Report - ofsnivyan.com/system-message/59?z=5369052&var=807547401706680837

Report Overview

Submitted URL
ofsnivyan.com/system-message/59?z=5369052&var=807547401706680837
IP
104.21.90.194
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-26 02:18:13
Access
public
Website Title
Participate in Our Exclusive Online Survey: Share Your Insight
Final URL
ofsnivyan.com/system-message/59?z=5369052&var=807547401706680837
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
56

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ofsnivyan.com	unknown	2023-09-26	2023-09-29	2024-04-18	14 kB	396 kB	104.21.90.194
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-04-25	457 B	738 B	139.45.195.8
arleavannya.com	unknown	2024-01-22	2024-01-22	2024-04-22	1.0 kB	1.4 kB	139.45.197.248
amunfezanttor.com	unknown	2023-03-31	2023-03-31	2024-04-25	509 B	480 B	139.45.197.250
cdntechone.com	64371	2021-12-24	2021-12-24	2024-04-22	399 B	20 kB	172.67.195.28
datatechonert.com	46154	2021-12-24	2021-12-24	2024-04-25	572 B	483 B	37.48.68.71

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	ofsnivyan.com	Sinkholed
2024-04-25	medium	ofsnivyan.com	Sinkholed
2024-04-25	medium	ofsnivyan.com	Sinkholed
2024-04-25	medium	ofsnivyan.com	Sinkholed
2024-04-25	medium	ofsnivyan.com	Sinkholed
2024-04-25	medium	amunfezanttor.com	Sinkholed
2024-04-25	medium	ofsnivyan.com	Sinkholed
2024-04-25	medium	ofsnivyan.com	Sinkholed
2024-04-25	medium	ofsnivyan.com	Sinkholed
2024-04-25	medium	ofsnivyan.com	Sinkholed
2024-04-25	medium	ofsnivyan.com	Sinkholed
2024-04-25	medium	ofsnivyan.com	Sinkholed
2024-04-25	medium	ofsnivyan.com	Sinkholed
2024-04-25	medium	ofsnivyan.com	Sinkholed
2024-04-25	medium	ofsnivyan.com	Sinkholed
2024-04-25	medium	ofsnivyan.com	Sinkholed
2024-04-25	medium	ofsnivyan.com	Sinkholed
2024-04-25	medium	ofsnivyan.com	Sinkholed
2024-04-25	medium	ofsnivyan.com	Sinkholed
2024-04-25	medium	ofsnivyan.com	Sinkholed
2024-04-25	medium	ofsnivyan.com	Sinkholed
2024-04-25	medium	ofsnivyan.com	Sinkholed
2024-04-25	medium	ofsnivyan.com	Sinkholed
2024-04-25	medium	ofsnivyan.com	Sinkholed
2024-04-25	medium	ofsnivyan.com	Sinkholed
2024-04-25	medium	ofsnivyan.com	Sinkholed
2024-04-25	medium	ofsnivyan.com	Sinkholed
2024-04-25	medium	ofsnivyan.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (20)

	URL	Size	First Seen	Last Seen
	ofsnivyan.com/_next/static/chunks/webpack-a2bc5b9348705b8c.js	6.3 kB	2024-04-25	2024-04-26
Pretty URL ofsnivyan.com/_next/static/chunks/webpack-a2bc5b9348705b8c.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 23:22:29 Last Seen2024-04-26 09:26:44 Times Seen14 Hash 250c5b6f6b8df02c52abfb59ed331b0d b68a191dc0c14dfe17dab4c9c3bbae733afab10a 59daf8963364a4a634d62311ab810482d679b5c3866067be3eff5ee3ce4b0457 Loading...

	ofsnivyan.com/_next/static/chunks/framework-8940d626f3bfb7e9.js	26 kB	2024-04-25	2024-05-05
Pretty URL ofsnivyan.com/_next/static/chunks/framework-8940d626f3bfb7e9.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 15:50:08 Last Seen2024-05-05 20:11:44 Times Seen376 Hash 33a34c525e2bee14a166fe1289835308 4afb650772181930d19dca9a41490beea5087932 bebac61ce044debeb2025b1fbf1c95f1b9a4bc97d0702676dea22b0bb689b555 Loading...

	ofsnivyan.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-eaddf0428a16426c.js	662 B	2024-04-18	2024-04-30
Pretty URL ofsnivyan.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-eaddf0428a16426c.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 08:03:12 Last Seen2024-04-30 14:45:16 Times Seen112 Hash 06062156d99da1c306ff5966000be2c4 3c128ded6b30d8bcfb9a85b8f1d7551400c4eb60 9e0349f7ac8b75e95aff12e66f57065f040d20165ea783fe17366bea6a56751d Loading...

	ofsnivyan.com/_next/static/chunks/5057.48c7d5a8740ee05f.js	3.3 kB	2024-04-14	2024-05-04
Pretty URL ofsnivyan.com/_next/static/chunks/5057.48c7d5a8740ee05f.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-14 22:24:12 Last Seen2024-05-04 10:17:47 Times Seen24 Hash ebaf4ad232569f63125adc3fb15e429d 0ccd7de1dbd267c32350e2a5e140edb7850f38f9 c46599211e04922a13ffdc04ea36e039ab9cf29b28d31c03003d9ab63ff01faf Loading...

	ofsnivyan.com/_next/static/chunks/3091.8141ef861c4fae96.js	2.4 kB	2024-04-24	2024-05-05
Pretty URL ofsnivyan.com/_next/static/chunks/3091.8141ef861c4fae96.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 20:44:14 Last Seen2024-05-05 20:11:44 Times Seen217 Hash 8de4ecfc18371e9af83a020ad48a4839 f4cfd9509facd189f8e3487426a36cecfc77c090 954601b08c55f3c2e1c2a0a766e31a55e18b3ee0f6213cd1761decd4e4715f64 Loading...

