| | 104.21.38.221 | 301 Moved Permanently | 171 B |
URL User Request GET HTTP/1.1IP104.21.38.221:80
File typeHTML document, ASCII text Hashb4d53c96890ca204f96f30212a8146fd af6fbcfc6e858c48e84b19c262b2ed0cbff2f4cf e7d83cb9a48d133238f4b0a1d469c20382d2402e070e7f8901774a1cecc9f256
Analyzer | Verdict | Alert | OpenPhish | phishing | Apple Inc. | Quad9 DNS | malicious | Sinkholed |
GET /vjEN HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: goosu_session=eyJpdiI6InJRZ3VEWHFBVzltK2F2MUp6TStxS0E9PSIsInZhbHVlIjoiSExjMVJ0cExxUVJwOXYzNVZEelBJK3V0dTRCYVJScTFQclN5UlhSdGxBV3pleS8wYmUwdkd5Ny9ZTFdUQTV1Y21Ja0VVNURMTDk5SkRTcDVTa3V1UE4wQkZJTFF6eEl3Z01uNEU0d3R6WC9IMDZRNXltOHNhTUo4STdlQjM2SnYiLCJtYWMiOiI5MDQ0ZTE0MjEwMzkwNTRhNjhjZDMyYzkyNGVkNWJiNWM1YjhhYjhiODVmMjA5MjQ2MjljMmJhNzA0ZDQxM2U2IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Wed, 17 Apr 2024 19:56:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://goo.su/vjEN
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6W1J%2FaIXWfNirC8%2BSLoja5Nh7prDlbBsBjT0tu0VJOrfEv44jmBD5LuonPP5UjTBSX4YpJllX1ncVJsHmMoiSu0BXIILL0m8x1q7sHtmeKN2hwOnRD1pac0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 875efa116cda5688-OSL
alt-svc: h3=":443"; ma=86400
|
|
| enduresopens.com/ttkXIvunodY/69489 | 23.109.170.155 | 200 OK | 25 B |
URL GET HTTP/1.1enduresopens.com/ttkXIvunodY/69489 IP23.109.170.155:443
CertificateIssuerLet's Encrypt Subjectenduresopens.com FingerprintC4:F1:82:55:01:80:DE:E4:BA:76:D0:1C:20:FC:58:30:9D:43:C0:2B ValidityMon, 25 Mar 2024 23:51:07 GMT - Sun, 23 Jun 2024 23:51:06 GMT
File typeASCII text, with no line terminators Hashf7a2939527fd9e68723da600e96d76bd a9e717b6364d2895ee0a716050db32ca0ef1bb42 d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ttkXIvunodY/69489 HTTP/1.1
Host: enduresopens.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 17 Apr 2024 19:56:10 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://goo.su
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Thu, 18-Apr-2024 19:56:10 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Thu, 18-Apr-2024 19:56:10 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| www.googletagmanager.com/gtag/js?id=UA-144661405-1 | 142.250.74.72 | 200 OK | 73 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=UA-144661405-1 IP142.250.74.72:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
File typeJavaScript source, ASCII text, with very long lines (4179) Hasha605cb6a851de48682ef5b60269ff373 a4599fc3ae6de88c3fc23b615e813eb1fca8d778 da7dec8203521698f84f46dfd26fe0ab6f38af6132a850617e6af26bd078320f
GET /gtag/js?id=UA-144661405-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 17 Apr 2024 19:56:10 GMT
expires: Wed, 17 Apr 2024 19:56:10 GMT
cache-control: private, max-age=900
last-modified: Wed, 17 Apr 2024 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 73015
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| goo.su/cdn-cgi/challenge-platform/scripts/jsd/main.js | 104.21.38.221 | 302 Found | 0 B |
URL GET HTTP/3goo.su/cdn-cgi/challenge-platform/scripts/jsd/main.js IP104.21.38.221:443
CertificateIssuerGoogle Trust Services LLC Subjectgoo.su FingerprintDE:C6:4D:AF:DC:06:3A:ED:C6:AF:B6:FD:D7:3A:E7:C4:A6:AB:A2:60 ValidityMon, 01 Apr 2024 06:02:27 GMT - Sun, 30 Jun 2024 06:02:26 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Imk3YTg0YVhsN256K3o1MGdQb29Jbmc9PSIsInZhbHVlIjoiVVhtbnE1bVlsSXUzeWVIVDhubUNuLyswVUtKcW9MT24ydlB4OWJmRHVabDU2YjI1c2lBZUF1bU1Ublk3YUI5TjljQW81Z3JvVHR2bkQvNTlJZHJYcHI5a1Rkc0NGanA0RSswUDE3Wi9vY0VrN1JhaUQva05BZ3IzTmhWeGxLbXQiLCJtYWMiOiIyNDE5ZDY4MGZlYTc2ODE4YWIzYTgwNTk4OTI2NWJlM2RhZTI5ZTZlZjY3ZTU5YjVlZTVmOGRjOTA2ODdhYjA3IiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6Im1YaVFqOXYzQ3NMa2lzdDRZNFpEOWc9PSIsInZhbHVlIjoiUk9seGIzdHRJcmFuZ2xBdUl6TWNxVlUxbnZHajZVdFhvWVJKWVE4aXNKb3ZFUlVKQldWTDdsVzhpcUlYbHlLVDFEaVBKcTJvK1VjNEhTM2VTTUI5NFNYeVg1WlBvZ1JWc2tVMXRSclV1MUhhcnZrbGlwRHNWUHg0aW5kOURuWlQiLCJtYWMiOiIyMmIzMjQxNzhkMjFhN2JjN2Q3YzI3ZjUzOGNlYWE2Yzk2OGI0YmQ0ZGQxNDJhNjIyOGNmZDU0NzJlNDhhYjljIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
date: Wed, 17 Apr 2024 19:56:10 GMT
content-length: 0
cache-control: max-age=300, public
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JOUxKSiDAOpPFY4OFRGiobvAxTNrTVIJ%2BwzbGEjW88ZxbOZL%2BHz1mPu39QxqJHdZZblRuAobDe4YZoKz5EIm4QYRR4AwuNz17bVxFdR%2FJmLzFa6OOPz2YCU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875efa14cde45696-OSL
alt-svc: h3=":443"; ma=86400
|
|
| goo.su/cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js | 104.21.38.221 | 200 OK | 4.2 kB |
URL GET HTTP/3goo.su/cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js IP104.21.38.221:443
CertificateIssuerGoogle Trust Services LLC Subjectgoo.su FingerprintDE:C6:4D:AF:DC:06:3A:ED:C6:AF:B6:FD:D7:3A:E7:C4:A6:AB:A2:60 ValidityMon, 01 Apr 2024 06:02:27 GMT - Sun, 30 Jun 2024 06:02:26 GMT
File typeJavaScript source, ASCII text, with very long lines (7892), with no line terminators Hash22a99c93ac43a6eef084d7b8cf011adf 52fd6b9be4ce4efe825419fa17efa135c41e49e5 5c2edf2ff7415170a85ca066579b3b57d33d66ead540b44e34bef7e067c436f5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Imk3YTg0YVhsN256K3o1MGdQb29Jbmc9PSIsInZhbHVlIjoiVVhtbnE1bVlsSXUzeWVIVDhubUNuLyswVUtKcW9MT24ydlB4OWJmRHVabDU2YjI1c2lBZUF1bU1Ublk3YUI5TjljQW81Z3JvVHR2bkQvNTlJZHJYcHI5a1Rkc0NGanA0RSswUDE3Wi9vY0VrN1JhaUQva05BZ3IzTmhWeGxLbXQiLCJtYWMiOiIyNDE5ZDY4MGZlYTc2ODE4YWIzYTgwNTk4OTI2NWJlM2RhZTI5ZTZlZjY3ZTU5YjVlZTVmOGRjOTA2ODdhYjA3IiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6Im1YaVFqOXYzQ3NMa2lzdDRZNFpEOWc9PSIsInZhbHVlIjoiUk9seGIzdHRJcmFuZ2xBdUl6TWNxVlUxbnZHajZVdFhvWVJKWVE4aXNKb3ZFUlVKQldWTDdsVzhpcUlYbHlLVDFEaVBKcTJvK1VjNEhTM2VTTUI5NFNYeVg1WlBvZ1JWc2tVMXRSclV1MUhhcnZrbGlwRHNWUHg0aW5kOURuWlQiLCJtYWMiOiIyMmIzMjQxNzhkMjFhN2JjN2Q3YzI3ZjUzOGNlYWE2Yzk2OGI0YmQ0ZGQxNDJhNjIyOGNmZDU0NzJlNDhhYjljIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 19:56:10 GMT
content-type: application/javascript; charset=UTF-8
content-encoding: br
vary: accept-encoding
x-content-type-options: nosniff
cache-control: max-age=14400, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nTqVxbMZU%2F%2BO0nPHn%2Bk2Et5Q55PilaVtlmg1mrqnyf99RYnVoQgFVpC6CpPXri6muPTvz3DRv3Ub9jjRg9F1Q7IeeGSIIJjHcXU4EFfsxFmU%2Bggd0yHLL9E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875efa14ee0c5696-OSL
alt-svc: h3=":443"; ma=86400
|
|
| fonts.gstatic.com/s/nunito/v26/XRXI3I6Li01BKofiOc5wtlZ2di8HDLshdTQ3jw.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/nunito/v26/XRXI3I6Li01BKofiOc5wtlZ2di8HDLshdTQ3jw.woff2 IP216.58.207.227:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 16292, version 1.0 Hashce485a2bdee361bb271bd6d3ce1ee5cd 4f9a446275d160cccd6666addee65f849c9c5a50 923963e0a56b84c4438f2359121e855e147a01a78a2591c471179cfc9bf0e784
GET /s/nunito/v26/XRXI3I6Li01BKofiOc5wtlZ2di8HDLshdTQ3jw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://goo.su
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16292
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 08:25:19 GMT
expires: Wed, 16 Apr 2025 08:25:19 GMT
cache-control: public, max-age=31536000
age: 127851
last-modified: Thu, 14 Sep 2023 00:41:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-CFRSCHBSP6&l=dataLayer&cx=c | 142.250.74.72 | 200 OK | 88 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=G-CFRSCHBSP6&l=dataLayer&cx=c IP142.250.74.72:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
File typeJavaScript source, ASCII text, with very long lines (5955) Hash1a0c7fb4108e5fe299d6135e1f9efc7d 719bb6e0fc3c0d0fe0094376fb87704af8f7252d bd1a83f1ce7c967e84e304721e8760ca6d057818082b199a9f54a38f88265275
GET /gtag/js?id=G-CFRSCHBSP6&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 17 Apr 2024 19:56:10 GMT
expires: Wed, 17 Apr 2024 19:56:10 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 88134
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| goo.su/favicon.ico | 104.21.38.221 | 200 OK | 14 kB |
IP104.21.38.221:443
CertificateIssuerGoogle Trust Services LLC Subjectgoo.su FingerprintDE:C6:4D:AF:DC:06:3A:ED:C6:AF:B6:FD:D7:3A:E7:C4:A6:AB:A2:60 ValidityMon, 01 Apr 2024 06:02:27 GMT - Sun, 30 Jun 2024 06:02:26 GMT
File typeMS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel Hashd1aabf7d4d55969e61f11c1fd069bab9 f023ddc6ac59f9a437f31bc97ac5448235063d31 4286c3fed7075e00cbd2b574690e9878d945e42ba92bac2b3464c1a943c2d3c2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/vjEN
Cookie: XSRF-TOKEN=eyJpdiI6Imk3YTg0YVhsN256K3o1MGdQb29Jbmc9PSIsInZhbHVlIjoiVVhtbnE1bVlsSXUzeWVIVDhubUNuLyswVUtKcW9MT24ydlB4OWJmRHVabDU2YjI1c2lBZUF1bU1Ublk3YUI5TjljQW81Z3JvVHR2bkQvNTlJZHJYcHI5a1Rkc0NGanA0RSswUDE3Wi9vY0VrN1JhaUQva05BZ3IzTmhWeGxLbXQiLCJtYWMiOiIyNDE5ZDY4MGZlYTc2ODE4YWIzYTgwNTk4OTI2NWJlM2RhZTI5ZTZlZjY3ZTU5YjVlZTVmOGRjOTA2ODdhYjA3IiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6Im1YaVFqOXYzQ3NMa2lzdDRZNFpEOWc9PSIsInZhbHVlIjoiUk9seGIzdHRJcmFuZ2xBdUl6TWNxVlUxbnZHajZVdFhvWVJKWVE4aXNKb3ZFUlVKQldWTDdsVzhpcUlYbHlLVDFEaVBKcTJvK1VjNEhTM2VTTUI5NFNYeVg1WlBvZ1JWc2tVMXRSclV1MUhhcnZrbGlwRHNWUHg0aW5kOURuWlQiLCJtYWMiOiIyMmIzMjQxNzhkMjFhN2JjN2Q3YzI3ZjUzOGNlYWE2Yzk2OGI0YmQ0ZGQxNDJhNjIyOGNmZDU0NzJlNDhhYjljIiwidGFnIjoiIn0%3D; cf_clearance=cidN5EE1JsCfbSdu8E.hI6237iuCvLAZJ8GdcjuesFU-1713383770-1.0.1.1-5AUsJG9VEgaSTytH5XZQf_heOD02c0SfO7RKTRVjK9L6A93CbItjrtaSpkLBXLyu6QmfPyrQzykqUuNWMmWpvw; _ga_CFRSCHBSP6=GS1.1.1713383770.1.0.1713383770.0.0.0; _ga=GA1.1.597748850.1713383771
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 19:56:10 GMT
content-type: image/x-icon
last-modified: Sun, 24 Dec 2023 16:31:41 GMT
etag: W/"65885ced-3aee"
expires: Wed, 24 Apr 2024 18:17:28 GMT
cache-control: max-age=604800
cf-cache-status: HIT
age: 5922
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ua04tEIXjRRt7C5Vcf%2FXto8N5XSwnzrLjBrnX2w0odyFGSPVaulgp00MnFeeVXyv%2FVl5hObEw3I6pn12%2FGITItNxIHP29S74upcnGai2rynF%2BRX5JTTRmx4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875efa1688915696-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| st.top100.ru/top100/3.16.3/usability.js | 81.19.89.16 | 200 OK | 11 kB |
URL GET HTTP/2st.top100.ru/top100/3.16.3/usability.js IP81.19.89.16:443 ASN#24638 Rambler Internet Holding LLC
CertificateIssuerGlobalSign nv-sa Subject*.top100.ru Fingerprint67:1D:AC:E1:B4:A0:6A:53:F1:28:8C:9E:68:9F:77:67:A2:55:01:F3 ValidityWed, 14 Feb 2024 08:25:42 GMT - Mon, 17 Mar 2025 08:25:41 GMT
File typegzip compressed data, from Unix Hash2ea1b835230c0e57049cf3943cbb386f 0803b689aa39c319d90c27dda44eedc9255a0a9a ee5fac268308f8e9e92cb27b6b6c340aac3fd7f9d4ab45fe4e374c357c689f83
GET /top100/3.16.3/usability.js HTTP/1.1
Host: st.top100.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 17 Apr 2024 19:56:10 GMT
content-type: application/javascript
vary: Accept-Encoding
x-obs-request-id: 0000018EEDA178BEA004DE92F6F32922
etag: W/"c36ada7e993bed0165b7127d977750fa"
last-modified: Thu, 11 Apr 2024 09:09:15 GMT
x-obs-meta-s3cmd-attrs: atime:1712825941/ctime:1712825934/gid:0/gname:root/md5:c36ada7e993bed0165b7127d977750fa/mode:33188/mtime:1712825931/uid:0/uname:root
x-obs-tagging-count: 0
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCS4u23AslNtt5w58x0zTQy7fPnLIahSE
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
set-cookie: proto_uid=1CIAAFopIGbEYs1UAZm8hgB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/
p3p: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Nunito | 142.250.74.170 | 200 OK | 1.7 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Nunito IP142.250.74.170:443
CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
File typeASCII text, with very long lines (1780), with no line terminators Hash0873a0b20ec044cc647d71ae79691b72 e58fa4ff5f228c79602877ac175ba22652695655 68d125efd05178f6bd842093bc95973b216bae930de6c290c912be4b28e48cb3
GET /css?family=Nunito HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 17 Apr 2024 19:56:10 GMT
date: Wed, 17 Apr 2024 19:56:10 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| goo.su/cdn-cgi/challenge-platform/h/g/jsd/r/875efa11e8135696 | 104.21.38.221 | 200 OK | 0 B |
URL POST HTTP/3goo.su/cdn-cgi/challenge-platform/h/g/jsd/r/875efa11e8135696 IP104.21.38.221:443
CertificateIssuerGoogle Trust Services LLC Subjectgoo.su FingerprintDE:C6:4D:AF:DC:06:3A:ED:C6:AF:B6:FD:D7:3A:E7:C4:A6:AB:A2:60 ValidityMon, 01 Apr 2024 06:02:27 GMT - Sun, 30 Jun 2024 06:02:26 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/jsd/r/875efa11e8135696 HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12130
Origin: https://goo.su
DNT: 1
Connection: keep-alive
Referer: https://goo.su/vjEN
Cookie: XSRF-TOKEN=eyJpdiI6Imk3YTg0YVhsN256K3o1MGdQb29Jbmc9PSIsInZhbHVlIjoiVVhtbnE1bVlsSXUzeWVIVDhubUNuLyswVUtKcW9MT24ydlB4OWJmRHVabDU2YjI1c2lBZUF1bU1Ublk3YUI5TjljQW81Z3JvVHR2bkQvNTlJZHJYcHI5a1Rkc0NGanA0RSswUDE3Wi9vY0VrN1JhaUQva05BZ3IzTmhWeGxLbXQiLCJtYWMiOiIyNDE5ZDY4MGZlYTc2ODE4YWIzYTgwNTk4OTI2NWJlM2RhZTI5ZTZlZjY3ZTU5YjVlZTVmOGRjOTA2ODdhYjA3IiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6Im1YaVFqOXYzQ3NMa2lzdDRZNFpEOWc9PSIsInZhbHVlIjoiUk9seGIzdHRJcmFuZ2xBdUl6TWNxVlUxbnZHajZVdFhvWVJKWVE4aXNKb3ZFUlVKQldWTDdsVzhpcUlYbHlLVDFEaVBKcTJvK1VjNEhTM2VTTUI5NFNYeVg1WlBvZ1JWc2tVMXRSclV1MUhhcnZrbGlwRHNWUHg0aW5kOURuWlQiLCJtYWMiOiIyMmIzMjQxNzhkMjFhN2JjN2Q3YzI3ZjUzOGNlYWE2Yzk2OGI0YmQ0ZGQxNDJhNjIyOGNmZDU0NzJlNDhhYjljIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 17 Apr 2024 19:56:10 GMT
content-type: text/plain; charset=UTF-8
set-cookie: cf_clearance=cidN5EE1JsCfbSdu8E.hI6237iuCvLAZJ8GdcjuesFU-1713383770-1.0.1.1-5AUsJG9VEgaSTytH5XZQf_heOD02c0SfO7RKTRVjK9L6A93CbItjrtaSpkLBXLyu6QmfPyrQzykqUuNWMmWpvw; path=/; expires=Thu, 17-Apr-25 19:56:10 GMT; domain=.goo.su; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7GWB1qca2GR2syTLfWGSLgw03qD9bH0VVO6w8FqRL%2BmPWmG5GMjl4exIkE05%2FO8a12zTWLuD6FtQkhA5vLBNelAFwHcUeIEKB6%2B6ob8qzvyiXBejlEcsAt0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875efa15df5c5696-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| st.top100.ru/top100/top100.js | 81.19.89.16 | 200 OK | 129 kB |
URL GET HTTP/2st.top100.ru/top100/top100.js IP81.19.89.16:443 ASN#24638 Rambler Internet Holding LLC
CertificateIssuerGlobalSign nv-sa Subject*.top100.ru Fingerprint67:1D:AC:E1:B4:A0:6A:53:F1:28:8C:9E:68:9F:77:67:A2:55:01:F3 ValidityWed, 14 Feb 2024 08:25:42 GMT - Mon, 17 Mar 2025 08:25:41 GMT
Size129 kB (128948 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /top100/top100.js HTTP/1.1
Host: st.top100.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 17 Apr 2024 19:56:10 GMT
content-type: application/javascript
vary: Accept-Encoding
x-obs-request-id: 0000018EED9892BFA8043017580B4CA2
etag: W/"b98a11c666d493857a7cc44ed3c02bdf"
last-modified: Thu, 11 Apr 2024 09:09:15 GMT
x-obs-meta-s3cmd-attrs: atime:1712825941/ctime:1712825934/gid:0/gname:root/md5:b98a11c666d493857a7cc44ed3c02bdf/mode:33188/mtime:1712825931/uid:0/uname:root
x-obs-tagging-count: 0
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSF1TP5D1yuJr1hd+R76YX1FV7pIkqxk
expires: Wed, 17 Apr 2024 20:56:10 GMT
cache-control: max-age=3600
set-cookie: proto_uid=1CIAAFopIGbEYs1UAYu8hgB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/
p3p: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|