011776881
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 22:49:02 GMT
content-type: application/javascript
last-modified: Tue, 07 May 2024 16:11:10 GMT
vary: Accept-Encoding
etag: W/"663a529e-f65"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5988
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4s212e5hzO7HK%2B7ndYcqShEmyWkY5gM%2BM%2BUGMcA%2Fa4O1nj3tpuSS54978N4uE3R55la9XQzFh7MTAVFklQ2ypYaBgl%2BIs2WVPZjHFvQUzAeCNolzaJ1kaqHxWD3VjcbI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804c2ce6933712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (19)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML