Report - anamera-cletting.com/6b06c5a0-3113-470a-b469-29fa5c621f3d?campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670

Report Overview

Submitted URL

anamera-cletting.com/6b06c5a0-3113-470a-b469-29fa5c621f3d?campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
IP

35.157.125.133

ASN

#16509 AMAZON-02
Submitted

2023-11-20T21:18:13Z

Access

public
Website Title

Nowtofun
Final URL

nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

8

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
zeniocloud.com (1)	unknown	2022-02-16 16:44:21	2023-11-20 03:21:39	413	565	209.95.52.178
alexatracker.com (1)	unknown	2020-10-28 19:44:06	2023-11-20 03:21:39	452	1219	104.21.85.99
static.production.push-sender.com (3)	unknown	2023-06-07 13:46:37	2023-11-20 05:10:37	1347	55478	143.204.55.81
anamera-cletting.com (1)	unknown	2021-05-13 11:29:43	2023-11-20 07:36:06	573	1620	35.157.125.133
nowtofun.com (8)	unknown	2023-08-08 14:57:30	2023-11-20 08:35:24	8065	526063	188.114.96.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-20	medium	nowtofun.com	Sinkholed
2023-11-20	medium	nowtofun.com	Sinkholed
2023-11-20	medium	nowtofun.com	Sinkholed
2023-11-20	medium	nowtofun.com	Sinkholed
2023-11-20	medium	nowtofun.com	Sinkholed
2023-11-20	medium	nowtofun.com	Sinkholed
2023-11-20	medium	nowtofun.com	Sinkholed
2023-11-20	medium	nowtofun.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

Pretty

URL

nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
IP

188.114.96.1:443
ASN

#13335 CLOUDFLARENET

Introduced by

scriptElement
Inline HTML

true

Observations

First Seen2023-03-07 01:01:59

Last Seen2023-12-08 17:19:53

Times Seen32477634
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Pretty

URL

nowtofun.com/aff_us/12-344543/js/script.js
IP

188.114.96.1:443
ASN

#13335 CLOUDFLARENET

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-03-07 17:08:25

Last Seen2023-11-28 17:46:48

Times Seen26
Hash

205aac8cb0aef56cf426e9d81f4a0b9a

a4c5a12cfaf5595cde641d02a42fc2f3068303a8

d7db9dc61be756abceba2fb80125dd927daf6532eb85318bdf698dd0dc40390e

Pretty

URL

alexatracker.com/jscode/JAIA.js?sub1=nowtofun.com&sub2=&sub3=&sub4=&sub5=&prid=
IP

104.21.85.99:443
ASN

#13335 CLOUDFLARENET

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-03-07 01:01:59

Last Seen2023-12-08 17:19:53

Times Seen32477634
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Pretty

URL

static.production.push-sender.com/mng/channels/init.min.js?ver=1691555173
IP

143.204.55.81:443
ASN

#16509 AMAZON-02

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-10-09 13:35:19

Last Seen2023-12-07 22:17:46

Times Seen430
Hash

4b4fda376012aff7417b10111fa3a5c6

dda88eefdb0df10b88d99b83741a719ecb91b852

c1ada291136f1effde0f220c390cd332d7202d229f3f64b35f11aaa822c7fdfd

Pretty

URL

static.production.push-sender.com/mng/subs_window.js?ver=1691555173
IP

143.204.55.81:443
ASN

#16509 AMAZON-02

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-08-10 17:34:39

Last Seen2023-12-06 15:21:52

Times Seen272
Hash

e554bff5d51655316050fcc4cbc318eb

fd76cffd35b9dd8efd673f9f9531c4416a2137ca

d7bc6f18c4f0da715cbd5fc46ddc1f98d164bce41bbb6ce068b767107367c93e

Pretty

URL

nowtofun.com/aff_us/12-344543/js/jquery.min.js?1
IP

188.114.96.1:443
ASN

#13335 CLOUDFLARENET

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-03-07 17:08:25

Last Seen2023-11-28 17:46:48

Times Seen32
Hash

7ccf55ef7ecb1f9a8b24318d9b825702

c0a58f84600e7afa56ef5f86ae7974fd1b8182a0

08118dcf553740c290d31bac14e3dfbc4c44aaf0867947c8929a3b45789ac308

Pretty

URL

nowtofun.com/aff_us/12-344543/js/backoffer.js
IP

188.114.96.1:443
ASN

#13335 CLOUDFLARENET

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-03-07 01:03:00

Last Seen2023-12-08 14:20:00

Times Seen5269
Hash

6d5aa83d23ce0b9f72d3b87d000d8fae

034fb8768eb58ffc0b5849e2c162989741a6cbec

89266112a6c823b9c03dd5a32d8f1c5e9f4cbf4cf876b56c825781ea389d0800

Pretty

URL

nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
IP

188.114.96.1:443
ASN

#13335 CLOUDFLARENET

Introduced by

scriptElement
Inline HTML

true

Observations

First Seen2023-03-07 01:01:59

Last Seen2023-12-08 17:19:53

Times Seen32477634
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Pretty

URL

zeniocloud.com/JAIA.js?sub1=nowtofun.com
IP

209.95.52.178:0
ASN

#32780 HOSTINGSERVICES-INC

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-08-27 08:21:13

Last Seen2023-12-06 15:21:52

Times Seen414
Hash

959d648ab6e2ce8f043e794eca775463

710d269f9f66ac8f540388ecd7f1e60f20a688e2

9dd1651b3abf11bc5c73186e859083e8f107128d4668bcd12233784ee6228e51

HTTP Transactions (14)

URL IP Response Size

anamera-cletting.com/6b06c5a0-3113-470a-b469-29fa5c621f3d?campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670

35.157.125.133

302 Found

URL User Request GET HTTP/2

anamera-cletting.com/6b06c5a0-3113-470a-b469-29fa5c621f3d?campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
IP

35.157.125.133:443
ASN

#16509 AMAZON-02

Certificate

IssuerLet's Encrypt

Subjectanamera-cletting.com

Fingerprint96:C1:33:6F:E0:CF:84:E0:18:93:6A:5F:C3:F5:86:46:40:3A:06:D3

ValidityFri, 10 Nov 2023 06:58:38 GMT - Thu, 08 Feb 2024 06:58:37 GMT

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /6b06c5a0-3113-470a-b469-29fa5c621f3d?campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670 HTTP/1.1
Host: anamera-cletting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 302 Found
server: nginx
date: Mon, 20 Nov 2023 21:17:55 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
pragma: no-cache
set-cookie: 6b06c5a0-3113-470a-b469-29fa5c621f3d-v4=4MAKfIx0Mog-i2Bo1NHZB0vE5JeKTwqNk1XddcG4Yqc; Max-Age=86400; Expires=Tue, 21-Nov-2023 21:17:55 GMT; Domain=anamera-cletting.com; Path=/; Secure; HttpOnly;SameSite=None
cep-v4=0tx0B5p0kS21yXDm-91OOEd9bVZXHFAuA_-m2e60YpjXrcrD19gZtKUT3FE4RKMwdghoQVQMP3UUTTAlsAxv3eM6I_hxcBU2IIOThP25kn839Abweu__szIS48B3fAWPFnsqlfm8fgQCUzZv_mO96KwvJH77jVE0Qd5txZSouFGu_ot4ZH2zucXUMVyWF2cN7lZ4pcAMo3TJGbTWf7zbLlKHXUehEA83DFnU4q9Bd-E684akz2XrFEpJGWTFXzWf24f88341yLyhP1kNzEy5mUj2_l_96eFZgxCm7sot4GjnuTYckMPtZ6NILyQz0_hMNDxERHgOsWJSZ-TbdPmgm7uG9XDS8SoMrqWr7XfG_oYBg7vNQGsKZCXwEXsxPcvHblD7WqWVx7Y2NWEoHIXPitldNWYKt-PUcUmJScdDgPyICodjhphGQm6nXEtlaSQ4; Max-Age=86400; Expires=Tue, 21-Nov-2023 21:17:55 GMT; Domain=anamera-cletting.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

nowtofun.com/aff_us/12-344543/images/sf-logo2.png

188.114.96.1

200 OK

8815

URL GET HTTP/3

nowtofun.com/aff_us/12-344543/images/sf-logo2.png
IP

188.114.96.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
Certificate

IssuerGoogle Trust Services LLC

Subjectnowtofun.com

FingerprintB4:ED:D9:C1:7B:7B:08:79:7F:57:68:89:94:51:11:E1:3E:4B:D6:D8

ValidityFri, 06 Oct 2023 14:30:36 GMT - Thu, 04 Jan 2024 14:30:35 GMT

Magic

PNG image data, 345 x 65, 8-bit/color RGB, non-interlaced\012- data

Size

8815
Hash

44a33b084a76c60c68ac7b70f9df09c3

14f57b239769515ff8c2487ec470a8308c1cc48f

7329440d8770984e86ea71bcfe2e1dd6451d23dce2f5efd3e298d9f77954335a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET /aff_us/12-344543/images/sf-logo2.png HTTP/1.1
Host: nowtofun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:17:57 GMT
content-type: image/png
content-length: 8815
last-modified: Wed, 30 Jun 2021 12:19:39 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2009
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WDocJhr%2B%2B%2BqkImXWaIYDrOEWgPX7U6KOLb1X7xpWTuU3HtTvuYUwh%2BtxVEupEqD703k18AeD%2FvgclZM8AnOF1SSyYRtMaL54jZ98IMiq%2FDfWXHaH4T0lIi%2F76DJuoDs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8293b9005c1856af-OSL
alt-svc: h3=":443"; ma=86400

zeniocloud.com/JAIA.js?sub1=nowtofun.com

209.95.52.178

332

URL GET

zeniocloud.com/JAIA.js?sub1=nowtofun.com
IP

209.95.52.178:0
ASN

#32780 HOSTINGSERVICES-INC

Requested by

https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
Certificate

IssuerLet's Encrypt

Subjectzeniocloud.com

Fingerprint1E:2E:97:0E:01:E6:40:71:15:D2:13:94:12:5D:05:94:76:7B:D6:A0

ValidityTue, 07 Nov 2023 06:46:31 GMT - Mon, 05 Feb 2024 06:46:30 GMT

Magic

ASCII text

Size

332
Hash

959d648ab6e2ce8f043e794eca775463

710d269f9f66ac8f540388ecd7f1e60f20a688e2

9dd1651b3abf11bc5c73186e859083e8f107128d4668bcd12233784ee6228e51

HTTP Headers

                                        GET /JAIA.js?sub1=nowtofun.com HTTP/1.1
Host: zeniocloud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nowtofun.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 20 Nov 2023 21:17:57 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip

nowtofun.com/aff_us/12-344543/images/3.webm

188.114.96.1

206 Partial Content

374435

URL GET HTTP/3

nowtofun.com/aff_us/12-344543/images/3.webm
IP

188.114.96.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
Certificate

IssuerGoogle Trust Services LLC

Subjectnowtofun.com

FingerprintB4:ED:D9:C1:7B:7B:08:79:7F:57:68:89:94:51:11:E1:3E:4B:D6:D8

ValidityFri, 06 Oct 2023 14:30:36 GMT - Thu, 04 Jan 2024 14:30:35 GMT

Magic

WebM\012- EBML file, creator webmB\20\012- data

Size

374435
Hash

10cf22295db16bc31dc7032d49ae837d

1e1df6a2622177b434550b41ab5e3d0bc7cbaa66

592006cadbe2dd28b0fa23e187e60555859d1788ff6a7f7d2c0d3b2e69ff9c4e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET /aff_us/12-344543/images/3.webm HTTP/1.1
Host: nowtofun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Referer: https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
Range: bytes=0-
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 206 Partial Content
date: Mon, 20 Nov 2023 21:17:57 GMT
content-type: video/webm
content-length: 374435
last-modified: Wed, 30 Jun 2021 12:19:38 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2009
content-range: bytes 0-374434/374435
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AsgFv6VPExYRj65eYD2oV4NtEbv8g%2BU5sxEOOyIvsShSrAfhpS0xvk%2BR7FUnlkjSu3%2F9Y2gZiY0PWInxD0ioBcQ9yuhViT8QxS%2FpJ4BtcN4alQiwQcX2rYUmiAOLZSs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8293b905593f56af-OSL
alt-svc: h3=":443"; ma=86400