	ofsnivyan.com/_next/static/chunks/main-beb6af9e60a8e042.js	109 kB	2024-02-12	2024-05-05
Pretty URL ofsnivyan.com/_next/static/chunks/main-beb6af9e60a8e042.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-12 18:57:12 Last Seen2024-05-05 14:03:22 Times Seen145 Hash 44ec1451f689d71d5f33a10d4aa44658 0f7e72050b7bf72366d9463a16038ae94e232f46 1708144463d376da261c16eab17b1d2fe5c49351847f43a46c6ae4b347fd9304 Loading...

	ofsnivyan.com/_next/static/prhu88fhWjcFxMpI6LI5_/_ssgManifest.js	182 B	2024-04-18	2024-05-05
Pretty URL ofsnivyan.com/_next/static/prhu88fhWjcFxMpI6LI5_/_ssgManifest.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 11:58:16 Last Seen2024-05-05 20:11:44 Times Seen288 Hash d78f02cd11637a888af548f5e270c3af 9c90b573305ec9d6d2e7e74837c641a863d991b4 2357fd3fc3972384c0c7a714da244191da43a7bf5d91fd865a30d2deb0b6b517 Loading...

	ofsnivyan.com/_next/static/chunks/2734.6269ca0cf725ea17.js	4.1 kB	2024-04-24	2024-05-05
Pretty URL ofsnivyan.com/_next/static/chunks/2734.6269ca0cf725ea17.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 10:54:43 Last Seen2024-05-05 20:11:44 Times Seen230 Hash 48072be51722d2894982d56f13a52372 c1fbbdcb8b12079d61205284dec041f93390f47b b0ab49765bb74cdb8c46c171f3adad413e1934203046a3ca23d4872c892894d5 Loading...

	ofsnivyan.com/_next/static/chunks/3978.f48a53d50c258a97.js	3.0 kB	2024-04-13	2024-04-26
Pretty URL ofsnivyan.com/_next/static/chunks/3978.f48a53d50c258a97.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-13 13:54:11 Last Seen2024-04-26 09:26:44 Times Seen53 Hash 0c60c4b03a77633fc4177d0ffaa530e1 61f40dca0463045927e933959e5f16280db6403c 2f592be0eab537bef0500f89410df1783c7cccef79e8586ba30e53e63c78247e Loading...

	ofsnivyan.com/_next/static/chunks/4482.769eda623019310d.js	3.9 kB	2024-03-30	2024-04-28
Pretty URL ofsnivyan.com/_next/static/chunks/4482.769eda623019310d.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-30 23:49:12 Last Seen2024-04-28 19:57:44 Times Seen16 Hash 434915803de0abc8f17cd262635c3c5f 5099fee6dbb60937f41b7f98e5f8e52351c71444 40559feb90892a75a3ad5751ce8cb9d39b98b5624145b5c23e0ca568c50ee0cd Loading...

	ofsnivyan.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=5369052&ymid=807547401706680837&b=&campaignid=&click_id=&ab2r=&rhd=1&var_3=&oaid=ywi5z2n4rkj0m3cuq3elnzpt122fxk&os_version=&btz=UTC&bto=0&z=7250650&cdn=1&domain=ofsnivyan.com&ab2=&ab2_ttl=5184000	37 kB	2024-04-25	2024-05-05
Pretty URL ofsnivyan.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=5369052&ymid=807547401706680837&b=&campaignid=&click_id=&ab2r=&rhd=1&var_3=&oaid=ywi5z2n4rkj0m3cuq3elnzpt122fxk&os_version=&btz=UTC&bto=0&z=7250650&cdn=1&domain=ofsnivyan.com&ab2=&ab2_ttl=5184000 IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 13:01:48 Last Seen2024-05-05 20:58:01 Times Seen1531 Hash 32d6dbd00a639e2cd10d1704b9159bd5 0dab4c95675393f1d0e13d20f13d80ee12e41d95 9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de Loading...

	ofsnivyan.com/_next/static/chunks/7708.8e590fe080714c84.js	18 kB	2024-04-26	2024-04-26
Pretty URL ofsnivyan.com/_next/static/chunks/7708.8e590fe080714c84.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 00:07:32 Last Seen2024-04-26 05:28:34 Times Seen8 Hash f1eae50102c9b8e5e1a4f89fd7719bf2 f328fa17a14398bb15161041966052903af7be9e 69f51a141b5b546b1f236974edee6aa5ef86f31a647cd9db2a547fc7fe270dbb Loading...

	ofsnivyan.com/_next/static/chunks/pages/_app-779a416495e5a308.js	41 kB	2024-04-25	2024-04-26
Pretty URL ofsnivyan.com/_next/static/chunks/pages/_app-779a416495e5a308.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 15:50:07 Last Seen2024-04-26 09:26:44 Times Seen28 Hash 43842afba6d436c94e0e48cab1f7c06f 4436202943a1c082b6486040f6434340e75a893e c57c27310d20bfb3452953a5dce4c3ec6e3e280990389badfc58cf3a87598c33 Loading...

	ofsnivyan.com/_next/static/chunks/7903-dd238946c7924507.js	32 kB	2024-03-21	2024-05-05
Pretty URL ofsnivyan.com/_next/static/chunks/7903-dd238946c7924507.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-21 14:18:29 Last Seen2024-05-05 20:11:44 Times Seen493 Hash b5dd343db67bd22544d11da18268f5c3 069b5b221dd75af58d93192460778b3d07835e74 6347f1d4083f7a0a2ac3d8b12aae8832d9ea6914aa6e137d16a4d41869d14ea5 Loading...

	ofsnivyan.com/_next/static/chunks/2090-519478c186a3d867.js	11 kB	2024-04-25	2024-05-05
Pretty URL ofsnivyan.com/_next/static/chunks/2090-519478c186a3d867.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 23:22:30 Last Seen2024-05-05 20:11:44 Times Seen372 Hash 37545926cc9a6e537b9f3e95d7a16c1e c3cbfe1f9737817eda25770274e97feaf6b8cc68 d3ccc772608b2a03a543da22715903e2b6e2c14c42c2f475a0f483ac3cd64b37 Loading...

	ofsnivyan.com/_next/static/chunks/1155-d7686500f009e1a8.js	66 kB	2024-04-25	2024-04-26
Pretty URL ofsnivyan.com/_next/static/chunks/1155-d7686500f009e1a8.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 23:22:29 Last Seen2024-04-26 09:26:44 Times Seen21 Hash 613f5d49f7d43d94b46505b05e0590c3 e4d44234534d7a70e04140fa59940b23c99d9a86 07f78aaa713b41b3253165b89b449dfe3ad0485e2423b64b5a5d35b2b8b02078 Loading...

	ofsnivyan.com/_next/static/prhu88fhWjcFxMpI6LI5_/_buildManifest.js	1.6 kB	2024-04-25	2024-04-26
Pretty URL ofsnivyan.com/_next/static/prhu88fhWjcFxMpI6LI5_/_buildManifest.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 23:22:29 Last Seen2024-04-26 09:26:44 Times Seen18 Hash 4a0ba7194e87f13cd94bbde8d8afb837 8ebdf287b41148fadcddc878a2d3c75255c5d55d 240c3751c47d15cd5f908114ce203156059b9f3e27f489b1ebcd9fab0d1936ca Loading...

	ofsnivyan.com/_next/static/chunks/5356.cd117ab77e87aa94.js	1.3 kB	2024-02-28	2024-05-05
Pretty URL ofsnivyan.com/_next/static/chunks/5356.cd117ab77e87aa94.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-28 05:15:28 Last Seen2024-05-05 15:58:20 Times Seen117 Hash 48bc38caebc09f278d740e9a8302bf56 b687105616511f0eb1f493a5ff7cb35e6b445b5e d558e0466151e37fdefda1944ca4860ea0f63fc583e36ed00e2516d52774caa3 Loading...

	ofsnivyan.com/_next/static/chunks/9787.32846937d0160cf7.js	1.8 kB	2024-03-22	2024-04-26
Pretty URL ofsnivyan.com/_next/static/chunks/9787.32846937d0160cf7.js IP 104.21.90.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-22 08:23:18 Last Seen2024-04-26 09:26:44 Times Seen79 Hash 0b47bad6a8778bdc8cd3dec268938624 246ca006b4bdb919f3f1e8fd567a8631f5a136d9 1bb773520bd8d662232b89b67a6ae04556b715b90239d9c443502219b71a2471 Loading...

	cdntechone.com/stattag.js	19 kB	2024-02-07	2024-05-05
Pretty URL cdntechone.com/stattag.js IP 172.67.195.28 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-07 19:13:47 Last Seen2024-05-05 20:11:44 Times Seen791 Hash bec2755dff94190fec0365b0db53807b f98c36e7e9e06325d03fe39c3b98879062fc2704 ccb15ff22ece6946136f1501ab3ae74155399187c8e85beb10399d56bb8e149a Loading...

HTTP Transactions (33)

URL IP Response Size

ofsnivyan.com/_next/static/chunks/2090-519478c186a3d867.js

104.21.90.194

200 OK

4.4 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/2090-519478c186a3d867.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (10752), with no line terminators
Size
4.4 kB (4428 bytes)
Hash
37545926cc9a6e537b9f3e95d7a16c1e
c3cbfe1f9737817eda25770274e97feaf6b8cc68
d3ccc772608b2a03a543da22715903e2b6e2c14c42c2f475a0f483ac3cd64b37

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/2090-519478c186a3d867.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 02:17:48 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: W/"662a72d0-2a00"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aOQhQeR2TKlEsIPxxMvPwnDSlrG1%2F03wS%2Ft6LDgpHHTTSJx%2BYTVt1R%2FsWR8uAc9kAjZ7WX7tzi%2BUYwkNe6UDV7F4lud7oKhzs57l2WCnFJPOIOweglPX524VH9x9vMdT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3141a8ff00afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/_next/static/chunks/3091.8141ef861c4fae96.js

104.21.90.194

200 OK

1.7 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/3091.8141ef861c4fae96.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (2385), with no line terminators
Size
1.7 kB (1654 bytes)
Hash
8de4ecfc18371e9af83a020ad48a4839
f4cfd9509facd189f8e3487426a36cecfc77c090
954601b08c55f3c2e1c2a0a766e31a55e18b3ee0f6213cd1761decd4e4715f64

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/3091.8141ef861c4fae96.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 02:17:48 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: W/"662a72d0-951"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uNxK7RCEoFKOYO70D%2FJqgt5C0V5ZRYYLNLsYnU7TZqVjLmoNTgKKNr0vf3ElMFRl5mNsznoljJ2teLvUC9JzD4WjSVg%2FWmQ6wS%2BcFfTA4g8GGJ3Jet4q1pIEHVjrEGRx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3141b78270afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

my.rtmark.net/gid.js?userId=ywi5z2n4rkj0m3cuq3elnzpt122fxk

139.45.195.8

200 OK

63 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=ywi5z2n4rkj0m3cuq3elnzpt122fxk
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JSON text data
Size
63 B (63 bytes)
Hash
35a4ef500ae36fd596b80d746ffc78f7
dc49363b175e9ea4230cc8ea5823626c6c77b52a
f8db452e79c1dc125a03353d1618ec647ac9734612a0e43b8cdf946da4722404

HTTP Headers

GET /gid.js?userId=ywi5z2n4rkj0m3cuq3elnzpt122fxk HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ofsnivyan.com/
Origin: https://ofsnivyan.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 02:17:48 GMT
content-type: application/json; charset=utf-8
content-length: 63
access-control-allow-origin: https://ofsnivyan.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=ywi5z2n4rkj0m3cuq3elnzpt122fxk; expires=Sat, 26 Apr 2025 02:17:48 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ofsnivyan.com/_next/static/chunks/4482.769eda623019310d.js

104.21.90.194

200 OK

1.8 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/4482.769eda623019310d.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (3943), with no line terminators
Size
1.8 kB (1799 bytes)
Hash
434915803de0abc8f17cd262635c3c5f
5099fee6dbb60937f41b7f98e5f8e52351c71444
40559feb90892a75a3ad5751ce8cb9d39b98b5624145b5c23e0ca568c50ee0cd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/4482.769eda623019310d.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59?z=5369052&var=807547401706680837
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 02:17:48 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: W/"662a72d0-f67"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lDUFDoJbAuw%2BA8uONw%2FV5e3JPMneAYvAII9ojCmq5msyu1QrnzXgg0bqzlTT0uqKftLTNiXdlWtbpQAO8sXf0kl1MJ%2Fd5OvHdouPhqtZUhDBJiuHSvQvMb2F9%2Bn5Wnaj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3141ba82e0afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

arleavannya.com/sync-metrics

139.45.197.248

200 OK

0 B

URL OPTIONS HTTP/2
arleavannya.com/sync-metrics
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerLet's Encrypt
Subjectarleavannya.com
Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47
ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://ofsnivyan.com/
Origin: https://ofsnivyan.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 02:17:48 GMT
content-length: 0
access-control-allow-origin: https://ofsnivyan.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

arleavannya.com/sync-metrics

139.45.197.248

200 OK

17 B

URL OPTIONS HTTP/2
arleavannya.com/sync-metrics
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerLet's Encrypt
Subjectarleavannya.com
Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47
ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT

File type
JSON text data
Size
17 B (17 bytes)
Hash
5b64e8b89092b2e3dfd448b10700627f
484b3032619fa1acd135d114565b0a5166281c22
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

HTTP Headers

POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ofsnivyan.com/
Content-Type: application/json
Content-Length: 290
Origin: https://ofsnivyan.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 02:17:48 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 7f7082809f6fb1c3c15e993c03dde780
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ofsnivyan.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837

104.21.90.194

200 OK

3.3 kB

URL User Request GET HTTP/3
ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
HTML document, ASCII text, with very long lines (3919)
Size
3.3 kB (3296 bytes)
Hash
3d7c2b721c65d19231147490ef637faf
3bf23487c2bd83ab245490d5d48618fa7150b980
5ec1f2bc79690fe845357232cfb438d0885be8cd2af6bf393385bf0a9e595f54

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /system-message/59/?z=5369052&var=807547401706680837 HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 02:17:47 GMT
content-type: text/html
last-modified: Thu, 25 Apr 2024 15:12:18 GMT
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vsb9DiK4ceY8Qq%2FDRD8g7MvI%2FPxKhOrv6gBpSzjRYbnxzqQ8KkBAK5ae%2FK%2BzKl69aTbNc5srasQa6bCvsD7NgHyHL%2F61z43d5UF1Ui3U9GIy9dQFk4V31SG8Udulk%2F%2F1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a314187f9e0afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/_next/static/prhu88fhWjcFxMpI6LI5_/_ssgManifest.js

104.21.90.194

200 OK

105 B

URL GET HTTP/3
ofsnivyan.com/_next/static/prhu88fhWjcFxMpI6LI5_/_ssgManifest.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
ASCII text, with no line terminators
Size
105 B (105 bytes)
Hash
d78f02cd11637a888af548f5e270c3af
9c90b573305ec9d6d2e7e74837c641a863d991b4
2357fd3fc3972384c0c7a714da244191da43a7bf5d91fd865a30d2deb0b6b517

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/prhu88fhWjcFxMpI6LI5_/_ssgManifest.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 02:17:48 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: W/"662a72d0-b6"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pb%2Fuz4ky8Y%2FyT4ysyGcNyGPmkYecvfWdMa3k0uttmr4EP%2BhTo0jCNiwZVNnNmVhkXIgLKZZ%2Fk4efdn1HDeuSVAhEkNvis%2F34jtdMPg86TDDfZlwx90xDALonwK2baQl6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3141a8ff40afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://ofsnivyan.com/
Origin: https://ofsnivyan.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 02:17:48 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://ofsnivyan.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

ofsnivyan.com/custom

104.21.90.194

200 OK

136 B

URL POST HTTP/3
ofsnivyan.com/custom
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JSON text data
Size
136 B (136 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /custom HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 354
Origin: https://ofsnivyan.com
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59?z=5369052&var=807547401706680837
Cookie: OAID=ywi5z2n4rkj0m3cuq3elnzpt122fxk; syncedCookie=true; oaidts=1714097868
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 02:17:48 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-trace-id: c8c8facf2bbbc2e9ea548cb5712dce32
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ofsnivyan.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7Ql2CNHWn%2BdNl0VkFjFjlki0YuKbUWwxmhg6L6XmpbSbSanUQX9KgkWQvuAY1PzGBuGKO4lTNQz314szNLIW7YPVDZo1RrzKTbw0tvHMwPC9vFLMPxpURxxk6ZZZSPWi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3141d787d0afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/favicon.ico

104.21.90.194

204 No Content

0 B

URL GET HTTP/3
ofsnivyan.com/favicon.ico
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Cookie: OAID=ywi5z2n4rkj0m3cuq3elnzpt122fxk; syncedCookie=true; oaidts=1714097868
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Fri, 26 Apr 2024 02:17:48 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fwUZGFFILAz7oaLV8H7w1iTO1ng%2B1%2BW1cLQ16b4TULntC4dqihjcUWRVMRsGMAsyKlZV3BuAMjsputeOy%2BkyS7I7bpHvFJ55CSQprdcIgeiMHR9ZXLvcKxKp79O2K%2BbP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3141e68b00afa-OSL
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/_next/static/chunks/9787.32846937d0160cf7.js

104.21.90.194

200 OK

4.7 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/9787.32846937d0160cf7.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (1761), with no line terminators
Size
4.7 kB (4652 bytes)
Hash
0b47bad6a8778bdc8cd3dec268938624
246ca006b4bdb919f3f1e8fd567a8631f5a136d9
1bb773520bd8d662232b89b67a6ae04556b715b90239d9c443502219b71a2471

