| goo.su/frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb5 | 104.21.38.221 | 200 OK | 32 kB |
URL GET HTTP/3goo.su/frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb5 IP104.21.38.221:443
Requested byhttps://goo.su/MzhR9?NRa=myFo3qXSdY CertificateIssuerGoogle Trust Services LLC Subjectgoo.su FingerprintDE:C6:4D:AF:DC:06:3A:ED:C6:AF:B6:FD:D7:3A:E7:C4:A6:AB:A2:60 ValidityMon, 01 Apr 2024 06:02:27 GMT - Sun, 30 Jun 2024 06:02:26 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65534), with no line terminators Hashf152f828206d2cf93e62818f9504e023 182c57654b3f05537cd722545f8d8dd99a8e2652 237a9a5d407ec860020474b01d73aaf1ca71ba2519c8ca92dba2ec81cf479d0b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb5 HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/MzhR9?NRa=myFo3qXSdY
Cookie: XSRF-TOKEN=eyJpdiI6Imhhc3N2d1NtQytFTVJ5UGM2cDdRQ2c9PSIsInZhbHVlIjoiYXMxWFVKZzYzQ1dOa3NPd2o1UHozV0dLUkpWdlBaMFJKbFh3SjJrWWJVREdHMXluUXRWRWpDUDRQSFI0YmFabWMzYlVTazJxYjRSdnNSVUtyYVdQYm1rVURGSkVkaFlJU2ppQ2F4L3FUN2M4Z3Z0SmROOCthY2ZkWWpna3FjMjEiLCJtYWMiOiIxYWJmNmMwYTJjMjVlZGUwNmJhN2JjOGI5Mzc0ZTcwZDQyMGIyMmJlZTRkODNmMTI2MzRhZTExYmQ3MGFmMDg3IiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6IjVxSU5GLzZwVDdLc3diMFlnOWpDblE9PSIsInZhbHVlIjoiNUJVWVVybnJMai9KUFJieEZXZklvMHZ6bm9rekxxWVk4Qk0xZ0I1d2ZoTGZhUGQ1MzhHbkdQK1gzWHBkTHp0bDFjWFJGRGFpNGI5ZnVGSEZMSTM0Y1NZcGZwZ2Q4N1d3TkVELzNwSm5iT0FtTzlyTm9nME51STZsNFdRZWdLUjYiLCJtYWMiOiJiN2Y2NTJmNTBlMWI3OTQ0NWMxOTU2MmU1MDhlZjk5MmQyZjI0YTIwNTE4NjYyZTJkN2Q0NWM5MTg1Y2U2YzRkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 19 Apr 2024 10:28:54 GMT
content-type: application/javascript
cache-control: max-age=604800
cf-bgj: minify
cf-polished: origSize=87787
etag: W/"65896ec2-156eb"
expires: Wed, 24 Apr 2024 18:08:34 GMT
last-modified: Mon, 25 Dec 2023 12:00:02 GMT
cf-cache-status: HIT
age: 145220
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P9qalzbw%2F%2FxxEt%2Bmep%2FS8nGoCt20O%2B2sK%2F7bhW%2B1RK3yb7pek%2FLF8D1C8DCbPXvk5e5a1sXNYPTEgSfnjpXvcftFs5HnA5KrMsYVsF%2FTGz2U7zCETdQDj5I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876c35e39ea25690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| enduresopens.com/ttkXIvunodY/69489 | 23.109.170.73 | 200 OK | 25 B |
URL GET HTTP/1.1enduresopens.com/ttkXIvunodY/69489 IP23.109.170.73:443
Requested byhttps://goo.su/MzhR9?NRa=myFo3qXSdY CertificateIssuerLet's Encrypt Subjectenduresopens.com FingerprintC4:F1:82:55:01:80:DE:E4:BA:76:D0:1C:20:FC:58:30:9D:43:C0:2B ValidityMon, 25 Mar 2024 23:51:07 GMT - Sun, 23 Jun 2024 23:51:06 GMT
File typeASCII text, with no line terminators Hashf7a2939527fd9e68723da600e96d76bd a9e717b6364d2895ee0a716050db32ca0ef1bb42 d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ttkXIvunodY/69489 HTTP/1.1
Host: enduresopens.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 19 Apr 2024 10:28:55 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://goo.su
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sat, 20-Apr-2024 10:28:55 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Sat, 20-Apr-2024 10:28:55 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| goo.su/cdn-cgi/challenge-platform/scripts/jsd/main.js | 104.21.38.221 | 302 Found | 0 B |
URL GET HTTP/3goo.su/cdn-cgi/challenge-platform/scripts/jsd/main.js IP104.21.38.221:443
Requested byhttps://goo.su/MzhR9?NRa=myFo3qXSdY CertificateIssuerGoogle Trust Services LLC Subjectgoo.su FingerprintDE:C6:4D:AF:DC:06:3A:ED:C6:AF:B6:FD:D7:3A:E7:C4:A6:AB:A2:60 ValidityMon, 01 Apr 2024 06:02:27 GMT - Sun, 30 Jun 2024 06:02:26 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Imhhc3N2d1NtQytFTVJ5UGM2cDdRQ2c9PSIsInZhbHVlIjoiYXMxWFVKZzYzQ1dOa3NPd2o1UHozV0dLUkpWdlBaMFJKbFh3SjJrWWJVREdHMXluUXRWRWpDUDRQSFI0YmFabWMzYlVTazJxYjRSdnNSVUtyYVdQYm1rVURGSkVkaFlJU2ppQ2F4L3FUN2M4Z3Z0SmROOCthY2ZkWWpna3FjMjEiLCJtYWMiOiIxYWJmNmMwYTJjMjVlZGUwNmJhN2JjOGI5Mzc0ZTcwZDQyMGIyMmJlZTRkODNmMTI2MzRhZTExYmQ3MGFmMDg3IiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6IjVxSU5GLzZwVDdLc3diMFlnOWpDblE9PSIsInZhbHVlIjoiNUJVWVVybnJMai9KUFJieEZXZklvMHZ6bm9rekxxWVk4Qk0xZ0I1d2ZoTGZhUGQ1MzhHbkdQK1gzWHBkTHp0bDFjWFJGRGFpNGI5ZnVGSEZMSTM0Y1NZcGZwZ2Q4N1d3TkVELzNwSm5iT0FtTzlyTm9nME51STZsNFdRZWdLUjYiLCJtYWMiOiJiN2Y2NTJmNTBlMWI3OTQ0NWMxOTU2MmU1MDhlZjk5MmQyZjI0YTIwNTE4NjYyZTJkN2Q0NWM5MTg1Y2U2YzRkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
date: Fri, 19 Apr 2024 10:28:55 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, public
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UZe0ukedjPgNPBVtBV6CcXAkDH0qmu6ZSgOrgAyFOyJEZI6O%2Bz%2B7yHHPCVEQ5xGf%2FNKIyxDk8W3L8WnZ7XE8hjqKnIw%2B3%2FdGvIMZ%2Bccihf3CnjGdNVYyh7I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876c35e578885690-OSL
alt-svc: h3=":443"; ma=86400
|
|
| goo.su/cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js | 104.21.38.221 | 200 OK | 4.2 kB |
URL GET HTTP/3goo.su/cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js IP104.21.38.221:443
Requested byhttps://goo.su/MzhR9?NRa=myFo3qXSdY CertificateIssuerGoogle Trust Services LLC Subjectgoo.su FingerprintDE:C6:4D:AF:DC:06:3A:ED:C6:AF:B6:FD:D7:3A:E7:C4:A6:AB:A2:60 ValidityMon, 01 Apr 2024 06:02:27 GMT - Sun, 30 Jun 2024 06:02:26 GMT
File typeJavaScript source, ASCII text, with very long lines (7824), with no line terminators Hash58dad5eb5ad1adb04b9554165e8391d7 0f09bfcbae5d9086323ff7f5d332ba43aa332e52 f83a43dc9222934e8cd0efa4fe4f548aa1787dfad62de61b0e38bf47528f6725
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Imhhc3N2d1NtQytFTVJ5UGM2cDdRQ2c9PSIsInZhbHVlIjoiYXMxWFVKZzYzQ1dOa3NPd2o1UHozV0dLUkpWdlBaMFJKbFh3SjJrWWJVREdHMXluUXRWRWpDUDRQSFI0YmFabWMzYlVTazJxYjRSdnNSVUtyYVdQYm1rVURGSkVkaFlJU2ppQ2F4L3FUN2M4Z3Z0SmROOCthY2ZkWWpna3FjMjEiLCJtYWMiOiIxYWJmNmMwYTJjMjVlZGUwNmJhN2JjOGI5Mzc0ZTcwZDQyMGIyMmJlZTRkODNmMTI2MzRhZTExYmQ3MGFmMDg3IiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6IjVxSU5GLzZwVDdLc3diMFlnOWpDblE9PSIsInZhbHVlIjoiNUJVWVVybnJMai9KUFJieEZXZklvMHZ6bm9rekxxWVk4Qk0xZ0I1d2ZoTGZhUGQ1MzhHbkdQK1gzWHBkTHp0bDFjWFJGRGFpNGI5ZnVGSEZMSTM0Y1NZcGZwZ2Q4N1d3TkVELzNwSm5iT0FtTzlyTm9nME51STZsNFdRZWdLUjYiLCJtYWMiOiJiN2Y2NTJmNTBlMWI3OTQ0NWMxOTU2MmU1MDhlZjk5MmQyZjI0YTIwNTE4NjYyZTJkN2Q0NWM5MTg1Y2U2YzRkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 19 Apr 2024 10:28:55 GMT
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
vary: accept-encoding
content-encoding: br
cache-control: max-age=14400, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OZ%2BKCCuRIye%2FSMpVzZVMmedHQmXlwJd%2BNukWVarZfRt%2B75znEV58PdEnnGsAVx2h7G4SoZuIUuwh%2FZmKgL1TUPUPFxWpcSd%2FDNTGf3e8pJlWVOY6IbrD83Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876c35e5889c5690-OSL
alt-svc: h3=":443"; ma=86400
|
|
| fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 | 216.58.207.227 | 200 OK | 19 kB |
URL GET HTTP/2fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 IP216.58.207.227:443
Requested byhttps://goo.su/MzhR9?NRa=myFo3qXSdY CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 18668, version 1.0 Hash8655d20bbcc8cdbfab17b6be6cf55df3 90edbfa9a7dabb185487b4774076f82eb6412270 e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6
GET /s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://goo.su
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18668
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:34:50 GMT
expires: Fri, 18 Apr 2025 02:34:50 GMT
cache-control: public, max-age=31536000
age: 114845
last-modified: Thu, 14 Dec 2023 02:00:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP216.58.207.227:443
Requested byhttps://goo.su/MzhR9?NRa=myFo3qXSdY CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0 Hash15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://goo.su
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 16:27:38 GMT
expires: Wed, 16 Apr 2025 16:27:38 GMT
cache-control: public, max-age=31536000
age: 237677
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33 | 109.200.199.110 | 200 OK | 36 kB |
URL GET HTTP/2richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33 IP109.200.199.110:443
Requested byhttps://goo.su/MzhR9?NRa=myFo3qXSdY CertificateIssuerLet's Encrypt Subjectrichinfo.co Fingerprint25:29:37:EE:41:C6:34:D2:D5:4C:10:A7:3F:D7:C5:E4:2E:7D:3B:2D ValidityMon, 25 Mar 2024 13:05:17 GMT - Sun, 23 Jun 2024 13:05:16 GMT
File typegzip compressed data, from Unix Hash148878813f5abd96ab3243139022ae55 83079999dffcd411136a4e5f2e6531c88250228b b02a81193ecf9739397f6cfdf8d99b6479f28da153b142a7e6464818d2d4dfe8
GET /richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33 HTTP/1.1
Host: richinfo.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: openresty/1.21.4.1
date: Fri, 19 Apr 2024 10:28:55 GMT
content-type: application/x-javascript
x-amz-id-2: GL+EBomTi8S3EPCVOxNPQKsOBcc4FrBZvwzrlTQXxy298W5g4aCSd5HqqDV9SM9n8+60Qpy+ScE=
x-amz-request-id: 787GM6GQ78VK0NCW
last-modified: Wed, 10 Apr 2024 13:16:50 GMT
etag: W/"48e0c66e13f063ffe401a275add23665"
x-amz-server-side-encryption: AES256
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Roboto:400&display=swap | 142.250.74.106 | 200 OK | 580 B |
URL GET HTTP/2fonts.googleapis.com/css?family=Roboto:400&display=swap IP142.250.74.106:443
Requested byhttps://goo.su/MzhR9?NRa=myFo3qXSdY CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
Hashddfffa73a3ad101de750962d005d7037 4c82d80e86b6562baf0ab94a56be20c44b4f6f47 838e680ca964a26c94665951577f3f0902ef54de2ee063d3465f22945dc44afa
GET /css?family=Roboto:400&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 19 Apr 2024 10:28:55 GMT
date: Fri, 19 Apr 2024 10:28:55 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| st.top100.ru/top100/top100.js | 81.19.89.18 | 200 OK | 50 kB |
URL GET HTTP/2st.top100.ru/top100/top100.js IP81.19.89.18:443 ASN#24638 Rambler Internet Holding LLC
Requested byhttps://goo.su/MzhR9?NRa=myFo3qXSdY CertificateIssuerGlobalSign nv-sa Subject*.top100.ru Fingerprint67:1D:AC:E1:B4:A0:6A:53:F1:28:8C:9E:68:9F:77:67:A2:55:01:F3 ValidityWed, 14 Feb 2024 08:25:42 GMT - Mon, 17 Mar 2025 08:25:41 GMT
File typegzip compressed data, from Unix Hash555f829773aca2e3bcb3aa5214bfac46 f256d2a2ff946b6b2494df9e90314f1433f8af9a 266825671848f271c10499ee6c9cba81d4e65d3d987f6df680550e54ee56844b
GET /top100/top100.js HTTP/1.1
Host: st.top100.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 10:28:55 GMT
content-type: application/javascript
vary: Accept-Encoding
x-obs-request-id: 0000018EF5DDEDA2A80522F30913EF6A
etag: W/"b98a11c666d493857a7cc44ed3c02bdf"
last-modified: Thu, 11 Apr 2024 09:09:15 GMT
x-obs-meta-s3cmd-attrs: atime:1712825941/ctime:1712825934/gid:0/gname:root/md5:b98a11c666d493857a7cc44ed3c02bdf/mode:33188/mtime:1712825931/uid:0/uname:root
x-obs-tagging-count: 0
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSGcSU3BghciJy1XOM2Ft7GkMlaB4dFd
expires: Fri, 19 Apr 2024 11:28:55 GMT
cache-control: max-age=3600
set-cookie: proto_uid=1CIAAGdHImbYTj+PAU4B8QB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/
p3p: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| goo.su/img/favicons/favicon-16x16.png | 104.21.38.221 | 200 OK | 1.6 kB |
URL GET HTTP/3goo.su/img/favicons/favicon-16x16.png IP104.21.38.221:443
Requested byhttps://goo.su/MzhR9?NRa=myFo3qXSdY CertificateIssuerGoogle Trust Services LLC Subjectgoo.su FingerprintDE:C6:4D:AF:DC:06:3A:ED:C6:AF:B6:FD:D7:3A:E7:C4:A6:AB:A2:60 ValidityMon, 01 Apr 2024 06:02:27 GMT - Sun, 30 Jun 2024 06:02:26 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hash2b201347b6d90e0ad2bbad3be209db73 ae5de3e7f779cf33aefd5dc738f2126633bb7824 df0a5932ec719656fd8f147bcc0c14312e53e52c2df13f5f815d72833de9c852
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/favicons/favicon-16x16.png HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/MzhR9?NRa=myFo3qXSdY
Cookie: XSRF-TOKEN=eyJpdiI6Imhhc3N2d1NtQytFTVJ5UGM2cDdRQ2c9PSIsInZhbHVlIjoiYXMxWFVKZzYzQ1dOa3NPd2o1UHozV0dLUkpWdlBaMFJKbFh3SjJrWWJVREdHMXluUXRWRWpDUDRQSFI0YmFabWMzYlVTazJxYjRSdnNSVUtyYVdQYm1rVURGSkVkaFlJU2ppQ2F4L3FUN2M4Z3Z0SmROOCthY2ZkWWpna3FjMjEiLCJtYWMiOiIxYWJmNmMwYTJjMjVlZGUwNmJhN2JjOGI5Mzc0ZTcwZDQyMGIyMmJlZTRkODNmMTI2MzRhZTExYmQ3MGFmMDg3IiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6IjVxSU5GLzZwVDdLc3diMFlnOWpDblE9PSIsInZhbHVlIjoiNUJVWVVybnJMai9KUFJieEZXZklvMHZ6bm9rekxxWVk4Qk0xZ0I1d2ZoTGZhUGQ1MzhHbkdQK1gzWHBkTHp0bDFjWFJGRGFpNGI5ZnVGSEZMSTM0Y1NZcGZwZ2Q4N1d3TkVELzNwSm5iT0FtTzlyTm9nME51STZsNFdRZWdLUjYiLCJtYWMiOiJiN2Y2NTJmNTBlMWI3OTQ0NWMxOTU2MmU1MDhlZjk5MmQyZjI0YTIwNTE4NjYyZTJkN2Q0NWM5MTg1Y2U2YzRkIiwidGFnIjoiIn0%3D; cf_clearance=YXZma9g3GVYJP8DB7oCVZGtnnHgFkBJ0DVTN2s5ptok-1713522535-1.0.1.1-X3l80xA9wYYu87f0fuAI9qjuu2ZwgNpAyjZhXAW8UZrEKoM3uI9ERvTa005SqS4MV.gykJpCN4hVGe9LQ6RFVg; adtech_uid=5b163e75-bdf5-4b8d-90fc-69c4a54b9299%3Agoo.su; top100_id=t1.6673155.1350132502.1713522535593; t3_sid_6673155=s1.1979281682.1713522535594.1713522535594.1.1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 19 Apr 2024 10:28:55 GMT
content-type: image/png
content-length: 1567
last-modified: Sun, 24 Dec 2023 16:31:41 GMT
etag: "65885ced-61f"
expires: Tue, 23 Apr 2024 17:48:03 GMT
cache-control: max-age=604800
cf-cache-status: HIT
age: 232852
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cVPh%2FKSn0%2F8Q2YU9V1GSp2trE7UIEB9DNntUlFVpwZzY8VvJu7rxGZgJV5Vxfsceyy0R1x4S6Mr5leLGrxlAPjja1T9GPrgGH7xXkeDfo3%2FoIzLkJVe2xjk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876c35e8cb9f5690-OSL
alt-svc: h3=":443"; ma=86400
|
|
| rtb.pushdom.co/pb/st?sctp=content-locker&m=ht&pid=883146&sid=330256&dm=goo.su&c1=https&c2=1&c3=https://rtb.pushdom.co/pb/st | 31.204.132.208 | 200 OK | 0 B |
URL GET HTTP/2rtb.pushdom.co/pb/st?sctp=content-locker&m=ht&pid=883146&sid=330256&dm=goo.su&c1=https&c2=1&c3=https://rtb.pushdom.co/pb/st IP31.204.132.208:443
Requested byhttps://goo.su/MzhR9?NRa=myFo3qXSdY CertificateIssuerLet's Encrypt Subjectrtb.pushdom.co Fingerprint12:C4:C5:EF:24:BE:28:31:C7:C1:45:E0:0F:F3:7E:9C:7F:5E:3E:30 ValidityMon, 01 Apr 2024 18:28:04 GMT - Sun, 30 Jun 2024 18:28:03 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pb/st?sctp=content-locker&m=ht&pid=883146&sid=330256&dm=goo.su&c1=https&c2=1&c3=https://rtb.pushdom.co/pb/st HTTP/1.1
Host: rtb.pushdom.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: openresty/1.21.4.1
date: Fri, 19 Apr 2024 10:28:56 GMT
content-type: text/html;charset=UTF-8
content-length: 0
X-Firefox-Spdy: h2
|
|
| slneksmtosyjoeh.buzz/einks5 | 91.92.243.37 | 404 Not Found | 9 B |
URL User Request GET HTTP/1.1slneksmtosyjoeh.buzz/einks5 IP91.92.243.37:443
CertificateIssuerLet's Encrypt Subjectslneksmtosyjoeh.buzz FingerprintBE:06:FD:AF:6C:BA:80:07:D2:46:0F:6F:65:AF:24:43:ED:E9:19:A0 ValidityFri, 19 Apr 2024 06:54:07 GMT - Thu, 18 Jul 2024 06:54:06 GMT
File typeASCII text, with no line terminators Hash9d1ead73e678fa2f51a70a933b0bf017 d205cbd6783332a212c5ae92d73c77178c2d2f28 0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5
GET /einks5 HTTP/1.1
Host: slneksmtosyjoeh.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx/1.24.0
Date: Fri, 19 Apr 2024 10:29:00 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 9
Connection: keep-alive
Access-Control-Allow-Origin: *
ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
|
|
| slneksmtosyjoeh.buzz/favicon.ico | 91.92.243.37 | 404 Not Found | 9 B |
URL GET HTTP/1.1slneksmtosyjoeh.buzz/favicon.ico IP91.92.243.37:443
Requested byhttps://slneksmtosyjoeh.buzz/einks5 CertificateIssuerLet's Encrypt Subjectslneksmtosyjoeh.buzz FingerprintBE:06:FD:AF:6C:BA:80:07:D2:46:0F:6F:65:AF:24:43:ED:E9:19:A0 ValidityFri, 19 Apr 2024 06:54:07 GMT - Thu, 18 Jul 2024 06:54:06 GMT
File typeASCII text, with no line terminators Hash9d1ead73e678fa2f51a70a933b0bf017 d205cbd6783332a212c5ae92d73c77178c2d2f28 0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5
GET /favicon.ico HTTP/1.1
Host: slneksmtosyjoeh.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://slneksmtosyjoeh.buzz/einks5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx/1.24.0
Date: Fri, 19 Apr 2024 10:29:00 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 9
Connection: keep-alive
Access-Control-Allow-Origin: *
ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
|
|
| goo.su/img/favicons/apple-touch-icon.png | 104.21.38.221 | 200 OK | 11 kB |
URL GET HTTP/3goo.su/img/favicons/apple-touch-icon.png IP104.21.38.221:443
Requested byhttps://goo.su/MzhR9?NRa=myFo3qXSdY CertificateIssuerGoogle Trust Services LLC Subjectgoo.su FingerprintDE:C6:4D:AF:DC:06:3A:ED:C6:AF:B6:FD:D7:3A:E7:C4:A6:AB:A2:60 ValidityMon, 01 Apr 2024 06:02:27 GMT - Sun, 30 Jun 2024 06:02:26 GMT
File typePNG image data, 180 x 180, 8-bit/color RGB, non-interlaced Hashdc1648f034a8879145ce2db071bdc305 28dfdc4f3f97f00e54528685427a83974cb04a81 7c51dc3139a5a8a07e00884f6558ed62511359803bcb4123668b8e0ccab896c7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/favicons/apple-touch-icon.png HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/MzhR9?NRa=myFo3qXSdY
Cookie: XSRF-TOKEN=eyJpdiI6Imhhc3N2d1NtQytFTVJ5UGM2cDdRQ2c9PSIsInZhbHVlIjoiYXMxWFVKZzYzQ1dOa3NPd2o1UHozV0dLUkpWdlBaMFJKbFh3SjJrWWJVREdHMXluUXRWRWpDUDRQSFI0YmFabWMzYlVTazJxYjRSdnNSVUtyYVdQYm1rVURGSkVkaFlJU2ppQ2F4L3FUN2M4Z3Z0SmROOCthY2ZkWWpna3FjMjEiLCJtYWMiOiIxYWJmNmMwYTJjMjVlZGUwNmJhN2JjOGI5Mzc0ZTcwZDQyMGIyMmJlZTRkODNmMTI2MzRhZTExYmQ3MGFmMDg3IiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6IjVxSU5GLzZwVDdLc3diMFlnOWpDblE9PSIsInZhbHVlIjoiNUJVWVVybnJMai9KUFJieEZXZklvMHZ6bm9rekxxWVk4Qk0xZ0I1d2ZoTGZhUGQ1MzhHbkdQK1gzWHBkTHp0bDFjWFJGRGFpNGI5ZnVGSEZMSTM0Y1NZcGZwZ2Q4N1d3TkVELzNwSm5iT0FtTzlyTm9nME51STZsNFdRZWdLUjYiLCJtYWMiOiJiN2Y2NTJmNTBlMWI3OTQ0NWMxOTU2MmU1MDhlZjk5MmQyZjI0YTIwNTE4NjYyZTJkN2Q0NWM5MTg1Y2U2YzRkIiwidGFnIjoiIn0%3D; cf_clearance=YXZma9g3GVYJP8DB7oCVZGtnnHgFkBJ0DVTN2s5ptok-1713522535-1.0.1.1-X3l80xA9wYYu87f0fuAI9qjuu2ZwgNpAyjZhXAW8UZrEKoM3uI9ERvTa005SqS4MV.gykJpCN4hVGe9LQ6RFVg; adtech_uid=5b163e75-bdf5-4b8d-90fc-69c4a54b9299%3Agoo.su; top100_id=t1.6673155.1350132502.1713522535593; t3_sid_6673155=s1.1979281682.1713522535594.1713522535594.1.1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 19 Apr 2024 10:28:55 GMT
content-type: image/png
content-length: 10926
last-modified: Sun, 24 Dec 2023 16:31:41 GMT
etag: "65885ced-2aae"
expires: Fri, 19 Apr 2024 14:06:25 GMT
cache-control: max-age=604800
cf-cache-status: HIT
age: 591750
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MRZJcvzr0UAnnpMdPgIH9TfxD0JeECZOpVkYkTbVRLcgxlBuK%2BM16h1cU%2BCLk8uwZVFJgmesCYd6hWQ%2F0v8C%2BBCDlMXfjlDnFkhTQCtkim8og62XA01rte8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876c35e8cb9e5690-OSL
alt-svc: h3=":443"; ma=86400
|
|
| goo.su/cdn-cgi/challenge-platform/h/g/jsd/r/876c35e18b04b4f9 | 104.21.38.221 | 200 OK | 0 B |
URL POST HTTP/3goo.su/cdn-cgi/challenge-platform/h/g/jsd/r/876c35e18b04b4f9 IP104.21.38.221:443
Requested byhttps://goo.su/MzhR9?NRa=myFo3qXSdY CertificateIssuerGoogle Trust Services LLC Subjectgoo.su FingerprintDE:C6:4D:AF:DC:06:3A:ED:C6:AF:B6:FD:D7:3A:E7:C4:A6:AB:A2:60 ValidityMon, 01 Apr 2024 06:02:27 GMT - Sun, 30 Jun 2024 06:02:26 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/jsd/r/876c35e18b04b4f9 HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12156
Origin: https://goo.su
DNT: 1
Connection: keep-alive
Referer: https://goo.su/MzhR9?NRa=myFo3qXSdY
Cookie: XSRF-TOKEN=eyJpdiI6Imhhc3N2d1NtQytFTVJ5UGM2cDdRQ2c9PSIsInZhbHVlIjoiYXMxWFVKZzYzQ1dOa3NPd2o1UHozV0dLUkpWdlBaMFJKbFh3SjJrWWJVREdHMXluUXRWRWpDUDRQSFI0YmFabWMzYlVTazJxYjRSdnNSVUtyYVdQYm1rVURGSkVkaFlJU2ppQ2F4L3FUN2M4Z3Z0SmROOCthY2ZkWWpna3FjMjEiLCJtYWMiOiIxYWJmNmMwYTJjMjVlZGUwNmJhN2JjOGI5Mzc0ZTcwZDQyMGIyMmJlZTRkODNmMTI2MzRhZTExYmQ3MGFmMDg3IiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6IjVxSU5GLzZwVDdLc3diMFlnOWpDblE9PSIsInZhbHVlIjoiNUJVWVVybnJMai9KUFJieEZXZklvMHZ6bm9rekxxWVk4Qk0xZ0I1d2ZoTGZhUGQ1MzhHbkdQK1gzWHBkTHp0bDFjWFJGRGFpNGI5ZnVGSEZMSTM0Y1NZcGZwZ2Q4N1d3TkVELzNwSm5iT0FtTzlyTm9nME51STZsNFdRZWdLUjYiLCJtYWMiOiJiN2Y2NTJmNTBlMWI3OTQ0NWMxOTU2MmU1MDhlZjk5MmQyZjI0YTIwNTE4NjYyZTJkN2Q0NWM5MTg1Y2U2YzRkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 19 Apr 2024 10:28:55 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=YXZma9g3GVYJP8DB7oCVZGtnnHgFkBJ0DVTN2s5ptok-1713522535-1.0.1.1-X3l80xA9wYYu87f0fuAI9qjuu2ZwgNpAyjZhXAW8UZrEKoM3uI9ERvTa005SqS4MV.gykJpCN4hVGe9LQ6RFVg; path=/; expires=Sat, 19-Apr-25 10:28:55 GMT; domain=.goo.su; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HUS6SzkecwxEknpa%2FPH3S0xfALrzjuCx4p%2B3Bg0Bgda80KHMG5r4s8mZ8XCKzG17LjfwZKYEQPQh2yRKsBUtQ1lMQLjVE0K%2BN9t647uuc5y9fa9FDsUJORQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876c35e6899a5690-OSL
alt-svc: h3=":443"; ma=86400
|
|
| st.top100.ru/top100/3.16.3/usability.js | 81.19.89.18 | 200 OK | 15 kB |
URL GET HTTP/2st.top100.ru/top100/3.16.3/usability.js IP81.19.89.18:443 ASN#24638 Rambler Internet Holding LLC
Requested byhttps://goo.su/MzhR9?NRa=myFo3qXSdY CertificateIssuerGlobalSign nv-sa Subject*.top100.ru Fingerprint67:1D:AC:E1:B4:A0:6A:53:F1:28:8C:9E:68:9F:77:67:A2:55:01:F3 ValidityWed, 14 Feb 2024 08:25:42 GMT - Mon, 17 Mar 2025 08:25:41 GMT
File typeJavaScript source, ASCII text, with very long lines (14616), with no line terminators Hashc36ada7e993bed0165b7127d977750fa 3011b0e6a7f6a2ec824749fe03fa2b6304bcb13a 537f802bd41188561b805388b1e77b7aa64cdaa6937dd376319d56f7a26f06d5
GET /top100/3.16.3/usability.js HTTP/1.1
Host: st.top100.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 10:28:55 GMT
content-type: application/javascript
vary: Accept-Encoding
x-obs-request-id: 0000018EF5DF498AA0046AE74E4FD5A8
etag: W/"c36ada7e993bed0165b7127d977750fa"
last-modified: Thu, 11 Apr 2024 09:09:15 GMT
x-obs-meta-s3cmd-attrs: atime:1712825941/ctime:1712825934/gid:0/gname:root/md5:c36ada7e993bed0165b7127d977750fa/mode:33188/mtime:1712825931/uid:0/uname:root
x-obs-tagging-count: 0
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSfz9uDgxSBau5SOg7tq2s7PhqUcv8oN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
set-cookie: proto_uid=1CIAAGdHImbYTj+PAV4B8QB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/
p3p: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Open%20Sans:400&display=swap | 142.250.74.106 | 200 OK | 6.0 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Open%20Sans:400&display=swap IP142.250.74.106:443
Requested byhttps://goo.su/MzhR9?NRa=myFo3qXSdY CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
File typeASCII text, with very long lines (6096), with no line terminators Hash7e18a097b51eb70d0d781735844b6897 bee01b4d68b934b8a85650c2edd6e0b51fd961b8 4eadd38b698cc5058bc6909316f68e23ad7784bcde595476b27b47a652ff83f0
GET /css?family=Open%20Sans:400&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 19 Apr 2024 10:28:55 GMT
date: Fri, 19 Apr 2024 10:28:55 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| goo.su/MzhR9?NRa=myFo3qXSdY | 104.21.38.221 | 200 OK | 21 kB |
URL User Request GET HTTP/2goo.su/MzhR9?NRa=myFo3qXSdY IP104.21.38.221:443
CertificateIssuerGoogle Trust Services LLC Subjectgoo.su FingerprintDE:C6:4D:AF:DC:06:3A:ED:C6:AF:B6:FD:D7:3A:E7:C4:A6:AB:A2:60 ValidityMon, 01 Apr 2024 06:02:27 GMT - Sun, 30 Jun 2024 06:02:26 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /MzhR9?NRa=myFo3qXSdY HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 19 Apr 2024 10:28:54 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/8.2.13
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6Imhhc3N2d1NtQytFTVJ5UGM2cDdRQ2c9PSIsInZhbHVlIjoiYXMxWFVKZzYzQ1dOa3NPd2o1UHozV0dLUkpWdlBaMFJKbFh3SjJrWWJVREdHMXluUXRWRWpDUDRQSFI0YmFabWMzYlVTazJxYjRSdnNSVUtyYVdQYm1rVURGSkVkaFlJU2ppQ2F4L3FUN2M4Z3Z0SmROOCthY2ZkWWpna3FjMjEiLCJtYWMiOiIxYWJmNmMwYTJjMjVlZGUwNmJhN2JjOGI5Mzc0ZTcwZDQyMGIyMmJlZTRkODNmMTI2MzRhZTExYmQ3MGFmMDg3IiwidGFnIjoiIn0%3D; expires=Sat, 20 Apr 2024 05:08:54 GMT; Max-Age=67200; path=/; secure; samesite=lax
goosu_session=eyJpdiI6IjVxSU5GLzZwVDdLc3diMFlnOWpDblE9PSIsInZhbHVlIjoiNUJVWVVybnJMai9KUFJieEZXZklvMHZ6bm9rekxxWVk4Qk0xZ0I1d2ZoTGZhUGQ1MzhHbkdQK1gzWHBkTHp0bDFjWFJGRGFpNGI5ZnVGSEZMSTM0Y1NZcGZwZ2Q4N1d3TkVELzNwSm5iT0FtTzlyTm9nME51STZsNFdRZWdLUjYiLCJtYWMiOiJiN2Y2NTJmNTBlMWI3OTQ0NWMxOTU2MmU1MDhlZjk5MmQyZjI0YTIwNTE4NjYyZTJkN2Q0NWM5MTg1Y2U2YzRkIiwidGFnIjoiIn0%3D; expires=Sat, 20 Apr 2024 05:08:54 GMT; Max-Age=67200; path=/; httponly; samesite=lax
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t76a3hsB%2FoFHAgdNmylSPYOiyvPZTJOH9tsSV%2FuotE%2BRS03PhzFzrMadTJjRCaV1qoAtufykcwHYiK3bJaNlNEKwz7Fd8NMlCHBWZEkEZL3oFpFgemihAyA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876c35e18b04b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|