Report - anamera-cletting.com/6b06c5a0-3113-470a-b469-29fa5c621f3d?campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670

Report Overview

Visited public
2023-11-20 21:18:13
Tags
Submit Tags
URL
anamera-cletting.com/6b06c5a0-3113-470a-b469-29fa5c621f3d?campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
Finishing URL
nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
IP / ASN
35.157.125.133
#16509 AMAZON-02
Title
Nowtofun

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
zeniocloud.com	unknown	2022-02-15	2022-02-16 16:44:21	2023-11-20 03:21:39	413 B	565 B	209.95.52.178
alexatracker.com	unknown	2020-07-27	2020-10-28 19:44:06	2023-11-20 03:21:39	452 B	1.2 kB	104.21.85.99
static.production.push-sender.com	unknown	2023-04-06	2023-06-07 13:46:37	2023-11-20 05:10:37	1.3 kB	56 kB	143.204.55.81
anamera-cletting.com	unknown	2021-04-21	2021-05-13 11:29:43	2023-11-20 07:36:06	573 B	1.6 kB	35.157.125.133
nowtofun.com	unknown	2023-08-08	2023-08-08 14:57:30	2023-11-20 08:35:24	8.1 kB	526 kB	188.114.96.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-20	medium	nowtofun.com	Sinkholed
2023-11-20	medium	nowtofun.com	Sinkholed
2023-11-20	medium	nowtofun.com	Sinkholed
2023-11-20	medium	nowtofun.com	Sinkholed
2023-11-20	medium	nowtofun.com	Sinkholed
2023-11-20	medium	nowtofun.com	Sinkholed
2023-11-20	medium	nowtofun.com	Sinkholed
2023-11-20	medium	nowtofun.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670	ScriptElement	0 B	0001-01-01	2025-06-30
Pretty URL nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-30 21:22 Times Seen5218313 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	nowtofun.com/aff_us/12-344543/js/script.js	ScriptElement	405 B	2023-03-07	2025-06-30
Pretty URL nowtofun.com/aff_us/12-344543/js/script.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:08 Last Seen2025-06-30 12:22 Times Seen47 Hash 205aac8cb0aef56cf426e9d81f4a0b9a a4c5a12cfaf5595cde641d02a42fc2f3068303a8 d7db9dc61be756abceba2fb80125dd927daf6532eb85318bdf698dd0dc40390e Loading...

	alexatracker.com/jscode/JAIA.js?sub1=nowtofun.com&sub2=&sub3=&sub4=&sub5=&prid=	ScriptElement	0 B	0001-01-01	2025-06-30
Pretty URL alexatracker.com/jscode/JAIA.js?sub1=nowtofun.com&sub2=&sub3=&sub4=&sub5=&prid= IP 104.21.85.99 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-06-30 21:22 Times Seen5218313 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	static.production.push-sender.com/mng/channels/init.min.js?ver=1691555173	ScriptElement	27 kB	2023-10-09	2024-08-21
Pretty URL static.production.push-sender.com/mng/channels/init.min.js?ver=1691555173 IP 143.204.55.81 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-09 13:35 Last Seen2024-08-21 05:04 Times Seen369 Hash 4b4fda376012aff7417b10111fa3a5c6 dda88eefdb0df10b88d99b83741a719ecb91b852 c1ada291136f1effde0f220c390cd332d7202d229f3f64b35f11aaa822c7fdfd Loading...

	static.production.push-sender.com/mng/subs_window.js?ver=1691555173	ScriptElement	20 kB	2023-08-10	2025-06-23
Pretty URL static.production.push-sender.com/mng/subs_window.js?ver=1691555173 IP 143.204.55.81 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-10 17:34 Last Seen2025-06-23 18:00 Times Seen668 Hash e554bff5d51655316050fcc4cbc318eb fd76cffd35b9dd8efd673f9f9531c4416a2137ca d7bc6f18c4f0da715cbd5fc46ddc1f98d164bce41bbb6ce068b767107367c93e Loading...

	nowtofun.com/aff_us/12-344543/js/jquery.min.js?1	ScriptElement	88 kB	2023-03-07	2024-09-20
Pretty URL nowtofun.com/aff_us/12-344543/js/jquery.min.js?1 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:08 Last Seen2024-09-20 20:13 Times Seen30 Hash 7ccf55ef7ecb1f9a8b24318d9b825702 c0a58f84600e7afa56ef5f86ae7974fd1b8182a0 08118dcf553740c290d31bac14e3dfbc4c44aaf0867947c8929a3b45789ac308 Loading...

	nowtofun.com/aff_us/12-344543/js/backoffer.js	ScriptElement	430 B	2023-03-07	2025-06-23
Pretty URL nowtofun.com/aff_us/12-344543/js/backoffer.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-06-23 18:00 Times Seen1554 Hash 6d5aa83d23ce0b9f72d3b87d000d8fae 034fb8768eb58ffc0b5849e2c162989741a6cbec 89266112a6c823b9c03dd5a32d8f1c5e9f4cbf4cf876b56c825781ea389d0800 Loading...

	nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670	ScriptElement	0 B	0001-01-01	2025-06-30
Pretty URL nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-30 21:22 Times Seen5218313 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	zeniocloud.com/JAIA.js?sub1=nowtofun.com	ScriptElement	597 B	2023-08-27	2025-05-07
Pretty URL zeniocloud.com/JAIA.js?sub1=nowtofun.com IP 209.95.52.178 ASN #32780 HOSTINGSERVICES-INC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-27 08:21 Last Seen2025-05-07 11:54 Times Seen249 Hash 959d648ab6e2ce8f043e794eca775463 710d269f9f66ac8f540388ecd7f1e60f20a688e2 9dd1651b3abf11bc5c73186e859083e8f107128d4668bcd12233784ee6228e51 Loading...

HTTP Transactions (14)

URL IP Response Size

GET anamera-cletting.com/6b06c5a0-3113-470a-b469-29fa5c621f3d?campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670

35.157.125.133

302 Found

0 B

URL User Request GET HTTP/2
anamera-cletting.com/6b06c5a0-3113-470a-b469-29fa5c621f3d?campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
IP
35.157.125.133:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectanamera-cletting.com
Fingerprint96:C1:33:6F:E0:CF:84:E0:18:93:6A:5F:C3:F5:86:46:40:3A:06:D3
ValidityFri, 10 Nov 2023 06:58:38 GMT - Thu, 08 Feb 2024 06:58:37 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /6b06c5a0-3113-470a-b469-29fa5c621f3d?campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670 HTTP/1.1
Host: anamera-cletting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Mon, 20 Nov 2023 21:17:55 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
pragma: no-cache
set-cookie: 6b06c5a0-3113-470a-b469-29fa5c621f3d-v4=4MAKfIx0Mog-i2Bo1NHZB0vE5JeKTwqNk1XddcG4Yqc; Max-Age=86400; Expires=Tue, 21-Nov-2023 21:17:55 GMT; Domain=anamera-cletting.com; Path=/; Secure; HttpOnly;SameSite=None
cep-v4=0tx0B5p0kS21yXDm-91OOEd9bVZXHFAuA_-m2e60YpjXrcrD19gZtKUT3FE4RKMwdghoQVQMP3UUTTAlsAxv3eM6I_hxcBU2IIOThP25kn839Abweu__szIS48B3fAWPFnsqlfm8fgQCUzZv_mO96KwvJH77jVE0Qd5txZSouFGu_ot4ZH2zucXUMVyWF2cN7lZ4pcAMo3TJGbTWf7zbLlKHXUehEA83DFnU4q9Bd-E684akz2XrFEpJGWTFXzWf24f88341yLyhP1kNzEy5mUj2_l_96eFZgxCm7sot4GjnuTYckMPtZ6NILyQz0_hMNDxERHgOsWJSZ-TbdPmgm7uG9XDS8SoMrqWr7XfG_oYBg7vNQGsKZCXwEXsxPcvHblD7WqWVx7Y2NWEoHIXPitldNWYKt-PUcUmJScdDgPyICodjhphGQm6nXEtlaSQ4; Max-Age=86400; Expires=Tue, 21-Nov-2023 21:17:55 GMT; Domain=anamera-cletting.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