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/9787.32846937d0160cf7.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 02:17:48 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: W/"662a72d0-6e1"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VwJDbE%2FgKeVHxAbVy8fteQ7mXLb2Pem8smssY939fCvAii%2BdU%2FfQeMBv8GaMNBueyy0Ls8noPxK0IaUMWKwIa0qBF1ihXP8geYccWIhBWhBABRislkTVs0XChpuy4pqC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3141b882a0afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/_next/static/chunks/main-beb6af9e60a8e042.js

104.21.90.194

200 OK

109 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/main-beb6af9e60a8e042.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
109 kB (108887 bytes)
Hash
44ec1451f689d71d5f33a10d4aa44658
0f7e72050b7bf72366d9463a16038ae94e232f46
1708144463d376da261c16eab17b1d2fe5c49351847f43a46c6ae4b347fd9304

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/main-beb6af9e60a8e042.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 02:17:48 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: W/"662a72d0-1a957"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FHbyWtDY3JtkKPycN67uVxO8HX%2BGcZ%2BLS1ZA0MeLJZgxZ5I9yIMYNpVjrYi36JeF7L2SmNCxQyAxEDXm7T9qzGuRR8FC3tWFJ72Ep%2Bn5pZX7FljfGw8qwhLOGDj211TJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3141a8fed0afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/_next/static/prhu88fhWjcFxMpI6LI5_/_buildManifest.js

104.21.90.194

200 OK

1.6 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/prhu88fhWjcFxMpI6LI5_/_buildManifest.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
ASCII text, with very long lines (1697), with no line terminators
Size
1.6 kB (1605 bytes)
Hash
7f21d4c2efcc0280ede698d517a60662
80fc8d9b1ba41b69448181635f6ee590e36a0c18
e8554def84a46a278ee7669b9cb33b69cd6cf41ee34ff9842d05e0e53fefd152

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/prhu88fhWjcFxMpI6LI5_/_buildManifest.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 02:17:48 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: W/"662a72d0-645"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KAUBvWqJszcIL1yiO4TCrv1ATqP2vhk9xyX7DWHJzuynlKBioCQythVOb%2Fk%2B76TTO9U%2Bbjev7Yv66WM5jwvDP%2F5sHE%2BuIo62Cbz9y60Pp8es3NF517DFMtvXVuxB6XWF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3141a8ff30afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdntechone.com/stattag.js

172.67.195.28

200 OK

19 kB

URL GET HTTP/2
cdntechone.com/stattag.js
IP
172.67.195.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerGoogle Trust Services LLC
Subjectcdntechone.com
Fingerprint3D:20:D4:11:5D:06:B3:63:9C:08:BF:D9:D9:16:22:D5:DC:3B:9A:CB
ValidityMon, 22 Apr 2024 03:33:58 GMT - Sun, 21 Jul 2024 03:33:57 GMT

File type
JavaScript source, ASCII text, with very long lines (18452)
Size
19 kB (19102 bytes)
Hash
bec2755dff94190fec0365b0db53807b
f98c36e7e9e06325d03fe39c3b98879062fc2704
ccb15ff22ece6946136f1501ab3ae74155399187c8e85beb10399d56bb8e149a

HTTP Headers

GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 02:17:48 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:04 GMT
etag: W/"65c37cb8-4a9e"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 12
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MVcnVvlttTG6CXpJbTyqifiElzjQbNjeS%2BUtBmU2LoZhClAJmTKHsSf%2F7v5tU9yu%2FpiAVz2zyQlJt%2BD46yBADCTYy5uhishC%2BBG7rmjsxCf89FA8pYdtRJLpAawObpBdYg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3141c684b569f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ofsnivyan.com/_next/static/chunks/7708.8e590fe080714c84.js

104.21.90.194

200 OK

18 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/7708.8e590fe080714c84.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (17791), with no line terminators
Size
18 kB (17791 bytes)
Hash
f1eae50102c9b8e5e1a4f89fd7719bf2
f328fa17a14398bb15161041966052903af7be9e
69f51a141b5b546b1f236974edee6aa5ef86f31a647cd9db2a547fc7fe270dbb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/7708.8e590fe080714c84.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 02:17:47 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: W/"662a72d0-457f"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WTSYEsOKNvPyLIzwrfTb1wecOFLcqEeiwXTqFwgOqWxQubBJIPWRycNsGy%2BMZQEy%2Fb7OpyvHDWm7sus0zLBgVru%2BHZebBfzJXiLX5kXZNP4JfsSl1wv4jjVo2RuLDixv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3141a7fe90afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/_next/static/chunks/1155-d7686500f009e1a8.js

104.21.90.194

200 OK

66 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/1155-d7686500f009e1a8.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (65462), with no line terminators
Size
66 kB (65462 bytes)
Hash
613f5d49f7d43d94b46505b05e0590c3
e4d44234534d7a70e04140fa59940b23c99d9a86
07f78aaa713b41b3253165b89b449dfe3ad0485e2423b64b5a5d35b2b8b02078

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/1155-d7686500f009e1a8.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 02:17:48 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: W/"662a72d0-ffb6"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2ItUjZLBTQdMaIQsWJfJlfY3vA5cc5FnO2MUUXb0v0vlyfEvF2XA6lOoSobjNxypPDaUG2zzh7NG5tMWJZH7xF%2FbuTN%2B%2FBmsWrKB19mcmego1Z8UuFs%2F3l4I%2FmoDuNqt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3141a8ff10afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/system-message/59?z=5369052&var=807547401706680837

104.21.90.194

301 Moved Permanently

7.2 kB

URL User Request GET HTTP/2
ofsnivyan.com/system-message/59?z=5369052&var=807547401706680837
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type

Size
7.2 kB (7164 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /system-message/59?z=5369052&var=807547401706680837 HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Fri, 26 Apr 2024 02:17:47 GMT
content-type: text/html
location: http://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Efoiqd5lP0X%2Fd0YEp5r0CHh%2FBY0dzF2th5vzCTIpebBDrDVmTedX9L%2F8s3aZ%2FuH52BmmZBrHxf8mGE0N%2B9Y0k0MFMYbAwe1EnckMG797aHoNxFIkqzeQU4Ej6ZfMX%2Bw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a31417da5456a9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ofsnivyan.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-eaddf0428a16426c.js

104.21.90.194

200 OK

662 B

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-eaddf0428a16426c.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (666), with no line terminators
Size
662 B (662 bytes)
Hash
49f9c13e383477050c867416e60b3222
eeb57b5af30601d21511ff1eb94001b86d0c6465
1430b1cd7eaade1b7ba5b3a245f9221c0f6067efd03fc812821d0762b5d10ad4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-eaddf0428a16426c.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 02:17:48 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: W/"662a72d0-296"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A%2F5BEMWqozpMUOZagps599ZDdyMVTYIS2LrlbKOQFThZiaAn9FEZdLfF0Kdk35CdsM30nWadNxnKJKOhhtM6Kq9r9bBIS1j7ZX7HSMDXHen4U593Qgk8w1uCGHVgvSHu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3141a8ff20afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/_next/static/chunks/5057.48c7d5a8740ee05f.js

104.21.90.194

200 OK

3.3 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/5057.48c7d5a8740ee05f.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (3375), with no line terminators
Size
3.3 kB (3341 bytes)
Hash
8f79b9155b8b6921206c5c92026b7365
50ef9171a052e5428806431761fca7e75044c0dd
497fc3beb3a1f2e5af56019b4051a15204b9a1320622f4e4bc23342dbbfb71b3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/5057.48c7d5a8740ee05f.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 02:17:48 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: W/"662a72d0-d0d"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gZ5paJyYkDsb96%2BziJ70FaCvl142ti0ICZtMJVT9ZGuli5J%2FfXUszJu4RVX3d7ZBRxl7RQstGg1fiFmMLxvRSRtvbDmboTHdrD%2B8vAFQWBd7GbamIuvSuOD7y2WnEawL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3141b78260afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/_next/static/css/0bc0cde260d08b97.css

104.21.90.194

200 OK

1.8 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/css/0bc0cde260d08b97.css
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
ASCII text, with very long lines (1843), with no line terminators
Size
1.8 kB (1843 bytes)
Hash
64b2b4fa42c7d558d735e2cd28ecf88a
03d6da6e55b1201b51689590520da495a9233d67
2fdb3ce9ccba8355040e5ba3dfb2283194acba81858943b5d88f70030dbb71ea

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/css/0bc0cde260d08b97.css HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 02:17:47 GMT
content-type: text/css
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: W/"662a72d0-733"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YB0VEIaXb5vk4g5L7A%2FTGho7elmpRUFjur7Y5GTGI2PsQdtN0BZ9ZT2MTyuAVnY9AJZT2XMy0na%2F2Ei0YTYD0HzVfVd5h25S250cKcd4dfR3hPIMpf%2BgAMxT1xLS0TXC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3141a7fe80afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/_next/static/chunks/webpack-a2bc5b9348705b8c.js

104.21.90.194

200 OK

6.3 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/webpack-a2bc5b9348705b8c.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (6537), with no line terminators
Size
6.3 kB (6289 bytes)
Hash
126b569c97e24d6a866b73bd4675e9de
2c33320f6b6ef0c0f650e22fd8dd6ba4a9198056
83a46cf91aa584396d54046d4badb5360b558ea49b4ea5858aae2aef15492375

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/webpack-a2bc5b9348705b8c.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 02:17:47 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: W/"662a72d0-1891"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ps%2FM%2FwWvC22I7ClIFK%2F%2FJ9Oz7kHUzYmvJPgfOhfZOKSlwa92nPR6Opp%2Bkz9JrDu%2Bx%2BVkVTZpnqPKoZVbOc9nhtysjqFcgBSf%2BUHKXt8q2T20n%2BER2Kn1m5R5xunTaoTu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3141a8feb0afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=8c9f6a69-325c-4ec4-8276-277e0698765e

37.48.68.71

200 OK

12 B

URL POST HTTP/1.1
datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=8c9f6a69-325c-4ec4-8276-277e0698765e
IP
37.48.68.71:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerSectigo Limited
Subjectdatatechonert.com
Fingerprint3F:E1:50:2C:9F:FC:F9:37:03:E3:B6:34:00:06:89:69:01:E7:C3:27
ValiditySun, 10 Dec 2023 00:00:00 GMT - Mon, 23 Dec 2024 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
6949f52318584a4b51c719a9b84a7287
9fbd870c6afd4bdd6fbbd87f52df2c81dd23e905
72603096ec3515dbc615ab8837fd1b15e91ee827bc7af41d71c9882b08699375

HTTP Headers

POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=8c9f6a69-325c-4ec4-8276-277e0698765e HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1388
Origin: https://ofsnivyan.com
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 26 Apr 2024 02:17:48 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://ofsnivyan.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

ofsnivyan.com/_next/static/chunks/7903-dd238946c7924507.js

104.21.90.194

200 OK

32 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/7903-dd238946c7924507.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (31896), with no line terminators
Size
32 kB (31896 bytes)
Hash
b5dd343db67bd22544d11da18268f5c3
069b5b221dd75af58d93192460778b3d07835e74
6347f1d4083f7a0a2ac3d8b12aae8832d9ea6914aa6e137d16a4d41869d14ea5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/7903-dd238946c7924507.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 02:17:48 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: W/"662a72d0-7c98"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4MitZpDUCLi4%2BJ5cf2ADjIbDSTXtUBv2UIuB5qSi8D7PRJy6GTPmXVKd5VDCLz2jKEY83leSflxJXUaqS3f1mGTFI%2BiJaWBQrmOtf6QXyAmEZUOx3j6bbflaENF1gLN7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3141a8fef0afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/_next/static/chunks/5356.cd117ab77e87aa94.js

104.21.90.194

200 OK

1.3 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/5356.cd117ab77e87aa94.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (1340), with no line terminators
Size
1.3 kB (1298 bytes)
Hash
928a78a6ff2acfdfc2b133e09c23a898
80992f60be4eeaa5e9ee31c4912fc8fd15806007
af03ac8ae373bd61c0ac2106d2837e74bf0f3c2d02682c018909684f3e6af5bf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/5356.cd117ab77e87aa94.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 02:17:48 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: W/"662a72d0-512"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jGJALwBVoWRNLuObLTWEmxCI9fNkzdSncO1spl3B%2FyoA8%2BnWtb%2B7sDTnjAkkhCzT1uNxNwtHtaOvpq4b9EI%2FVfyHYilFDm6M451A62rSMxBegRYdqONHyrsAzAsuRaVC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3141b88280afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/sw/universal.js?var=5369052&ymid=807547401706680837&ab2_ttl=5184000&zoneId=7250650

104.21.90.194

200 OK

1.5 kB

URL GET HTTP/3
ofsnivyan.com/sw/universal.js?var=5369052&ymid=807547401706680837&ab2_ttl=5184000&zoneId=7250650
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
ASCII text, with very long lines (1540), with no line terminators
Size
1.5 kB (1458 bytes)
Hash
5edd43e1c6126829925eb36cdbaf7af3
e1baae48011f9077aa37e6ab31d4604d41aec303
38945b2621b28329b93e77cc757db7e8def95dd4f4ba1c13862018da2df83411

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sw/universal.js?var=5369052&ymid=807547401706680837&ab2_ttl=5184000&zoneId=7250650 HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59?z=5369052&var=807547401706680837
Cookie: OAID=ywi5z2n4rkj0m3cuq3elnzpt122fxk; syncedCookie=true; oaidts=1714097868
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 02:17:48 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: W/"662a72d0-5b2"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 4919
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=50YJkmM9DxpCyve79n1RyqJrEUOElSV3%2F0mEoDqUA3bllo%2BN5D0SAdI08Yd6rVbJErvxBZHpuhKKlMeP5cQN%2BjYfhAbNH%2Bu%2F3xmi3iJ1VWG3hOXQkcJxoimRNt6imbia"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3141d787f0afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/_next/static/chunks/framework-8940d626f3bfb7e9.js

104.21.90.194

200 OK

26 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/framework-8940d626f3bfb7e9.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (25995), with no line terminators
Size
26 kB (25995 bytes)
Hash
33a34c525e2bee14a166fe1289835308
4afb650772181930d19dca9a41490beea5087932
bebac61ce044debeb2025b1fbf1c95f1b9a4bc97d0702676dea22b0bb689b555

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/framework-8940d626f3bfb7e9.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 02:17:47 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: W/"662a72d0-658b"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kniGXxLpTWW5xy6C1JfEK1StGf9RQ7tqVMl0bhq02jSyVVqykFCu9ZWTrU%2F%2FyLgewsjCJAfYF3BAzbPFRatms7n1pqraQytBlO%2FmpUwcUcUaagnSGwqOo4J26MAc5mIp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3141a8fec0afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/_next/static/chunks/2734.6269ca0cf725ea17.js

104.21.90.194

200 OK

4.1 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/2734.6269ca0cf725ea17.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (4219), with no line terminators
Size
4.1 kB (4147 bytes)
Hash
98132c6c771aec065d3ab61e5c8c0f53
56484dafed6218ea17ef047fc8cd4c5a342c1890
ae09486720d6d4764b5126f0e26414962ee83eeebdc05db588bb7d86855e8b23

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/2734.6269ca0cf725ea17.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 02:17:48 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: W/"662a72d0-1033"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oFE11Sk0e%2F1x6Oa6eSfsHvbtP%2FgKa4oZnHlHRJskTQjfNua%2Bu0q9YRYbrhl1K%2BdKx%2BlMvqY%2FrhJA3aMnwVETyNLREIg%2FMwP%2BnEf%2F6RoesKbnaJbpzSHvAJSM%2F1LRUPj%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3141b78220afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/_next/static/chunks/3978.f48a53d50c258a97.js

104.21.90.194

200 OK

3.0 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/3978.f48a53d50c258a97.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (3033), with no line terminators
Size
3.0 kB (2955 bytes)
Hash
74bc667253313da76d87a4a986be1be8
9fa4f4b0ef93eb4d387552e257796321d197540f
1c06c61294617665f38c1276deec5d74330236351921feeef0061359cdf139c7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/3978.f48a53d50c258a97.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 02:17:48 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: W/"662a72d0-b8b"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j4r9zKwZPgoZDb8fNVTQQCk3Y0ueCr1tlu6WhAe6EE0ifJDiTTWP7V1RZg1%2BMqXDi%2BgUGMaJMlTgrAqljBZtjVXjF1ZC8%2FlP0wVBLOPaV%2B9Nd1owJPiZ7jE3iLOaTczC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3141b78250afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=5369052&ymid=807547401706680837&b=&campaignid=&click_id=&ab2r=&rhd=1&var_3=&oaid=ywi5z2n4rkj0m3cuq3elnzpt122fxk&os_version=&btz=UTC&bto=0&z=7250650&cdn=1&domain=ofsnivyan.com&ab2=&ab2_ttl=5184000

104.21.90.194

200 OK

37 kB

URL GET HTTP/3
ofsnivyan.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=5369052&ymid=807547401706680837&b=&campaignid=&click_id=&ab2r=&rhd=1&var_3=&oaid=ywi5z2n4rkj0m3cuq3elnzpt122fxk&os_version=&btz=UTC&bto=0&z=7250650&cdn=1&domain=ofsnivyan.com&ab2=&ab2_ttl=5184000
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (37142), with no line terminators
Size
37 kB (37142 bytes)
Hash
32d6dbd00a639e2cd10d1704b9159bd5
0dab4c95675393f1d0e13d20f13d80ee12e41d95
9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=5369052&ymid=807547401706680837&b=&campaignid=&click_id=&ab2r=&rhd=1&var_3=&oaid=ywi5z2n4rkj0m3cuq3elnzpt122fxk&os_version=&btz=UTC&bto=0&z=7250650&cdn=1&domain=ofsnivyan.com&ab2=&ab2_ttl=5184000 HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59?z=5369052&var=807547401706680837
Cookie: OAID=ywi5z2n4rkj0m3cuq3elnzpt122fxk; syncedCookie=true; oaidts=1714097868
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 02:17:48 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:49:22 GMT
vary: Accept-Encoding
etag: W/"662a3532-9116"
access-control-allow-credentials: true
cache-control: max-age=14400
pragma: no-cache
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8kc7644PbLmVVuskSnUkDNfnPw%2FnlpQFENRg7sbAdj%2FcTQ8vz9Axg%2FGPDjXPxaBy1g3xMBFGLo61WvDaIeJxipAi3q8YsRntBbaD%2FdMvOak73%2B9D6%2FBUltEJK6g3XEe5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3141cc85f0afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/_next/static/chunks/pages/_app-779a416495e5a308.js

104.21.90.194

200 OK

41 kB

URL GET HTTP/3
ofsnivyan.com/_next/static/chunks/pages/_app-779a416495e5a308.js
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
JavaScript source, ASCII text, with very long lines (40829), with no line terminators
Size
41 kB (40829 bytes)
Hash
43842afba6d436c94e0e48cab1f7c06f
4436202943a1c082b6486040f6434340e75a893e
c57c27310d20bfb3452953a5dce4c3ec6e3e280990389badfc58cf3a87598c33

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/pages/_app-779a416495e5a308.js HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 02:17:48 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: W/"662a72d0-9f7d"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DF6%2BylRRz7d0hvEj1%2FadPh7gv4VR5YK5LwtfwPHOfZsv2llB1M3Hm2hN5FwgfTu%2FTXIuXi3P%2B2c4PoUkFiIlRNn79fB1%2B2Y6nXZCuXHyPkrBEl3lPFlOqdxyk2kZnyTH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3141a8fee0afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/track?dry=false&request_var=807547401706680837&oaid=ywi5z2n4rkj0m3cuq3elnzpt122fxk&os_version=&var=5369052&var_3=&var_4=&variable2=&ymid=807547401706680837&z=5369052

104.21.90.194

200 OK

182 B

URL GET HTTP/3
ofsnivyan.com/track?dry=false&request_var=807547401706680837&oaid=ywi5z2n4rkj0m3cuq3elnzpt122fxk&os_version=&var=5369052&var_3=&var_4=&variable2=&ymid=807547401706680837&z=5369052
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
182 B (182 bytes)
Hash
e6246b04b7d99b675f7086e756e1f242
9f3b5f5cb9b34830dc20448a0acc83bcce5d2727
5ecadcf1c19edd16643f48e47f530b024c97a5653f98a47e14c61d5270dd7881

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /track?dry=false&request_var=807547401706680837&oaid=ywi5z2n4rkj0m3cuq3elnzpt122fxk&os_version=&var=5369052&var_3=&var_4=&variable2=&ymid=807547401706680837&z=5369052 HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ofsnivyan.com/system-message/59?z=5369052&var=807547401706680837
DNT: 1
Connection: keep-alive
Cookie: OAID=ywi5z2n4rkj0m3cuq3elnzpt122fxk; syncedCookie=true; oaidts=1714097868
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 02:17:48 GMT
content-type: application/json
vary: Accept-Encoding
x-trace-id: 8c2b72cb8dbf233e2dc950e03d3f3c0d
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ofsnivyan.com/
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7SrlFpNKkx71PmPl%2BwWFJtdrcB0CdrPQ%2F61BbzYp1IgJHKImDE%2FwsTJ9efCiqb4v2yX0KSLq1K1fbYy0LlU%2BifSwXgHELImlOHl3%2FM%2B3wLb5Z0AA%2FyHhoZiyXHxbk%2Bo0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3141cc85e0afa-OSL
alt-svc: h3=":443"; ma=86400

ofsnivyan.com/zone?&pub=0&zone_id=7250650&is_mobile=false&domain=ofsnivyan.com&var=5369052&ymid=807547401706680837&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=8d83f602-b00c-4cb0-869b-9f32a4d6a588&action=prerequest

104.21.90.194

200 OK

0 B

URL POST HTTP/3
ofsnivyan.com/zone?&pub=0&zone_id=7250650&is_mobile=false&domain=ofsnivyan.com&var=5369052&ymid=807547401706680837&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=8d83f602-b00c-4cb0-869b-9f32a4d6a588&action=prerequest
IP
104.21.90.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ofsnivyan.com/system-message/59/?z=5369052&var=807547401706680837
Certificate
IssuerGoogle Trust Services LLC
Subjectofsnivyan.com
FingerprintE2:64:70:52:E2:73:D1:AD:67:D5:B8:63:A0:56:8D:C0:83:9D:EA:38
ValidityThu, 21 Mar 2024 20:34:04 GMT - Wed, 19 Jun 2024 20:34:03 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /zone?&pub=0&zone_id=7250650&is_mobile=false&domain=ofsnivyan.com&var=5369052&ymid=807547401706680837&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=8d83f602-b00c-4cb0-869b-9f32a4d6a588&action=prerequest HTTP/1.1
Host: ofsnivyan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ofsnivyan.com
DNT: 1
Connection: keep-alive
Referer: https://ofsnivyan.com/system-message/59?z=5369052&var=807547401706680837
Cookie: OAID=ywi5z2n4rkj0m3cuq3elnzpt122fxk; syncedCookie=true; oaidts=1714097868
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0

HTTP/3 200 OK
date: Fri, 26 Apr 2024 02:17:48 GMT
content-length: 0
x-trace-id: 9aac154ac176ac4ecea0fac24ff14b22
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ofsnivyan.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2GWadDNCJYxJnK64bbIjM1lRgAFJVLNhS8Kyh5yADC73eQUkUpyFFd%2Fe%2B%2Br0blYHDtymmzU0bpEA1YFPyVciKroKyVms7Egw9dcjlcxsMK3MbrcgLSfmNg3goInREh6T"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3141d78830afa-OSL
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (20)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML