Report - goo.su/MzhR9?NRa=myFo3qXSdY

Report Overview

Submitted URL
goo.su/MzhR9?NRa=myFo3qXSdY
IP
172.67.139.105
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-19 10:29:20
Access
public
Website Title
slneksmtosyjoeh.buzz/einks5
Final URL
slneksmtosyjoeh.buzz/einks5
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
16

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
richinfo.co	285236	2019-06-20	2019-06-26	2024-04-17	445 B	36 kB	109.200.199.110
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-19	875 B	7.8 kB	142.250.74.106
st.top100.ru	27374	1999-09-30	2014-03-27	2024-04-17	800 B	66 kB	81.19.89.18
rtb.pushdom.co	244282	2018-12-28	2019-01-08	2024-04-17	509 B	158 B	31.204.132.208
slneksmtosyjoeh.buzz	unknown	unknown	No data	No data	946 B	498 B	91.92.243.37
goo.su	377451	2019-06-14	2017-05-12	2024-04-17	8.2 kB	75 kB	104.21.38.221
enduresopens.com	unknown	2023-08-31	2023-08-31	2024-04-17	399 B	1.5 kB	23.109.170.73
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-18	1.1 kB	36 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-19 10:28:54	low	Client IP	104.21.38.221	ET INFO Observed URL Shortener Service Domain (goo .su in TLS SNI)
2024-04-19 10:29:00	medium	91.92.243.37	Client IP	ET DROP Spamhaus DROP Listed Traffic Inbound group 13

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-19	medium	goo.su	Sinkholed
2024-04-19	medium	enduresopens.com	Sinkholed
2024-04-19	medium	goo.su	Sinkholed
2024-04-19	medium	goo.su	Sinkholed
2024-04-19	medium	goo.su	Sinkholed
2024-04-19	medium	goo.su	Sinkholed
2024-04-19	medium	goo.su	Sinkholed
2024-04-19	medium	goo.su	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

		Size	First Seen	Last Seen
	#1 Write - 703b672f3266893d6385a6476843bfba	253 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 12:29:27 Last Seen2024-04-19 12:29:27 Times Seen1 Hash 703b672f3266893d6385a6476843bfba 831268842b65d2476d8fa4dea459e6079c4103a6 7756442aee11ef55a824ad966bb2f247d6c1c5924ed568ce8e5db2fc2a896ad8 Loading...

HTTP Transactions (18)

URL IP Response Size

goo.su/frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb5

104.21.38.221

200 OK

32 kB

URL GET HTTP/3
goo.su/frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb5
IP
104.21.38.221:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goo.su/MzhR9?NRa=myFo3qXSdY
Certificate
IssuerGoogle Trust Services LLC
Subjectgoo.su
FingerprintDE:C6:4D:AF:DC:06:3A:ED:C6:AF:B6:FD:D7:3A:E7:C4:A6:AB:A2:60
ValidityMon, 01 Apr 2024 06:02:27 GMT - Sun, 30 Jun 2024 06:02:26 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size
32 kB (32113 bytes)
Hash
f152f828206d2cf93e62818f9504e023
182c57654b3f05537cd722545f8d8dd99a8e2652
237a9a5d407ec860020474b01d73aaf1ca71ba2519c8ca92dba2ec81cf479d0b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb5 HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/MzhR9?NRa=myFo3qXSdY
Cookie: XSRF-TOKEN=eyJpdiI6Imhhc3N2d1NtQytFTVJ5UGM2cDdRQ2c9PSIsInZhbHVlIjoiYXMxWFVKZzYzQ1dOa3NPd2o1UHozV0dLUkpWdlBaMFJKbFh3SjJrWWJVREdHMXluUXRWRWpDUDRQSFI0YmFabWMzYlVTazJxYjRSdnNSVUtyYVdQYm1rVURGSkVkaFlJU2ppQ2F4L3FUN2M4Z3Z0SmROOCthY2ZkWWpna3FjMjEiLCJtYWMiOiIxYWJmNmMwYTJjMjVlZGUwNmJhN2JjOGI5Mzc0ZTcwZDQyMGIyMmJlZTRkODNmMTI2MzRhZTExYmQ3MGFmMDg3IiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6IjVxSU5GLzZwVDdLc3diMFlnOWpDblE9PSIsInZhbHVlIjoiNUJVWVVybnJMai9KUFJieEZXZklvMHZ6bm9rekxxWVk4Qk0xZ0I1d2ZoTGZhUGQ1MzhHbkdQK1gzWHBkTHp0bDFjWFJGRGFpNGI5ZnVGSEZMSTM0Y1NZcGZwZ2Q4N1d3TkVELzNwSm5iT0FtTzlyTm9nME51STZsNFdRZWdLUjYiLCJtYWMiOiJiN2Y2NTJmNTBlMWI3OTQ0NWMxOTU2MmU1MDhlZjk5MmQyZjI0YTIwNTE4NjYyZTJkN2Q0NWM5MTg1Y2U2YzRkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 10:28:54 GMT
content-type: application/javascript
cache-control: max-age=604800
cf-bgj: minify
cf-polished: origSize=87787
etag: W/"65896ec2-156eb"
expires: Wed, 24 Apr 2024 18:08:34 GMT
last-modified: Mon, 25 Dec 2023 12:00:02 GMT
cf-cache-status: HIT
age: 145220
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P9qalzbw%2F%2FxxEt%2Bmep%2FS8nGoCt20O%2B2sK%2F7bhW%2B1RK3yb7pek%2FLF8D1C8DCbPXvk5e5a1sXNYPTEgSfnjpXvcftFs5HnA5KrMsYVsF%2FTGz2U7zCETdQDj5I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876c35e39ea25690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

enduresopens.com/ttkXIvunodY/69489

23.109.170.73

200 OK

25 B

URL GET HTTP/1.1
enduresopens.com/ttkXIvunodY/69489
IP
23.109.170.73:443
ASN
#7979 SERVERS-COM

Requested by
https://goo.su/MzhR9?NRa=myFo3qXSdY
Certificate
IssuerLet's Encrypt
Subjectenduresopens.com
FingerprintC4:F1:82:55:01:80:DE:E4:BA:76:D0:1C:20:FC:58:30:9D:43:C0:2B
ValidityMon, 25 Mar 2024 23:51:07 GMT - Sun, 23 Jun 2024 23:51:06 GMT

File type
ASCII text, with no line terminators
Size
25 B (25 bytes)
Hash
f7a2939527fd9e68723da600e96d76bd
a9e717b6364d2895ee0a716050db32ca0ef1bb42
d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ttkXIvunodY/69489 HTTP/1.1
Host: enduresopens.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 19 Apr 2024 10:28:55 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://goo.su
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sat, 20-Apr-2024 10:28:55 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Sat, 20-Apr-2024 10:28:55 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

goo.su/cdn-cgi/challenge-platform/scripts/jsd/main.js

104.21.38.221

302 Found

0 B

URL GET HTTP/3
goo.su/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
104.21.38.221:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goo.su/MzhR9?NRa=myFo3qXSdY
Certificate
IssuerGoogle Trust Services LLC
Subjectgoo.su
FingerprintDE:C6:4D:AF:DC:06:3A:ED:C6:AF:B6:FD:D7:3A:E7:C4:A6:AB:A2:60
ValidityMon, 01 Apr 2024 06:02:27 GMT - Sun, 30 Jun 2024 06:02:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Imhhc3N2d1NtQytFTVJ5UGM2cDdRQ2c9PSIsInZhbHVlIjoiYXMxWFVKZzYzQ1dOa3NPd2o1UHozV0dLUkpWdlBaMFJKbFh3SjJrWWJVREdHMXluUXRWRWpDUDRQSFI0YmFabWMzYlVTazJxYjRSdnNSVUtyYVdQYm1rVURGSkVkaFlJU2ppQ2F4L3FUN2M4Z3Z0SmROOCthY2ZkWWpna3FjMjEiLCJtYWMiOiIxYWJmNmMwYTJjMjVlZGUwNmJhN2JjOGI5Mzc0ZTcwZDQyMGIyMmJlZTRkODNmMTI2MzRhZTExYmQ3MGFmMDg3IiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6IjVxSU5GLzZwVDdLc3diMFlnOWpDblE9PSIsInZhbHVlIjoiNUJVWVVybnJMai9KUFJieEZXZklvMHZ6bm9rekxxWVk4Qk0xZ0I1d2ZoTGZhUGQ1MzhHbkdQK1gzWHBkTHp0bDFjWFJGRGFpNGI5ZnVGSEZMSTM0Y1NZcGZwZ2Q4N1d3TkVELzNwSm5iT0FtTzlyTm9nME51STZsNFdRZWdLUjYiLCJtYWMiOiJiN2Y2NTJmNTBlMWI3OTQ0NWMxOTU2MmU1MDhlZjk5MmQyZjI0YTIwNTE4NjYyZTJkN2Q0NWM5MTg1Y2U2YzRkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Fri, 19 Apr 2024 10:28:55 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, public
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UZe0ukedjPgNPBVtBV6CcXAkDH0qmu6ZSgOrgAyFOyJEZI6O%2Bz%2B7yHHPCVEQ5xGf%2FNKIyxDk8W3L8WnZ7XE8hjqKnIw%2B3%2FdGvIMZ%2Bccihf3CnjGdNVYyh7I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876c35e578885690-OSL
alt-svc: h3=":443"; ma=86400

goo.su/cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js

104.21.38.221

200 OK

4.2 kB

URL GET HTTP/3
goo.su/cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js
IP
104.21.38.221:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goo.su/MzhR9?NRa=myFo3qXSdY
Certificate
IssuerGoogle Trust Services LLC
Subjectgoo.su
FingerprintDE:C6:4D:AF:DC:06:3A:ED:C6:AF:B6:FD:D7:3A:E7:C4:A6:AB:A2:60
ValidityMon, 01 Apr 2024 06:02:27 GMT - Sun, 30 Jun 2024 06:02:26 GMT

File type
JavaScript source, ASCII text, with very long lines (7824), with no line terminators
Size
4.2 kB (4231 bytes)
Hash
58dad5eb5ad1adb04b9554165e8391d7
0f09bfcbae5d9086323ff7f5d332ba43aa332e52
f83a43dc9222934e8cd0efa4fe4f548aa1787dfad62de61b0e38bf47528f6725

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Imhhc3N2d1NtQytFTVJ5UGM2cDdRQ2c9PSIsInZhbHVlIjoiYXMxWFVKZzYzQ1dOa3NPd2o1UHozV0dLUkpWdlBaMFJKbFh3SjJrWWJVREdHMXluUXRWRWpDUDRQSFI0YmFabWMzYlVTazJxYjRSdnNSVUtyYVdQYm1rVURGSkVkaFlJU2ppQ2F4L3FUN2M4Z3Z0SmROOCthY2ZkWWpna3FjMjEiLCJtYWMiOiIxYWJmNmMwYTJjMjVlZGUwNmJhN2JjOGI5Mzc0ZTcwZDQyMGIyMmJlZTRkODNmMTI2MzRhZTExYmQ3MGFmMDg3IiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6IjVxSU5GLzZwVDdLc3diMFlnOWpDblE9PSIsInZhbHVlIjoiNUJVWVVybnJMai9KUFJieEZXZklvMHZ6bm9rekxxWVk4Qk0xZ0I1d2ZoTGZhUGQ1MzhHbkdQK1gzWHBkTHp0bDFjWFJGRGFpNGI5ZnVGSEZMSTM0Y1NZcGZwZ2Q4N1d3TkVELzNwSm5iT0FtTzlyTm9nME51STZsNFdRZWdLUjYiLCJtYWMiOiJiN2Y2NTJmNTBlMWI3OTQ0NWMxOTU2MmU1MDhlZjk5MmQyZjI0YTIwNTE4NjYyZTJkN2Q0NWM5MTg1Y2U2YzRkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 10:28:55 GMT
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
vary: accept-encoding
content-encoding: br
cache-control: max-age=14400, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OZ%2BKCCuRIye%2FSMpVzZVMmedHQmXlwJd%2BNukWVarZfRt%2B75znEV58PdEnnGsAVx2h7G4SoZuIUuwh%2FZmKgL1TUPUPFxWpcSd%2FDNTGf3e8pJlWVOY6IbrD83Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876c35e5889c5690-OSL
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

216.58.207.227

200 OK

19 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://goo.su/MzhR9?NRa=myFo3qXSdY
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 18668, version 1.0
Size
19 kB (18668 bytes)
Hash
8655d20bbcc8cdbfab17b6be6cf55df3
90edbfa9a7dabb185487b4774076f82eb6412270
e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6

HTTP Headers

GET /s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://goo.su
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18668
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:34:50 GMT
expires: Fri, 18 Apr 2025 02:34:50 GMT
cache-control: public, max-age=31536000
age: 114845
last-modified: Thu, 14 Dec 2023 02:00:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://goo.su/MzhR9?NRa=myFo3qXSdY
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://goo.su
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 16:27:38 GMT
expires: Wed, 16 Apr 2025 16:27:38 GMT
cache-control: public, max-age=31536000
age: 237677
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33

109.200.199.110

200 OK

36 kB

URL GET HTTP/2
richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33
IP
109.200.199.110:443
ASN
#49544 i3D.net B.V

Requested by
https://goo.su/MzhR9?NRa=myFo3qXSdY
Certificate
IssuerLet's Encrypt
Subjectrichinfo.co
Fingerprint25:29:37:EE:41:C6:34:D2:D5:4C:10:A7:3F:D7:C5:E4:2E:7D:3B:2D
ValidityMon, 25 Mar 2024 13:05:17 GMT - Sun, 23 Jun 2024 13:05:16 GMT

File type
gzip compressed data, from Unix
Size
36 kB (35838 bytes)
Hash
148878813f5abd96ab3243139022ae55
83079999dffcd411136a4e5f2e6531c88250228b
b02a81193ecf9739397f6cfdf8d99b6479f28da153b142a7e6464818d2d4dfe8