alexatracker.com/jscode/JAIA.js?sub1=nowtofun.com&sub2=&sub3=&sub4=&sub5=&prid=

104.21.85.99

200 OK

URL GET HTTP/2

alexatracker.com/jscode/JAIA.js?sub1=nowtofun.com&sub2=&sub3=&sub4=&sub5=&prid=
IP

104.21.85.99:443
ASN

#13335 CLOUDFLARENET

Requested by

https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
Certificate

IssuerGoogle Trust Services LLC

Subjectalexatracker.com

Fingerprint4A:99:09:41:69:BD:24:82:CB:FB:C5:06:69:E3:4B:A8:DB:8E:C6:52

ValidityTue, 26 Sep 2023 06:49:24 GMT - Mon, 25 Dec 2023 06:49:23 GMT

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /jscode/JAIA.js?sub1=nowtofun.com&sub2=&sub3=&sub4=&sub5=&prid= HTTP/1.1
Host: alexatracker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nowtofun.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Mon, 20 Nov 2023 21:17:58 GMT
content-type: application/json; charset=UTF-8
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: BYPASS
accept-ranges: bytes
set-cookie: trbarid=a6d4886dec657a29c9b44aa2754f7d3b1f90aa618a4022dc538f7bb832bdf96da%3A2%3A%7Bi%3A0%3Bs%3A7%3A%22trbarid%22%3Bi%3A1%3Bi%3A1975896966036180230%3B%7D; expires=Mon, 24-Nov-2025 21:17:58 GMT; Max-Age=63504000; path=/; secure; HttpOnly; SameSite=None
__cf_bm=3szL8VuNdy4q_JHrwa3um_iHpt8.l1FemHzTQtplCyk-1700515078-0-AYdYiUpp8ohmOtOaIp7RZ1iiXO+KqqftFnb6D9ZxYTirWMcacRjIWlcKmefM1VEJD7YEUmss/FsTXW+da9Wj6T8=; path=/; expires=Mon, 20-Nov-23 21:47:58 GMT; domain=.alexatracker.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O0C17b%2FZf81fpVMGDBnZjcC3pvSQrqklhwXEWVU1Vf%2F%2BBCF911mKPmfksQl4ZjswseJSBVdQ23gQP7m8ohqK16i6BTX8G4%2BTV7EXB6PyLnfAX0Do%2BKvB6o8Uq4cVH2c7nSgg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8293b90508cb56a8-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

nowtofun.com/aff_us/12-344543/images/fav.png

188.114.96.1

200 OK

40381

URL GET HTTP/3

nowtofun.com/aff_us/12-344543/images/fav.png
IP

188.114.96.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
Certificate

IssuerGoogle Trust Services LLC

Subjectnowtofun.com

FingerprintB4:ED:D9:C1:7B:7B:08:79:7F:57:68:89:94:51:11:E1:3E:4B:D6:D8

ValidityFri, 06 Oct 2023 14:30:36 GMT - Thu, 04 Jan 2024 14:30:35 GMT

Magic

PNG image data, 180 x 158, 8-bit/color RGBA, non-interlaced\012- data

Size

40381
Hash

d247464194e7c924f627837b571d7ef0

20f5d082cb19e5a55d5d62fb26ca160828af95df

c461948d7b5c6dc1988ecee4f4a618595ebc26fa9923f29f680d2772db09a775

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET /aff_us/12-344543/images/fav.png HTTP/1.1
Host: nowtofun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:17:58 GMT
content-type: image/png
content-length: 40381
last-modified: Tue, 15 Aug 2023 12:15:04 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2009
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ohoi4FeNLU10u4%2FieybsbezAStwhPz%2B%2FPvGGSp%2Fgm0C4%2B9pKKDjArbkNDTIaJGKYGJnaikSg3URjauZy3Mi0XyRj9fPY0phGrmXDis%2FkaDtbsgNjnSX%2BqiSIA5wgeB4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8293b9068a6056af-OSL
alt-svc: h3=":443"; ma=86400

nowtofun.com/aff_us/12-344543/css/style.css

188.114.96.1

200 OK

2854

URL GET HTTP/3

nowtofun.com/aff_us/12-344543/css/style.css
IP

188.114.96.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
Certificate

IssuerGoogle Trust Services LLC

Subjectnowtofun.com

FingerprintB4:ED:D9:C1:7B:7B:08:79:7F:57:68:89:94:51:11:E1:3E:4B:D6:D8

ValidityFri, 06 Oct 2023 14:30:36 GMT - Thu, 04 Jan 2024 14:30:35 GMT

Magic

ASCII text, with very long lines (2973), with no line terminators

Size

2854
Hash

3699b9bec7b9ca6c9c389d1c4eead445

1a1e6245c7c6c4f86e0d84231a07fb75d30936a1

2190565ec924d8ec4eb9e4784249dcde7b79c66356ad80848089ff240efda93d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET /aff_us/12-344543/css/style.css HTTP/1.1
Host: nowtofun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:17:57 GMT
content-type: text/css
last-modified: Wed, 30 Jun 2021 12:19:36 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2010
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WH7SktUZASC6ud%2BcEuJ%2FnPXW2JFhDvRG1aE%2F0EF5szLnz02s0wPc3CE3mv8tC2u%2FT1dGCD0BK78vEp%2FedRr9Bva31qJhAeyA7Oene9b2CB86UL8CZpr6e8HY2wEWxjI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8293b9004c1256af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nowtofun.com/aff_us/12-344543/js/backoffer.js

188.114.96.1

200 OK

430

URL GET HTTP/3

nowtofun.com/aff_us/12-344543/js/backoffer.js
IP

188.114.96.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
Certificate

IssuerGoogle Trust Services LLC

Subjectnowtofun.com

FingerprintB4:ED:D9:C1:7B:7B:08:79:7F:57:68:89:94:51:11:E1:3E:4B:D6:D8

ValidityFri, 06 Oct 2023 14:30:36 GMT - Thu, 04 Jan 2024 14:30:35 GMT

Magic

ASCII text, with very long lines (430), with no line terminators

Size

430
Hash

6d5aa83d23ce0b9f72d3b87d000d8fae

034fb8768eb58ffc0b5849e2c162989741a6cbec

89266112a6c823b9c03dd5a32d8f1c5e9f4cbf4cf876b56c825781ea389d0800

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET /aff_us/12-344543/js/backoffer.js HTTP/1.1
Host: nowtofun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:17:57 GMT
content-type: application/javascript
last-modified: Wed, 30 Jun 2021 12:19:40 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2009
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RJkYk6bJuS%2Bjl2VQtNMuSd2Vkfmn8fsbvT%2FHPYd5bkaL1%2BkelAZuOWjSBNCy4elk28sAF9cv5Yymurb%2Bpdb16zF7NxqhYrNKh3XWcSpbmAnz4Ndz%2F8ytZkWDtVWHNKc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8293b9005c2456af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670

188.114.96.1

200 OK

5382

URL User Request GET HTTP/2

nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
IP

188.114.96.1:443
ASN

#13335 CLOUDFLARENET

Certificate

IssuerGoogle Trust Services LLC

Subjectnowtofun.com

FingerprintB4:ED:D9:C1:7B:7B:08:79:7F:57:68:89:94:51:11:E1:3E:4B:D6:D8

ValidityFri, 06 Oct 2023 14:30:36 GMT - Thu, 04 Jan 2024 14:30:35 GMT

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5755), with no line terminators

Size

5382
Hash

6b80acd32025acbc9dbe62d39adda20f

5906be9eeb676e143ae0281b2c447ffbabe53610

3c5c6ae29e90258de7ba2c0fdabf89c68d707eb47a1ac54f29c046b03d5e417e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET /aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670 HTTP/1.1
Host: nowtofun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Mon, 20 Nov 2023 21:17:56 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jM%2Faf2l0%2B9HF%2BJVI3s6GkZXvCNo%2F2C8RocWl%2B6ApMMZFOxP5SU6oeFzAYEudagq8sdDpq03voiD6fEyavw83wzzrTdwWKPCi6yN3wRMdhBVZDWftw%2F4jhUzkNg2QjiM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8293b8f8dfdcb4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static.production.push-sender.com/mng/subs_window.css?ver=1691555173

143.204.55.81

200 OK

7130

URL GET HTTP/2

static.production.push-sender.com/mng/subs_window.css?ver=1691555173
IP

143.204.55.81:443
ASN

#16509 AMAZON-02

Requested by

https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
Certificate

IssuerAmazon

Subjectproduction.push-sender.com

Fingerprint7D:DE:F0:A4:F1:90:8E:A4:04:C1:E0:62:0D:05:EB:54:29:89:C9:C8

ValidityMon, 17 Apr 2023 00:00:00 GMT - Thu, 16 May 2024 23:59:59 GMT

Magic

Unicode text, UTF-8 text, with very long lines (7434), with no line terminators

Size

7130
Hash

7edfc18d48d2641549d953ad7b35769d

b57f256b8a85278ce3459c2aac1b517b40889f94

460354d6acce1e481e3f0a6436a6484f25f9a58e1c8540eaa61047573e72d968

HTTP Headers

                                        GET /mng/subs_window.css?ver=1691555173 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nowtofun.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
content-type: text/css
last-modified: Tue, 10 Oct 2023 14:33:38 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: br
date: Sun, 19 Nov 2023 21:31:20 GMT
etag: W/"adb85744f96b502ad68d63ede0adcd4e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: tBzHxxj8Ax844o00LM6frupykTHJ--IGBZ80D1Ee5cLPoH4uVhYE1g==
age: 85598
X-Firefox-Spdy: h2

nowtofun.com/aff_us/12-344543/js/script.js

188.114.96.1

200 OK

405

URL GET HTTP/3

nowtofun.com/aff_us/12-344543/js/script.js
IP

188.114.96.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
Certificate

IssuerGoogle Trust Services LLC

Subjectnowtofun.com

FingerprintB4:ED:D9:C1:7B:7B:08:79:7F:57:68:89:94:51:11:E1:3E:4B:D6:D8

ValidityFri, 06 Oct 2023 14:30:36 GMT - Thu, 04 Jan 2024 14:30:35 GMT

Magic

ASCII text, with very long lines (441), with no line terminators

Size

405
Hash

16def3cf8b5125aff38ae24be9f13351

9625f62a090aa993c8aee252fa8111af33198478

f57f7c42c739c951f7e010818553aaa1b2e37a681de672246ae43f2805e57839

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET /aff_us/12-344543/js/script.js HTTP/1.1
Host: nowtofun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:17:57 GMT
content-type: application/javascript
last-modified: Wed, 30 Jun 2021 12:19:40 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2009
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q37d6ru6JfCXmZVzV3EaSpnV%2BxD6i1EGoN2Bd25BpDM%2FLPjFkW2anL0OM03jEW5SGxeGcscHqcSqClvBdjRCnbbdEhx5%2FiU4ptMbu4vN5UTgfOQmw55iDVXagMueE3A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8293b9005c2356af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

static.production.push-sender.com/mng/subs_window.js?ver=1691555173

143.204.55.81

200 OK

19706

URL GET HTTP/2

static.production.push-sender.com/mng/subs_window.js?ver=1691555173
IP

143.204.55.81:443
ASN

#16509 AMAZON-02

Requested by

https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
Certificate

IssuerAmazon

Subjectproduction.push-sender.com

Fingerprint7D:DE:F0:A4:F1:90:8E:A4:04:C1:E0:62:0D:05:EB:54:29:89:C9:C8

ValidityMon, 17 Apr 2023 00:00:00 GMT - Thu, 16 May 2024 23:59:59 GMT

Magic

Size

19706
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /mng/subs_window.js?ver=1691555173 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nowtofun.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 10 Oct 2023 14:33:38 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Mon, 20 Nov 2023 01:36:54 GMT
etag: W/"2b3010e6d2440c83b9cfff48def5f0c1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: UPPh02KllyWh2AcUuK4nAvpFwVTjGrUAC9snsAFE99uPLAM2JzNfwg==
age: 71905
X-Firefox-Spdy: h2

static.production.push-sender.com/mng/channels/init.min.js?ver=1691555173

143.204.55.81

200 OK

27119

URL GET HTTP/2

static.production.push-sender.com/mng/channels/init.min.js?ver=1691555173
IP

143.204.55.81:443
ASN

#16509 AMAZON-02

Requested by

https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
Certificate

IssuerAmazon

Subjectproduction.push-sender.com

Fingerprint7D:DE:F0:A4:F1:90:8E:A4:04:C1:E0:62:0D:05:EB:54:29:89:C9:C8

ValidityMon, 17 Apr 2023 00:00:00 GMT - Thu, 16 May 2024 23:59:59 GMT

Magic

ASCII text

Size

27119
Hash

4b4fda376012aff7417b10111fa3a5c6

dda88eefdb0df10b88d99b83741a719ecb91b852

c1ada291136f1effde0f220c390cd332d7202d229f3f64b35f11aaa822c7fdfd

HTTP Headers

                                        GET /mng/channels/init.min.js?ver=1691555173 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nowtofun.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 10 Oct 2023 14:33:38 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Mon, 20 Nov 2023 10:17:10 GMT
etag: W/"4b4fda376012aff7417b10111fa3a5c6"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: nv3fnxC60uuugMCKsM8oEdk-Eo66s8Lj7RSwi5DiADCNMfMijblyNA==
age: 39675
X-Firefox-Spdy: h2

nowtofun.com/aff_us/12-344543/js/jquery.min.js?1

188.114.96.1

200 OK

88183

URL GET HTTP/3

nowtofun.com/aff_us/12-344543/js/jquery.min.js?1
IP

188.114.96.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
Certificate

IssuerGoogle Trust Services LLC

Subjectnowtofun.com

FingerprintB4:ED:D9:C1:7B:7B:08:79:7F:57:68:89:94:51:11:E1:3E:4B:D6:D8

ValidityFri, 06 Oct 2023 14:30:36 GMT - Thu, 04 Jan 2024 14:30:35 GMT

Magic

ASCII text, with very long lines (32014)

Size

88183
Hash

7ccf55ef7ecb1f9a8b24318d9b825702

c0a58f84600e7afa56ef5f86ae7974fd1b8182a0

08118dcf553740c290d31bac14e3dfbc4c44aaf0867947c8929a3b45789ac308

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET /aff_us/12-344543/js/jquery.min.js?1 HTTP/1.1
Host: nowtofun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:17:57 GMT
content-type: application/javascript
last-modified: Thu, 17 Mar 2022 12:23:20 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2009
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1ta%2B%2BfFJ0%2BXS%2F4dHqCrpNYt1tNs%2BTpTSDgT2L4HPaX5QGgY%2BBuxF8GxKgUN2l%2FRDGaKD%2F9WUSa9MCl0ak5O56Mc85f1aDWv0AJ5gYLsK3M%2FlOQ66VcEykEKqIzdFF%2Fs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8293b9005c1f56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

#1 JS:Script (size: 0)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#2 JS:Script (size: 405)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#3 JS:Script (size: 0)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#4 JS:Script (size: 27119)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#5 JS:Script (size: 19704)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#6 JS:Script (size: 88183)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#7 JS:Script (size: 430)

URL

IP

ASN

Introduced by