GET nowtofun.com/aff_us/12-344543/images/sf-logo2.png

188.114.96.1

200 OK

8.8 kB

URL GET HTTP/3
nowtofun.com/aff_us/12-344543/images/sf-logo2.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
Certificate
IssuerGoogle Trust Services LLC
Subjectnowtofun.com
FingerprintB4:ED:D9:C1:7B:7B:08:79:7F:57:68:89:94:51:11:E1:3E:4B:D6:D8
ValidityFri, 06 Oct 2023 14:30:36 GMT - Thu, 04 Jan 2024 14:30:35 GMT

File type
PNG image data, 345 x 65, 8-bit/color RGB, non-interlaced\012- data
Size
8.8 kB (8815 bytes)
Hash
44a33b084a76c60c68ac7b70f9df09c3
14f57b239769515ff8c2487ec470a8308c1cc48f
7329440d8770984e86ea71bcfe2e1dd6451d23dce2f5efd3e298d9f77954335a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /aff_us/12-344543/images/sf-logo2.png HTTP/1.1
Host: nowtofun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:17:57 GMT
content-type: image/png
content-length: 8815
last-modified: Wed, 30 Jun 2021 12:19:39 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2009
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WDocJhr%2B%2B%2BqkImXWaIYDrOEWgPX7U6KOLb1X7xpWTuU3HtTvuYUwh%2BtxVEupEqD703k18AeD%2FvgclZM8AnOF1SSyYRtMaL54jZ98IMiq%2FDfWXHaH4T0lIi%2F76DJuoDs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8293b9005c1856af-OSL
alt-svc: h3=":443"; ma=86400

GET zeniocloud.com/JAIA.js?sub1=nowtofun.com

209.95.52.178

332 B

URL GET
zeniocloud.com/JAIA.js?sub1=nowtofun.com
IP
209.95.52.178:0
ASN
#32780 HOSTINGSERVICES-INC

Requested by
https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
Certificate
IssuerLet's Encrypt
Subjectzeniocloud.com
Fingerprint1E:2E:97:0E:01:E6:40:71:15:D2:13:94:12:5D:05:94:76:7B:D6:A0
ValidityTue, 07 Nov 2023 06:46:31 GMT - Mon, 05 Feb 2024 06:46:30 GMT

File type
ASCII text
Size
332 B (332 bytes)
Hash
959d648ab6e2ce8f043e794eca775463
710d269f9f66ac8f540388ecd7f1e60f20a688e2
9dd1651b3abf11bc5c73186e859083e8f107128d4668bcd12233784ee6228e51

HTTP Headers

GET /JAIA.js?sub1=nowtofun.com HTTP/1.1
Host: zeniocloud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nowtofun.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 20 Nov 2023 21:17:57 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip

GET nowtofun.com/aff_us/12-344543/images/3.webm

188.114.96.1

206 Partial Content

374 kB

URL GET HTTP/3
nowtofun.com/aff_us/12-344543/images/3.webm
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
Certificate
IssuerGoogle Trust Services LLC
Subjectnowtofun.com
FingerprintB4:ED:D9:C1:7B:7B:08:79:7F:57:68:89:94:51:11:E1:3E:4B:D6:D8
ValidityFri, 06 Oct 2023 14:30:36 GMT - Thu, 04 Jan 2024 14:30:35 GMT

File type
WebM\012- EBML file, creator webmB\20\012- data
Size
374 kB (374435 bytes)
Hash
10cf22295db16bc31dc7032d49ae837d
1e1df6a2622177b434550b41ab5e3d0bc7cbaa66
592006cadbe2dd28b0fa23e187e60555859d1788ff6a7f7d2c0d3b2e69ff9c4e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /aff_us/12-344543/images/3.webm HTTP/1.1
Host: nowtofun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Referer: https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
Range: bytes=0-
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 206 Partial Content
date: Mon, 20 Nov 2023 21:17:57 GMT
content-type: video/webm
content-length: 374435
last-modified: Wed, 30 Jun 2021 12:19:38 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2009
content-range: bytes 0-374434/374435
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AsgFv6VPExYRj65eYD2oV4NtEbv8g%2BU5sxEOOyIvsShSrAfhpS0xvk%2BR7FUnlkjSu3%2F9Y2gZiY0PWInxD0ioBcQ9yuhViT8QxS%2FpJ4BtcN4alQiwQcX2rYUmiAOLZSs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8293b905593f56af-OSL
alt-svc: h3=":443"; ma=86400

GET alexatracker.com/jscode/JAIA.js?sub1=nowtofun.com&sub2=&sub3=&sub4=&sub5=&prid=

104.21.85.99

200 OK

0 B

URL GET HTTP/2
alexatracker.com/jscode/JAIA.js?sub1=nowtofun.com&sub2=&sub3=&sub4=&sub5=&prid=
IP
104.21.85.99:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
Certificate
IssuerGoogle Trust Services LLC
Subjectalexatracker.com
Fingerprint4A:99:09:41:69:BD:24:82:CB:FB:C5:06:69:E3:4B:A8:DB:8E:C6:52
ValidityTue, 26 Sep 2023 06:49:24 GMT - Mon, 25 Dec 2023 06:49:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /jscode/JAIA.js?sub1=nowtofun.com&sub2=&sub3=&sub4=&sub5=&prid= HTTP/1.1
Host: alexatracker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nowtofun.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 20 Nov 2023 21:17:58 GMT
content-type: application/json; charset=UTF-8
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: BYPASS
accept-ranges: bytes
set-cookie: trbarid=a6d4886dec657a29c9b44aa2754f7d3b1f90aa618a4022dc538f7bb832bdf96da%3A2%3A%7Bi%3A0%3Bs%3A7%3A%22trbarid%22%3Bi%3A1%3Bi%3A1975896966036180230%3B%7D; expires=Mon, 24-Nov-2025 21:17:58 GMT; Max-Age=63504000; path=/; secure; HttpOnly; SameSite=None
__cf_bm=3szL8VuNdy4q_JHrwa3um_iHpt8.l1FemHzTQtplCyk-1700515078-0-AYdYiUpp8ohmOtOaIp7RZ1iiXO+KqqftFnb6D9ZxYTirWMcacRjIWlcKmefM1VEJD7YEUmss/FsTXW+da9Wj6T8=; path=/; expires=Mon, 20-Nov-23 21:47:58 GMT; domain=.alexatracker.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O0C17b%2FZf81fpVMGDBnZjcC3pvSQrqklhwXEWVU1Vf%2F%2BBCF911mKPmfksQl4ZjswseJSBVdQ23gQP7m8ohqK16i6BTX8G4%2BTV7EXB6PyLnfAX0Do%2BKvB6o8Uq4cVH2c7nSgg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8293b90508cb56a8-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET nowtofun.com/aff_us/12-344543/images/fav.png

188.114.96.1

200 OK

40 kB

URL GET HTTP/3
nowtofun.com/aff_us/12-344543/images/fav.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
Certificate
IssuerGoogle Trust Services LLC
Subjectnowtofun.com
FingerprintB4:ED:D9:C1:7B:7B:08:79:7F:57:68:89:94:51:11:E1:3E:4B:D6:D8
ValidityFri, 06 Oct 2023 14:30:36 GMT - Thu, 04 Jan 2024 14:30:35 GMT

File type
PNG image data, 180 x 158, 8-bit/color RGBA, non-interlaced\012- data
Size
40 kB (40381 bytes)
Hash
d247464194e7c924f627837b571d7ef0
20f5d082cb19e5a55d5d62fb26ca160828af95df
c461948d7b5c6dc1988ecee4f4a618595ebc26fa9923f29f680d2772db09a775

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /aff_us/12-344543/images/fav.png HTTP/1.1
Host: nowtofun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:17:58 GMT
content-type: image/png
content-length: 40381
last-modified: Tue, 15 Aug 2023 12:15:04 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2009
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ohoi4FeNLU10u4%2FieybsbezAStwhPz%2B%2FPvGGSp%2Fgm0C4%2B9pKKDjArbkNDTIaJGKYGJnaikSg3URjauZy3Mi0XyRj9fPY0phGrmXDis%2FkaDtbsgNjnSX%2BqiSIA5wgeB4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8293b9068a6056af-OSL
alt-svc: h3=":443"; ma=86400

GET nowtofun.com/aff_us/12-344543/css/style.css

188.114.96.1

200 OK

2.9 kB

URL GET HTTP/3
nowtofun.com/aff_us/12-344543/css/style.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
Certificate
IssuerGoogle Trust Services LLC
Subjectnowtofun.com
FingerprintB4:ED:D9:C1:7B:7B:08:79:7F:57:68:89:94:51:11:E1:3E:4B:D6:D8
ValidityFri, 06 Oct 2023 14:30:36 GMT - Thu, 04 Jan 2024 14:30:35 GMT

File type
ASCII text, with very long lines (2973), with no line terminators
Size
2.9 kB (2854 bytes)
Hash
3699b9bec7b9ca6c9c389d1c4eead445
1a1e6245c7c6c4f86e0d84231a07fb75d30936a1
2190565ec924d8ec4eb9e4784249dcde7b79c66356ad80848089ff240efda93d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /aff_us/12-344543/css/style.css HTTP/1.1
Host: nowtofun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:17:57 GMT
content-type: text/css
last-modified: Wed, 30 Jun 2021 12:19:36 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2010
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WH7SktUZASC6ud%2BcEuJ%2FnPXW2JFhDvRG1aE%2F0EF5szLnz02s0wPc3CE3mv8tC2u%2FT1dGCD0BK78vEp%2FedRr9Bva31qJhAeyA7Oene9b2CB86UL8CZpr6e8HY2wEWxjI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8293b9004c1256af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET nowtofun.com/aff_us/12-344543/js/backoffer.js

188.114.96.1

200 OK

430 B

URL GET HTTP/3
nowtofun.com/aff_us/12-344543/js/backoffer.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
Certificate
IssuerGoogle Trust Services LLC
Subjectnowtofun.com
FingerprintB4:ED:D9:C1:7B:7B:08:79:7F:57:68:89:94:51:11:E1:3E:4B:D6:D8
ValidityFri, 06 Oct 2023 14:30:36 GMT - Thu, 04 Jan 2024 14:30:35 GMT

File type
ASCII text, with very long lines (430), with no line terminators
Size
430 B (430 bytes)
Hash
6d5aa83d23ce0b9f72d3b87d000d8fae
034fb8768eb58ffc0b5849e2c162989741a6cbec
89266112a6c823b9c03dd5a32d8f1c5e9f4cbf4cf876b56c825781ea389d0800

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /aff_us/12-344543/js/backoffer.js HTTP/1.1
Host: nowtofun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:17:57 GMT
content-type: application/javascript
last-modified: Wed, 30 Jun 2021 12:19:40 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2009
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RJkYk6bJuS%2Bjl2VQtNMuSd2Vkfmn8fsbvT%2FHPYd5bkaL1%2BkelAZuOWjSBNCy4elk28sAF9cv5Yymurb%2Bpdb16zF7NxqhYrNKh3XWcSpbmAnz4Ndz%2F8ytZkWDtVWHNKc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8293b9005c2456af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670

188.114.96.1

200 OK

5.4 kB

URL User Request GET HTTP/2
nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectnowtofun.com
FingerprintB4:ED:D9:C1:7B:7B:08:79:7F:57:68:89:94:51:11:E1:3E:4B:D6:D8
ValidityFri, 06 Oct 2023 14:30:36 GMT - Thu, 04 Jan 2024 14:30:35 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5755), with no line terminators
Size
5.4 kB (5382 bytes)
Hash
6b80acd32025acbc9dbe62d39adda20f
5906be9eeb676e143ae0281b2c447ffbabe53610
3c5c6ae29e90258de7ba2c0fdabf89c68d707eb47a1ac54f29c046b03d5e417e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670 HTTP/1.1
Host: nowtofun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 20 Nov 2023 21:17:56 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jM%2Faf2l0%2B9HF%2BJVI3s6GkZXvCNo%2F2C8RocWl%2B6ApMMZFOxP5SU6oeFzAYEudagq8sdDpq03voiD6fEyavw83wzzrTdwWKPCi6yN3wRMdhBVZDWftw%2F4jhUzkNg2QjiM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8293b8f8dfdcb4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET static.production.push-sender.com/mng/subs_window.css?ver=1691555173

143.204.55.81

200 OK

7.1 kB

URL GET HTTP/2
static.production.push-sender.com/mng/subs_window.css?ver=1691555173
IP
143.204.55.81:443
ASN
#16509 AMAZON-02

Requested by
https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
Certificate
IssuerAmazon
Subjectproduction.push-sender.com
Fingerprint7D:DE:F0:A4:F1:90:8E:A4:04:C1:E0:62:0D:05:EB:54:29:89:C9:C8
ValidityMon, 17 Apr 2023 00:00:00 GMT - Thu, 16 May 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (7434), with no line terminators
Size
7.1 kB (7130 bytes)
Hash
7edfc18d48d2641549d953ad7b35769d
b57f256b8a85278ce3459c2aac1b517b40889f94
460354d6acce1e481e3f0a6436a6484f25f9a58e1c8540eaa61047573e72d968

HTTP Headers

GET /mng/subs_window.css?ver=1691555173 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nowtofun.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
last-modified: Tue, 10 Oct 2023 14:33:38 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: br
date: Sun, 19 Nov 2023 21:31:20 GMT
etag: W/"adb85744f96b502ad68d63ede0adcd4e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: tBzHxxj8Ax844o00LM6frupykTHJ--IGBZ80D1Ee5cLPoH4uVhYE1g==
age: 85598
X-Firefox-Spdy: h2

GET nowtofun.com/aff_us/12-344543/js/script.js

188.114.96.1

200 OK

405 B

URL GET HTTP/3
nowtofun.com/aff_us/12-344543/js/script.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
Certificate
IssuerGoogle Trust Services LLC
Subjectnowtofun.com
FingerprintB4:ED:D9:C1:7B:7B:08:79:7F:57:68:89:94:51:11:E1:3E:4B:D6:D8
ValidityFri, 06 Oct 2023 14:30:36 GMT - Thu, 04 Jan 2024 14:30:35 GMT

File type
ASCII text, with very long lines (441), with no line terminators
Size
405 B (405 bytes)
Hash
16def3cf8b5125aff38ae24be9f13351
9625f62a090aa993c8aee252fa8111af33198478
f57f7c42c739c951f7e010818553aaa1b2e37a681de672246ae43f2805e57839

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /aff_us/12-344543/js/script.js HTTP/1.1
Host: nowtofun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:17:57 GMT
content-type: application/javascript
last-modified: Wed, 30 Jun 2021 12:19:40 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2009
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q37d6ru6JfCXmZVzV3EaSpnV%2BxD6i1EGoN2Bd25BpDM%2FLPjFkW2anL0OM03jEW5SGxeGcscHqcSqClvBdjRCnbbdEhx5%2FiU4ptMbu4vN5UTgfOQmw55iDVXagMueE3A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8293b9005c2356af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET static.production.push-sender.com/mng/subs_window.js?ver=1691555173

143.204.55.81

200 OK

20 kB

URL GET HTTP/2
static.production.push-sender.com/mng/subs_window.js?ver=1691555173
IP
143.204.55.81:443
ASN
#16509 AMAZON-02

Requested by
https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
Certificate
IssuerAmazon
Subjectproduction.push-sender.com
Fingerprint7D:DE:F0:A4:F1:90:8E:A4:04:C1:E0:62:0D:05:EB:54:29:89:C9:C8
ValidityMon, 17 Apr 2023 00:00:00 GMT - Thu, 16 May 2024 23:59:59 GMT

File type

Size
20 kB (19706 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /mng/subs_window.js?ver=1691555173 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nowtofun.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 10 Oct 2023 14:33:38 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Mon, 20 Nov 2023 01:36:54 GMT
etag: W/"2b3010e6d2440c83b9cfff48def5f0c1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: UPPh02KllyWh2AcUuK4nAvpFwVTjGrUAC9snsAFE99uPLAM2JzNfwg==
age: 71905
X-Firefox-Spdy: h2

GET static.production.push-sender.com/mng/channels/init.min.js?ver=1691555173

143.204.55.81

200 OK

27 kB

URL GET HTTP/2
static.production.push-sender.com/mng/channels/init.min.js?ver=1691555173
IP
143.204.55.81:443
ASN
#16509 AMAZON-02

Requested by
https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
Certificate
IssuerAmazon
Subjectproduction.push-sender.com
Fingerprint7D:DE:F0:A4:F1:90:8E:A4:04:C1:E0:62:0D:05:EB:54:29:89:C9:C8
ValidityMon, 17 Apr 2023 00:00:00 GMT - Thu, 16 May 2024 23:59:59 GMT

File type
ASCII text
Size
27 kB (27119 bytes)
Hash
4b4fda376012aff7417b10111fa3a5c6
dda88eefdb0df10b88d99b83741a719ecb91b852
c1ada291136f1effde0f220c390cd332d7202d229f3f64b35f11aaa822c7fdfd

HTTP Headers

GET /mng/channels/init.min.js?ver=1691555173 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nowtofun.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 10 Oct 2023 14:33:38 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Mon, 20 Nov 2023 10:17:10 GMT
etag: W/"4b4fda376012aff7417b10111fa3a5c6"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: nv3fnxC60uuugMCKsM8oEdk-Eo66s8Lj7RSwi5DiADCNMfMijblyNA==
age: 39675
X-Firefox-Spdy: h2

GET nowtofun.com/aff_us/12-344543/js/jquery.min.js?1

188.114.96.1

200 OK

88 kB

URL GET HTTP/3
nowtofun.com/aff_us/12-344543/js/jquery.min.js?1
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
Certificate
IssuerGoogle Trust Services LLC
Subjectnowtofun.com
FingerprintB4:ED:D9:C1:7B:7B:08:79:7F:57:68:89:94:51:11:E1:3E:4B:D6:D8
ValidityFri, 06 Oct 2023 14:30:36 GMT - Thu, 04 Jan 2024 14:30:35 GMT

File type
ASCII text, with very long lines (32014)
Size
88 kB (88183 bytes)
Hash
7ccf55ef7ecb1f9a8b24318d9b825702
c0a58f84600e7afa56ef5f86ae7974fd1b8182a0
08118dcf553740c290d31bac14e3dfbc4c44aaf0867947c8929a3b45789ac308

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /aff_us/12-344543/js/jquery.min.js?1 HTTP/1.1
Host: nowtofun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nowtofun.com/aff_us/12-344543/?cep=1ZqoPhpdbx3SHSGbazGrqPbSDT1iD5I1yFY35Dpc9sfF1xB0p-NzvYP_yP69gFSMKf6tH5tag_uVothAymVNHiHz1Xjip1x2sznpa3VdJBfvB4XMQnw1dSSI_RkWZpHnes8UMFFDrpQf0skDfgZjujgbIdYcgZXC5Vyh67PWreeSNczToWmbjCGjn_NbDk7VGp-djZnOaeS_ladKvBuYxNxJNJy7RmJImqJiOBkdDrHLs7mRAhYAm-SYsry4IIrIrTql3zfSURFBz4VwOloHRRrPkNlheemaNdipU2giEmhP14O5IkxLdxQpH9Ka1Nvq0mE2LiJiVqKGToTa_zmM2g09k_PFC_wuqgCJ8-GfLVcoEB2u1m_qkHhR5FdQvWGc40k9IgvU2m3HUMCaLqoccJFsq91K8CtLLw1JNJBDVQRp1q_EBFMaV5g3CYEwHGaR&lptoken=1721003351d2688875c8&campaign=&clickid=655bccf2e635ef00017b323c&pid=273&var6=670
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:17:57 GMT
content-type: application/javascript
last-modified: Thu, 17 Mar 2022 12:23:20 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2009
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1ta%2B%2BfFJ0%2BXS%2F4dHqCrpNYt1tNs%2BTpTSDgT2L4HPaX5QGgY%2BBuxF8GxKgUN2l%2FRDGaKD%2F9WUSa9MCl0ak5O56Mc85f1aDWv0AJ5gYLsK3M%2FlOQ66VcEykEKqIzdFF%2Fs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8293b9005c1f56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (14)

URL User Request GET HTTP/2

IP

ASN