HTTP Headers

GET /richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33 HTTP/1.1
Host: richinfo.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty/1.21.4.1
date: Fri, 19 Apr 2024 10:28:55 GMT
content-type: application/x-javascript
x-amz-id-2: GL+EBomTi8S3EPCVOxNPQKsOBcc4FrBZvwzrlTQXxy298W5g4aCSd5HqqDV9SM9n8+60Qpy+ScE=
x-amz-request-id: 787GM6GQ78VK0NCW
last-modified: Wed, 10 Apr 2024 13:16:50 GMT
etag: W/"48e0c66e13f063ffe401a275add23665"
x-amz-server-side-encryption: AES256
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:400&display=swap

142.250.74.106

200 OK

580 B

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:400&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://goo.su/MzhR9?NRa=myFo3qXSdY
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
ASCII text
Size
580 B (580 bytes)
Hash
ddfffa73a3ad101de750962d005d7037
4c82d80e86b6562baf0ab94a56be20c44b4f6f47
838e680ca964a26c94665951577f3f0902ef54de2ee063d3465f22945dc44afa

HTTP Headers

GET /css?family=Roboto:400&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 19 Apr 2024 10:28:55 GMT
date: Fri, 19 Apr 2024 10:28:55 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

st.top100.ru/top100/top100.js

81.19.89.18

200 OK

50 kB

URL GET HTTP/2
st.top100.ru/top100/top100.js
IP
81.19.89.18:443
ASN
#24638 Rambler Internet Holding LLC

Requested by
https://goo.su/MzhR9?NRa=myFo3qXSdY
Certificate
IssuerGlobalSign nv-sa
Subject*.top100.ru
Fingerprint67:1D:AC:E1:B4:A0:6A:53:F1:28:8C:9E:68:9F:77:67:A2:55:01:F3
ValidityWed, 14 Feb 2024 08:25:42 GMT - Mon, 17 Mar 2025 08:25:41 GMT

File type
gzip compressed data, from Unix
Size
50 kB (50017 bytes)
Hash
555f829773aca2e3bcb3aa5214bfac46
f256d2a2ff946b6b2494df9e90314f1433f8af9a
266825671848f271c10499ee6c9cba81d4e65d3d987f6df680550e54ee56844b

HTTP Headers

GET /top100/top100.js HTTP/1.1
Host: st.top100.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 10:28:55 GMT
content-type: application/javascript
vary: Accept-Encoding
x-obs-request-id: 0000018EF5DDEDA2A80522F30913EF6A
etag: W/"b98a11c666d493857a7cc44ed3c02bdf"
last-modified: Thu, 11 Apr 2024 09:09:15 GMT
x-obs-meta-s3cmd-attrs: atime:1712825941/ctime:1712825934/gid:0/gname:root/md5:b98a11c666d493857a7cc44ed3c02bdf/mode:33188/mtime:1712825931/uid:0/uname:root
x-obs-tagging-count: 0
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSGcSU3BghciJy1XOM2Ft7GkMlaB4dFd
expires: Fri, 19 Apr 2024 11:28:55 GMT
cache-control: max-age=3600
set-cookie: proto_uid=1CIAAGdHImbYTj+PAU4B8QB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/
p3p: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
content-encoding: gzip
X-Firefox-Spdy: h2

goo.su/img/favicons/favicon-16x16.png

104.21.38.221

200 OK

1.6 kB

URL GET HTTP/3
goo.su/img/favicons/favicon-16x16.png
IP
104.21.38.221:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goo.su/MzhR9?NRa=myFo3qXSdY
Certificate
IssuerGoogle Trust Services LLC
Subjectgoo.su
FingerprintDE:C6:4D:AF:DC:06:3A:ED:C6:AF:B6:FD:D7:3A:E7:C4:A6:AB:A2:60
ValidityMon, 01 Apr 2024 06:02:27 GMT - Sun, 30 Jun 2024 06:02:26 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
1.6 kB (1567 bytes)
Hash
2b201347b6d90e0ad2bbad3be209db73
ae5de3e7f779cf33aefd5dc738f2126633bb7824
df0a5932ec719656fd8f147bcc0c14312e53e52c2df13f5f815d72833de9c852

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/favicons/favicon-16x16.png HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/MzhR9?NRa=myFo3qXSdY
Cookie: XSRF-TOKEN=eyJpdiI6Imhhc3N2d1NtQytFTVJ5UGM2cDdRQ2c9PSIsInZhbHVlIjoiYXMxWFVKZzYzQ1dOa3NPd2o1UHozV0dLUkpWdlBaMFJKbFh3SjJrWWJVREdHMXluUXRWRWpDUDRQSFI0YmFabWMzYlVTazJxYjRSdnNSVUtyYVdQYm1rVURGSkVkaFlJU2ppQ2F4L3FUN2M4Z3Z0SmROOCthY2ZkWWpna3FjMjEiLCJtYWMiOiIxYWJmNmMwYTJjMjVlZGUwNmJhN2JjOGI5Mzc0ZTcwZDQyMGIyMmJlZTRkODNmMTI2MzRhZTExYmQ3MGFmMDg3IiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6IjVxSU5GLzZwVDdLc3diMFlnOWpDblE9PSIsInZhbHVlIjoiNUJVWVVybnJMai9KUFJieEZXZklvMHZ6bm9rekxxWVk4Qk0xZ0I1d2ZoTGZhUGQ1MzhHbkdQK1gzWHBkTHp0bDFjWFJGRGFpNGI5ZnVGSEZMSTM0Y1NZcGZwZ2Q4N1d3TkVELzNwSm5iT0FtTzlyTm9nME51STZsNFdRZWdLUjYiLCJtYWMiOiJiN2Y2NTJmNTBlMWI3OTQ0NWMxOTU2MmU1MDhlZjk5MmQyZjI0YTIwNTE4NjYyZTJkN2Q0NWM5MTg1Y2U2YzRkIiwidGFnIjoiIn0%3D; cf_clearance=YXZma9g3GVYJP8DB7oCVZGtnnHgFkBJ0DVTN2s5ptok-1713522535-1.0.1.1-X3l80xA9wYYu87f0fuAI9qjuu2ZwgNpAyjZhXAW8UZrEKoM3uI9ERvTa005SqS4MV.gykJpCN4hVGe9LQ6RFVg; adtech_uid=5b163e75-bdf5-4b8d-90fc-69c4a54b9299%3Agoo.su; top100_id=t1.6673155.1350132502.1713522535593; t3_sid_6673155=s1.1979281682.1713522535594.1713522535594.1.1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 10:28:55 GMT
content-type: image/png
content-length: 1567
last-modified: Sun, 24 Dec 2023 16:31:41 GMT
etag: "65885ced-61f"
expires: Tue, 23 Apr 2024 17:48:03 GMT
cache-control: max-age=604800
cf-cache-status: HIT
age: 232852
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cVPh%2FKSn0%2F8Q2YU9V1GSp2trE7UIEB9DNntUlFVpwZzY8VvJu7rxGZgJV5Vxfsceyy0R1x4S6Mr5leLGrxlAPjja1T9GPrgGH7xXkeDfo3%2FoIzLkJVe2xjk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876c35e8cb9f5690-OSL
alt-svc: h3=":443"; ma=86400

rtb.pushdom.co/pb/st?sctp=content-locker&m=ht&pid=883146&sid=330256&dm=goo.su&c1=https&c2=1&c3=https://rtb.pushdom.co/pb/st

31.204.132.208

200 OK

0 B

URL GET HTTP/2
rtb.pushdom.co/pb/st?sctp=content-locker&m=ht&pid=883146&sid=330256&dm=goo.su&c1=https&c2=1&c3=https://rtb.pushdom.co/pb/st
IP
31.204.132.208:443
ASN
#49544 i3D.net B.V

Requested by
https://goo.su/MzhR9?NRa=myFo3qXSdY
Certificate
IssuerLet's Encrypt
Subjectrtb.pushdom.co
Fingerprint12:C4:C5:EF:24:BE:28:31:C7:C1:45:E0:0F:F3:7E:9C:7F:5E:3E:30
ValidityMon, 01 Apr 2024 18:28:04 GMT - Sun, 30 Jun 2024 18:28:03 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pb/st?sctp=content-locker&m=ht&pid=883146&sid=330256&dm=goo.su&c1=https&c2=1&c3=https://rtb.pushdom.co/pb/st HTTP/1.1
Host: rtb.pushdom.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty/1.21.4.1
date: Fri, 19 Apr 2024 10:28:56 GMT
content-type: text/html;charset=UTF-8
content-length: 0
X-Firefox-Spdy: h2

slneksmtosyjoeh.buzz/einks5

91.92.243.37

404 Not Found

9 B

URL User Request GET HTTP/1.1
slneksmtosyjoeh.buzz/einks5
IP
91.92.243.37:443
ASN
#394711 LIMENET

Certificate
IssuerLet's Encrypt
Subjectslneksmtosyjoeh.buzz
FingerprintBE:06:FD:AF:6C:BA:80:07:D2:46:0F:6F:65:AF:24:43:ED:E9:19:A0
ValidityFri, 19 Apr 2024 06:54:07 GMT - Thu, 18 Jul 2024 06:54:06 GMT

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
9d1ead73e678fa2f51a70a933b0bf017
d205cbd6783332a212c5ae92d73c77178c2d2f28
0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5

HTTP Headers

GET /einks5 HTTP/1.1
Host: slneksmtosyjoeh.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.24.0
Date: Fri, 19 Apr 2024 10:29:00 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 9
Connection: keep-alive
Access-Control-Allow-Origin: *
ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"

slneksmtosyjoeh.buzz/favicon.ico

91.92.243.37

404 Not Found

9 B

URL GET HTTP/1.1
slneksmtosyjoeh.buzz/favicon.ico
IP
91.92.243.37:443
ASN
#394711 LIMENET

Requested by
https://slneksmtosyjoeh.buzz/einks5
Certificate
IssuerLet's Encrypt
Subjectslneksmtosyjoeh.buzz
FingerprintBE:06:FD:AF:6C:BA:80:07:D2:46:0F:6F:65:AF:24:43:ED:E9:19:A0
ValidityFri, 19 Apr 2024 06:54:07 GMT - Thu, 18 Jul 2024 06:54:06 GMT

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
9d1ead73e678fa2f51a70a933b0bf017
d205cbd6783332a212c5ae92d73c77178c2d2f28
0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: slneksmtosyjoeh.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://slneksmtosyjoeh.buzz/einks5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.24.0
Date: Fri, 19 Apr 2024 10:29:00 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 9
Connection: keep-alive
Access-Control-Allow-Origin: *
ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"

goo.su/img/favicons/apple-touch-icon.png

104.21.38.221

200 OK

11 kB

URL GET HTTP/3
goo.su/img/favicons/apple-touch-icon.png
IP
104.21.38.221:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goo.su/MzhR9?NRa=myFo3qXSdY
Certificate
IssuerGoogle Trust Services LLC
Subjectgoo.su
FingerprintDE:C6:4D:AF:DC:06:3A:ED:C6:AF:B6:FD:D7:3A:E7:C4:A6:AB:A2:60
ValidityMon, 01 Apr 2024 06:02:27 GMT - Sun, 30 Jun 2024 06:02:26 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGB, non-interlaced
Size
11 kB (10926 bytes)
Hash
dc1648f034a8879145ce2db071bdc305
28dfdc4f3f97f00e54528685427a83974cb04a81
7c51dc3139a5a8a07e00884f6558ed62511359803bcb4123668b8e0ccab896c7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/favicons/apple-touch-icon.png HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/MzhR9?NRa=myFo3qXSdY
Cookie: XSRF-TOKEN=eyJpdiI6Imhhc3N2d1NtQytFTVJ5UGM2cDdRQ2c9PSIsInZhbHVlIjoiYXMxWFVKZzYzQ1dOa3NPd2o1UHozV0dLUkpWdlBaMFJKbFh3SjJrWWJVREdHMXluUXRWRWpDUDRQSFI0YmFabWMzYlVTazJxYjRSdnNSVUtyYVdQYm1rVURGSkVkaFlJU2ppQ2F4L3FUN2M4Z3Z0SmROOCthY2ZkWWpna3FjMjEiLCJtYWMiOiIxYWJmNmMwYTJjMjVlZGUwNmJhN2JjOGI5Mzc0ZTcwZDQyMGIyMmJlZTRkODNmMTI2MzRhZTExYmQ3MGFmMDg3IiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6IjVxSU5GLzZwVDdLc3diMFlnOWpDblE9PSIsInZhbHVlIjoiNUJVWVVybnJMai9KUFJieEZXZklvMHZ6bm9rekxxWVk4Qk0xZ0I1d2ZoTGZhUGQ1MzhHbkdQK1gzWHBkTHp0bDFjWFJGRGFpNGI5ZnVGSEZMSTM0Y1NZcGZwZ2Q4N1d3TkVELzNwSm5iT0FtTzlyTm9nME51STZsNFdRZWdLUjYiLCJtYWMiOiJiN2Y2NTJmNTBlMWI3OTQ0NWMxOTU2MmU1MDhlZjk5MmQyZjI0YTIwNTE4NjYyZTJkN2Q0NWM5MTg1Y2U2YzRkIiwidGFnIjoiIn0%3D; cf_clearance=YXZma9g3GVYJP8DB7oCVZGtnnHgFkBJ0DVTN2s5ptok-1713522535-1.0.1.1-X3l80xA9wYYu87f0fuAI9qjuu2ZwgNpAyjZhXAW8UZrEKoM3uI9ERvTa005SqS4MV.gykJpCN4hVGe9LQ6RFVg; adtech_uid=5b163e75-bdf5-4b8d-90fc-69c4a54b9299%3Agoo.su; top100_id=t1.6673155.1350132502.1713522535593; t3_sid_6673155=s1.1979281682.1713522535594.1713522535594.1.1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 19 Apr 2024 10:28:55 GMT
content-type: image/png
content-length: 10926
last-modified: Sun, 24 Dec 2023 16:31:41 GMT
etag: "65885ced-2aae"
expires: Fri, 19 Apr 2024 14:06:25 GMT
cache-control: max-age=604800
cf-cache-status: HIT
age: 591750
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MRZJcvzr0UAnnpMdPgIH9TfxD0JeECZOpVkYkTbVRLcgxlBuK%2BM16h1cU%2BCLk8uwZVFJgmesCYd6hWQ%2F0v8C%2BBCDlMXfjlDnFkhTQCtkim8og62XA01rte8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876c35e8cb9e5690-OSL
alt-svc: h3=":443"; ma=86400

goo.su/cdn-cgi/challenge-platform/h/g/jsd/r/876c35e18b04b4f9

104.21.38.221

200 OK

0 B

URL POST HTTP/3
goo.su/cdn-cgi/challenge-platform/h/g/jsd/r/876c35e18b04b4f9
IP
104.21.38.221:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goo.su/MzhR9?NRa=myFo3qXSdY
Certificate
IssuerGoogle Trust Services LLC
Subjectgoo.su
FingerprintDE:C6:4D:AF:DC:06:3A:ED:C6:AF:B6:FD:D7:3A:E7:C4:A6:AB:A2:60
ValidityMon, 01 Apr 2024 06:02:27 GMT - Sun, 30 Jun 2024 06:02:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/jsd/r/876c35e18b04b4f9 HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12156
Origin: https://goo.su
DNT: 1
Connection: keep-alive
Referer: https://goo.su/MzhR9?NRa=myFo3qXSdY
Cookie: XSRF-TOKEN=eyJpdiI6Imhhc3N2d1NtQytFTVJ5UGM2cDdRQ2c9PSIsInZhbHVlIjoiYXMxWFVKZzYzQ1dOa3NPd2o1UHozV0dLUkpWdlBaMFJKbFh3SjJrWWJVREdHMXluUXRWRWpDUDRQSFI0YmFabWMzYlVTazJxYjRSdnNSVUtyYVdQYm1rVURGSkVkaFlJU2ppQ2F4L3FUN2M4Z3Z0SmROOCthY2ZkWWpna3FjMjEiLCJtYWMiOiIxYWJmNmMwYTJjMjVlZGUwNmJhN2JjOGI5Mzc0ZTcwZDQyMGIyMmJlZTRkODNmMTI2MzRhZTExYmQ3MGFmMDg3IiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6IjVxSU5GLzZwVDdLc3diMFlnOWpDblE9PSIsInZhbHVlIjoiNUJVWVVybnJMai9KUFJieEZXZklvMHZ6bm9rekxxWVk4Qk0xZ0I1d2ZoTGZhUGQ1MzhHbkdQK1gzWHBkTHp0bDFjWFJGRGFpNGI5ZnVGSEZMSTM0Y1NZcGZwZ2Q4N1d3TkVELzNwSm5iT0FtTzlyTm9nME51STZsNFdRZWdLUjYiLCJtYWMiOiJiN2Y2NTJmNTBlMWI3OTQ0NWMxOTU2MmU1MDhlZjk5MmQyZjI0YTIwNTE4NjYyZTJkN2Q0NWM5MTg1Y2U2YzRkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 19 Apr 2024 10:28:55 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=YXZma9g3GVYJP8DB7oCVZGtnnHgFkBJ0DVTN2s5ptok-1713522535-1.0.1.1-X3l80xA9wYYu87f0fuAI9qjuu2ZwgNpAyjZhXAW8UZrEKoM3uI9ERvTa005SqS4MV.gykJpCN4hVGe9LQ6RFVg; path=/; expires=Sat, 19-Apr-25 10:28:55 GMT; domain=.goo.su; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HUS6SzkecwxEknpa%2FPH3S0xfALrzjuCx4p%2B3Bg0Bgda80KHMG5r4s8mZ8XCKzG17LjfwZKYEQPQh2yRKsBUtQ1lMQLjVE0K%2BN9t647uuc5y9fa9FDsUJORQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876c35e6899a5690-OSL
alt-svc: h3=":443"; ma=86400

st.top100.ru/top100/3.16.3/usability.js

81.19.89.18

200 OK

15 kB

URL GET HTTP/2
st.top100.ru/top100/3.16.3/usability.js
IP
81.19.89.18:443
ASN
#24638 Rambler Internet Holding LLC

Requested by
https://goo.su/MzhR9?NRa=myFo3qXSdY
Certificate
IssuerGlobalSign nv-sa
Subject*.top100.ru
Fingerprint67:1D:AC:E1:B4:A0:6A:53:F1:28:8C:9E:68:9F:77:67:A2:55:01:F3
ValidityWed, 14 Feb 2024 08:25:42 GMT - Mon, 17 Mar 2025 08:25:41 GMT

File type
JavaScript source, ASCII text, with very long lines (14616), with no line terminators
Size
15 kB (14616 bytes)
Hash
c36ada7e993bed0165b7127d977750fa
3011b0e6a7f6a2ec824749fe03fa2b6304bcb13a
537f802bd41188561b805388b1e77b7aa64cdaa6937dd376319d56f7a26f06d5

HTTP Headers

GET /top100/3.16.3/usability.js HTTP/1.1
Host: st.top100.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 10:28:55 GMT
content-type: application/javascript
vary: Accept-Encoding
x-obs-request-id: 0000018EF5DF498AA0046AE74E4FD5A8
etag: W/"c36ada7e993bed0165b7127d977750fa"
last-modified: Thu, 11 Apr 2024 09:09:15 GMT
x-obs-meta-s3cmd-attrs: atime:1712825941/ctime:1712825934/gid:0/gname:root/md5:c36ada7e993bed0165b7127d977750fa/mode:33188/mtime:1712825931/uid:0/uname:root
x-obs-tagging-count: 0
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSfz9uDgxSBau5SOg7tq2s7PhqUcv8oN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
set-cookie: proto_uid=1CIAAGdHImbYTj+PAV4B8QB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/
p3p: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open%20Sans:400&display=swap

142.250.74.106

200 OK

6.0 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Open%20Sans:400&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://goo.su/MzhR9?NRa=myFo3qXSdY
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
ASCII text, with very long lines (6096), with no line terminators
Size
6.0 kB (5996 bytes)
Hash
7e18a097b51eb70d0d781735844b6897
bee01b4d68b934b8a85650c2edd6e0b51fd961b8
4eadd38b698cc5058bc6909316f68e23ad7784bcde595476b27b47a652ff83f0

HTTP Headers

GET /css?family=Open%20Sans:400&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 19 Apr 2024 10:28:55 GMT
date: Fri, 19 Apr 2024 10:28:55 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

goo.su/MzhR9?NRa=myFo3qXSdY

104.21.38.221

200 OK

21 kB

URL User Request GET HTTP/2
goo.su/MzhR9?NRa=myFo3qXSdY
IP
104.21.38.221:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectgoo.su
FingerprintDE:C6:4D:AF:DC:06:3A:ED:C6:AF:B6:FD:D7:3A:E7:C4:A6:AB:A2:60
ValidityMon, 01 Apr 2024 06:02:27 GMT - Sun, 30 Jun 2024 06:02:26 GMT

File type

Size
21 kB (20797 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /MzhR9?NRa=myFo3qXSdY HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 19 Apr 2024 10:28:54 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/8.2.13
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6Imhhc3N2d1NtQytFTVJ5UGM2cDdRQ2c9PSIsInZhbHVlIjoiYXMxWFVKZzYzQ1dOa3NPd2o1UHozV0dLUkpWdlBaMFJKbFh3SjJrWWJVREdHMXluUXRWRWpDUDRQSFI0YmFabWMzYlVTazJxYjRSdnNSVUtyYVdQYm1rVURGSkVkaFlJU2ppQ2F4L3FUN2M4Z3Z0SmROOCthY2ZkWWpna3FjMjEiLCJtYWMiOiIxYWJmNmMwYTJjMjVlZGUwNmJhN2JjOGI5Mzc0ZTcwZDQyMGIyMmJlZTRkODNmMTI2MzRhZTExYmQ3MGFmMDg3IiwidGFnIjoiIn0%3D; expires=Sat, 20 Apr 2024 05:08:54 GMT; Max-Age=67200; path=/; secure; samesite=lax
goosu_session=eyJpdiI6IjVxSU5GLzZwVDdLc3diMFlnOWpDblE9PSIsInZhbHVlIjoiNUJVWVVybnJMai9KUFJieEZXZklvMHZ6bm9rekxxWVk4Qk0xZ0I1d2ZoTGZhUGQ1MzhHbkdQK1gzWHBkTHp0bDFjWFJGRGFpNGI5ZnVGSEZMSTM0Y1NZcGZwZ2Q4N1d3TkVELzNwSm5iT0FtTzlyTm9nME51STZsNFdRZWdLUjYiLCJtYWMiOiJiN2Y2NTJmNTBlMWI3OTQ0NWMxOTU2MmU1MDhlZjk5MmQyZjI0YTIwNTE4NjYyZTJkN2Q0NWM5MTg1Y2U2YzRkIiwidGFnIjoiIn0%3D; expires=Sat, 20 Apr 2024 05:08:54 GMT; Max-Age=67200; path=/; httponly; samesite=lax
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t76a3hsB%2FoFHAgdNmylSPYOiyvPZTJOH9tsSV%2FuotE%2BRS03PhzFzrMadTJjRCaV1qoAtufykcwHYiK3bJaNlNEKwz7Fd8NMlCHBWZEkEZL3oFpFgemihAyA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876c35e18b04b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

Observations

Hash

HTTP Transactions (18)

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP