Report - goo.su/oWpzob

Report Overview

Submitted URL
goo.su/oWpzob
IP
104.21.38.221
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-17 17:40:31
Access
public
Website Title
Redirecting
Final URL
goo.su/oWpzob
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
18

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
rtb.pushdom.co	244282	2018-12-28	2019-01-08	2024-04-17	509 B	158 B	31.204.132.207
st.top100.ru	27374	1999-09-30	2014-03-27	2024-04-15	812 B	58 kB	81.19.89.18
richinfo.co	285236	2019-06-20	2019-06-26	2024-04-14	447 B	97 kB	109.200.199.110
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-17	875 B	5.6 kB	142.250.74.106
enduresopens.com	unknown	2023-08-31	2023-08-31	2024-03-26	399 B	1.5 kB	23.109.170.125
goo.su	377451	2019-06-14	2017-05-12	2024-04-17	7.8 kB	142 kB	172.67.139.105
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-17	1.1 kB	36 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-17	medium	goo.su/oWpzob	Apple Inc.

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-17	medium	enduresopens.com	Sinkholed
2024-04-17	medium	goo.su	Sinkholed
2024-04-17	medium	goo.su	Sinkholed
2024-04-17	medium	goo.su	Sinkholed
2024-04-17	medium	goo.su	Sinkholed
2024-04-17	medium	goo.su	Sinkholed
2024-04-17	medium	goo.su	Sinkholed
2024-04-17	medium	goo.su	Sinkholed

ThreatFox

No alerts detected

JavaScript (16)

	URL	Size	First Seen	Last Seen
	st.top100.ru/top100/top100.js	129 kB	2024-04-13	2024-04-24
Pretty URL st.top100.ru/top100/top100.js IP 81.19.89.18 ASN #24638 Rambler Internet Holding LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-13 19:59:42 Last Seen2024-04-24 09:40:46 Times Seen18 Hash b98a11c666d493857a7cc44ed3c02bdf e2a52ee3110c9e748e3e7ba3dc3ca6d3ad08e2d0 6706963f096d27d26aff3b91d25db1838960c66355b66e3d39663713340e8a2b Loading...

	goo.su/oWpzob	586 B	2023-03-07	2024-04-18
Pretty URL goo.su/oWpzob IP 172.67.139.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:04:54 Last Seen2024-04-18 01:18:03 Times Seen44 Hash 2b380b3e889f216df5c1a02cc5b137f9 f634ca3decc0ae35c3ecc085109423d471fadbb2 516a69de48e4087bf540894064ddcc49d1985f4799ab583fb1a12003af517821 Loading...

	goo.su/oWpzob	586 B	2023-03-07	2024-04-18
Pretty URL goo.su/oWpzob IP 172.67.139.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:04:54 Last Seen2024-04-18 01:18:03 Times Seen44 Hash e843b00692de2f72a9b77637c18329df 849c7da6b5c326356438106ed917adaa8806c6a6 816fdf433e4de91232f983788ac259925547207a34f59fcc35b9a719b4c8fc07 Loading...

	unknown	247 B	2024-04-17	2024-04-17
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-17 19:40:32 Last Seen2024-04-17 19:40:32 Times Seen1 Hash 5edabee2ecfc6e001556893f7b817210 f88c6d78dba4906fffd2072568d9f5e20304984a 08f0f2fcc10932acee0b99e186bb45c76b5efeb988d96220401e579b79477316 Loading...

	richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33	97 kB	2024-04-06	2024-04-28
Pretty URL richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33 IP 109.200.199.110 ASN #49544 i3D.net B.V Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-06 10:11:36 Last Seen2024-04-28 17:27:58 Times Seen9 Hash 48e0c66e13f063ffe401a275add23665 1bb323c0046281baacf09fa4b891a2040721fdab 84887cf8337ccb3b43e39d98601758bf33dea79534abb027f2b9e7bba98e1bff Loading...

	goo.su/oWpzob	1.1 kB	2024-04-17	2024-04-17
Pretty URL goo.su/oWpzob IP 172.67.139.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-17 19:40:32 Last Seen2024-04-17 19:40:32 Times Seen1 Hash 74fdc43d5b01b4b221d29f4cf01744ff bc3cbae00cbcf0814d0935f064c26b9b86507bda ec41b857a9dca94b3aa0f99de465852b8d99e28fc45005014a28f0ee964d39b6 Loading...

	goo.su/oWpzob	622 B	2023-03-07	2024-04-18
Pretty URL goo.su/oWpzob IP 172.67.139.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:04:54 Last Seen2024-04-18 01:18:03 Times Seen50 Hash 6a129b9966ad9370833e0bdb6056c91b eca2659bb27e32e86e02dc3c70b6528d08617d63 12b337f70504184e85b32753b25ae4870675033a4b862d256a10b709ac5d769b Loading...

	unknown	79 B	2023-04-11	2024-04-30
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:38:58 Last Seen2024-04-30 16:51:10 Times Seen125018 Hash aa049e2749b8531cb8f233c2f64fc2b2 b611a5a62c1813ae5b4763378b3a4a565556530a e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2 Loading...

	goo.su/oWpzob	514 B	2023-03-07	2024-04-18
Pretty URL goo.su/oWpzob IP 172.67.139.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:04:54 Last Seen2024-04-18 01:18:03 Times Seen50 Hash db473c0638ca9295f4850801c7a35db2 b7db18f7bc30c96199489c29505fa72c2b1d6338 88a3c541e64d9ddafd066f9d4747a6088cf8255e8c1552b2e8b782e59cd12ee5 Loading...

	goo.su/frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb5	88 kB	2024-01-14	2024-04-30
Pretty URL goo.su/frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb5 IP 172.67.139.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-14 17:40:03 Last Seen2024-04-30 12:51:52 Times Seen28 Hash f152f828206d2cf93e62818f9504e023 182c57654b3f05537cd722545f8d8dd99a8e2652 237a9a5d407ec860020474b01d73aaf1ca71ba2519c8ca92dba2ec81cf479d0b Loading...

	goo.su/cdn-cgi/challenge-platform/scripts/jsd/main.js	7.8 kB	2024-04-17	2024-04-17
Pretty URL goo.su/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 172.67.139.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-17 19:40:32 Last Seen2024-04-17 19:40:32 Times Seen2 Hash 96c7020e7cac974e32e0cfd0bed55281 66ec4cf0b03384a91c93578845b0e874605454cb 93387399f85fe02d0477ea44e9cb2399f671b14adb1185d0f1e214cfd7408fc9 Loading...

	goo.su/oWpzob	861 B	2023-03-07	2024-04-18
Pretty URL goo.su/oWpzob IP 172.67.139.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:04:54 Last Seen2024-04-18 01:18:03 Times Seen50 Hash 10a3a6c66b892d8538eec3608bca22e2 b226797b6cc2481382d7b760b5af97a9a7173689 269f0da0a1250e47ea814800ea6727502fbf6cba510026e23963122b29232035 Loading...

	enduresopens.com/ttkXIvunodY/69489	5 B	2023-03-07	2024-04-30
Pretty URL enduresopens.com/ttkXIvunodY/69489 IP 23.109.170.125 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:39 Last Seen2024-04-30 14:23:16 Times Seen6479 Hash f7a2939527fd9e68723da600e96d76bd a9e717b6364d2895ee0a716050db32ca0ef1bb42 d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a Loading...

	unknown	37 B	2023-04-11	2024-04-30
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:31:25 Last Seen2024-04-30 16:53:36 Times Seen232873 Hash 29d0c84b9d1d8da446a6062c6a840ad9 6d6b3a6065667c7c50d92f3889c85ed65a9ad784 3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1 Loading...

	st.top100.ru/top100/3.16.3/usability.js	15 kB	2024-03-20	2024-04-24
Pretty URL st.top100.ru/top100/3.16.3/usability.js IP 81.19.89.18 ASN #24638 Rambler Internet Holding LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-20 21:49:12 Last Seen2024-04-24 09:40:49 Times Seen36 Hash c36ada7e993bed0165b7127d977750fa 3011b0e6a7f6a2ec824749fe03fa2b6304bcb13a 537f802bd41188561b805388b1e77b7aa64cdaa6937dd376319d56f7a26f06d5 Loading...

		Size	First Seen	Last Seen
	#1 Write - 33c5d58a78b29164e15b139968cfab7b	235 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 19:40:32 Last Seen2024-04-17 19:40:32 Times Seen1 Hash 33c5d58a78b29164e15b139968cfab7b b042787974452098c715110cde05c19d539ce73f 6c0aa36fa62d5029f19be91b83dc9afac4d5a96104db274999b70889e87fbe1a Loading...

HTTP Transactions (16)

URL IP Response Size

fonts.googleapis.com/css?family=Open%20Sans:400&display=swap

142.250.74.106

200 OK

2.0 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Open%20Sans:400&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://goo.su/oWpzob
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
gzip compressed data, max compression
Size
2.0 kB (1984 bytes)
Hash
2d57c71f314514265866e9f9720a0a88
1920746fc585ba0752bb0bfb015fb03d563104e0
0cdd6220add29f73549cd217cb328cf1d53531f7960f9abc7c7562a74f00cdcf

HTTP Headers

GET /css?family=Open%20Sans:400&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 17 Apr 2024 17:40:06 GMT
date: Wed, 17 Apr 2024 17:40:06 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

enduresopens.com/ttkXIvunodY/69489

23.109.170.125

200 OK

25 B

URL GET HTTP/1.1
enduresopens.com/ttkXIvunodY/69489
IP
23.109.170.125:443
ASN
#7979 SERVERS-COM

Requested by
https://goo.su/oWpzob
Certificate
IssuerLet's Encrypt
Subjectenduresopens.com
FingerprintC4:F1:82:55:01:80:DE:E4:BA:76:D0:1C:20:FC:58:30:9D:43:C0:2B
ValidityMon, 25 Mar 2024 23:51:07 GMT - Sun, 23 Jun 2024 23:51:06 GMT

File type
ASCII text, with no line terminators
Size
25 B (25 bytes)
Hash
f7a2939527fd9e68723da600e96d76bd
a9e717b6364d2895ee0a716050db32ca0ef1bb42
d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ttkXIvunodY/69489 HTTP/1.1
Host: enduresopens.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 17 Apr 2024 17:40:06 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://goo.su
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Thu, 18-Apr-2024 17:40:06 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Thu, 18-Apr-2024 17:40:06 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

goo.su/cdn-cgi/challenge-platform/scripts/jsd/main.js

172.67.139.105

302 Found

0 B

URL GET HTTP/3
goo.su/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
172.67.139.105:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goo.su/oWpzob
Certificate
IssuerGoogle Trust Services LLC
Subjectgoo.su
FingerprintDE:C6:4D:AF:DC:06:3A:ED:C6:AF:B6:FD:D7:3A:E7:C4:A6:AB:A2:60
ValidityMon, 01 Apr 2024 06:02:27 GMT - Sun, 30 Jun 2024 06:02:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Iml2bkRMVnY2OFd2eTg1KzUyRHdmRlE9PSIsInZhbHVlIjoibksvZGRuZk83U3VxTUhNVDhPRTl5T2d2M1hNdk5xVnFZdmQ3YlMzWHlYWFdIaXYvTGZhSENtRGVlRzZldjdPS1lZUkU1UHl0UFNWUFhtbnJUME1zNktNb0JMTWgxeW93dkhpNnZTN2FGU1NVTkxsbkltbDdoMWNhWXdjd1ArdkoiLCJtYWMiOiIyZTY4NmQ4MmZjNmUzZDNmYzY1ZGNhMGEyMGUwYzhkNjVkZTMzN2ViZjM0MjkxZTFlYmQ4OTJiMzkzNmRkMTAzIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6ImJKQ0orS214Z2Q5aktuTXZNeW0xK3c9PSIsInZhbHVlIjoieFdscllaTFg3OW1FR1lxTExONXBnbTRXa0kzUmdPZ0VtY3E5NzZNeGw1NXN1UWloMzZKUWpweHBHUlo0aHJQemJjaVBNRHNORUlFVGwvZ3ZkckloS0p4U01hc01IaHZKb0M4ZmQ2SWpqR1NFMG5PL1BSVzI4UzFlOHJZU2t6UmEiLCJtYWMiOiIyNzM1YTI0MzFjMjAwZGNmZGJjMTE1YzQxYzU5MTRiZDFmM2Q4NWUyZDE4YjVlNGU5MmIyYmYyODE2NGRmYzY4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Wed, 17 Apr 2024 17:40:06 GMT
content-length: 0
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js
cache-control: max-age=300, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fQT3pEQnZtkSKdWCwNanWAf84qr3kbcYTVsT9ozk3tDnJVXHjQoGNEs1p34H1hLfrmDCIAq92q8EbNkTWm6RsTorzxaTpZTZaLtb3b0ifT0uodoeN7ZTYio%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875e32c3fca141bc-AMS
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

216.58.207.227

200 OK

19 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://goo.su/oWpzob
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 18668, version 1.0
Size
19 kB (18668 bytes)
Hash
8655d20bbcc8cdbfab17b6be6cf55df3
90edbfa9a7dabb185487b4774076f82eb6412270
e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6

HTTP Headers

GET /s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://goo.su
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18668
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 Apr 2024 02:34:50 GMT
expires: Fri, 11 Apr 2025 02:34:50 GMT
cache-control: public, max-age=31536000
age: 572716
last-modified: Thu, 14 Dec 2023 02:00:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://goo.su/oWpzob
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://goo.su
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 16:27:38 GMT
expires: Wed, 16 Apr 2025 16:27:38 GMT
cache-control: public, max-age=31536000
age: 90748
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

goo.su/cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js

172.67.139.105

200 OK

4.2 kB

URL GET HTTP/3
goo.su/cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js
IP
172.67.139.105:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goo.su/oWpzob
Certificate
IssuerGoogle Trust Services LLC
Subjectgoo.su
FingerprintDE:C6:4D:AF:DC:06:3A:ED:C6:AF:B6:FD:D7:3A:E7:C4:A6:AB:A2:60
ValidityMon, 01 Apr 2024 06:02:27 GMT - Sun, 30 Jun 2024 06:02:26 GMT

File type
JavaScript source, ASCII text, with very long lines (7821), with no line terminators
Size
4.2 kB (4215 bytes)
Hash
96c7020e7cac974e32e0cfd0bed55281
66ec4cf0b03384a91c93578845b0e874605454cb
93387399f85fe02d0477ea44e9cb2399f671b14adb1185d0f1e214cfd7408fc9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Iml2bkRMVnY2OFd2eTg1KzUyRHdmRlE9PSIsInZhbHVlIjoibksvZGRuZk83U3VxTUhNVDhPRTl5T2d2M1hNdk5xVnFZdmQ3YlMzWHlYWFdIaXYvTGZhSENtRGVlRzZldjdPS1lZUkU1UHl0UFNWUFhtbnJUME1zNktNb0JMTWgxeW93dkhpNnZTN2FGU1NVTkxsbkltbDdoMWNhWXdjd1ArdkoiLCJtYWMiOiIyZTY4NmQ4MmZjNmUzZDNmYzY1ZGNhMGEyMGUwYzhkNjVkZTMzN2ViZjM0MjkxZTFlYmQ4OTJiMzkzNmRkMTAzIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6ImJKQ0orS214Z2Q5aktuTXZNeW0xK3c9PSIsInZhbHVlIjoieFdscllaTFg3OW1FR1lxTExONXBnbTRXa0kzUmdPZ0VtY3E5NzZNeGw1NXN1UWloMzZKUWpweHBHUlo0aHJQemJjaVBNRHNORUlFVGwvZ3ZkckloS0p4U01hc01IaHZKb0M4ZmQ2SWpqR1NFMG5PL1BSVzI4UzFlOHJZU2t6UmEiLCJtYWMiOiIyNzM1YTI0MzFjMjAwZGNmZGJjMTE1YzQxYzU5MTRiZDFmM2Q4NWUyZDE4YjVlNGU5MmIyYmYyODE2NGRmYzY4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:40:06 GMT
content-type: application/javascript; charset=UTF-8
content-encoding: br
cache-control: max-age=14400, public
vary: accept-encoding
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c%2BybKL6cBLmcmRi2IV6bDgrK27EUEXeK72E6lRAt%2BNOKTJHuuz1IGDJBYn9Y%2BJFQr9KKt16hCEl9sLR0N%2FgEEkPEEdFWCJ5DhRZ3sV1YE6n4pv6j2%2F%2BWfJM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e32c43ce741bc-AMS
alt-svc: h3=":443"; ma=86400

goo.su/cdn-cgi/challenge-platform/h/g/jsd/r/875e32c06c7341c8

172.67.139.105

200 OK

11 kB

URL POST HTTP/3
goo.su/cdn-cgi/challenge-platform/h/g/jsd/r/875e32c06c7341c8
IP
172.67.139.105:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goo.su/oWpzob
Certificate
IssuerGoogle Trust Services LLC
Subjectgoo.su
FingerprintDE:C6:4D:AF:DC:06:3A:ED:C6:AF:B6:FD:D7:3A:E7:C4:A6:AB:A2:60
ValidityMon, 01 Apr 2024 06:02:27 GMT - Sun, 30 Jun 2024 06:02:26 GMT

File type
data
Size
11 kB (10927 bytes)
Hash
6dafffaa426a13dcb031c4134816a801
a98e52ba8407074583b5fa74f04cb35d5b6b6168
273b35c4706b713f303b9ed42eb667b6800e715e245d34b865176107705dc766

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/jsd/r/875e32c06c7341c8 HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12131
Origin: https://goo.su
DNT: 1
Connection: keep-alive
Referer: https://goo.su/oWpzob
Cookie: XSRF-TOKEN=eyJpdiI6Iml2bkRMVnY2OFd2eTg1KzUyRHdmRlE9PSIsInZhbHVlIjoibksvZGRuZk83U3VxTUhNVDhPRTl5T2d2M1hNdk5xVnFZdmQ3YlMzWHlYWFdIaXYvTGZhSENtRGVlRzZldjdPS1lZUkU1UHl0UFNWUFhtbnJUME1zNktNb0JMTWgxeW93dkhpNnZTN2FGU1NVTkxsbkltbDdoMWNhWXdjd1ArdkoiLCJtYWMiOiIyZTY4NmQ4MmZjNmUzZDNmYzY1ZGNhMGEyMGUwYzhkNjVkZTMzN2ViZjM0MjkxZTFlYmQ4OTJiMzkzNmRkMTAzIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6ImJKQ0orS214Z2Q5aktuTXZNeW0xK3c9PSIsInZhbHVlIjoieFdscllaTFg3OW1FR1lxTExONXBnbTRXa0kzUmdPZ0VtY3E5NzZNeGw1NXN1UWloMzZKUWpweHBHUlo0aHJQemJjaVBNRHNORUlFVGwvZ3ZkckloS0p4U01hc01IaHZKb0M4ZmQ2SWpqR1NFMG5PL1BSVzI4UzFlOHJZU2t6UmEiLCJtYWMiOiIyNzM1YTI0MzFjMjAwZGNmZGJjMTE1YzQxYzU5MTRiZDFmM2Q4NWUyZDE4YjVlNGU5MmIyYmYyODE2NGRmYzY4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:40:06 GMT
content-type: text/plain; charset=UTF-8
set-cookie: cf_clearance=So9OX8jOKynRI7FWd_Gj8JUxFnxL6u4.XrV6RUenuvc-1713375606-1.0.1.1-FPTvZ7oJQxGiWOh1bi5muh8Z3Uh_2RCdRs1iZhRYszazFmaneZ9C0ZdeQwa7PQqEqWVOhxfCPFs9A1T5V2ldcA; path=/; expires=Thu, 17-Apr-25 17:40:06 GMT; domain=.goo.su; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HnyHRQrUkYTIJL4tHPDiTQG1QLIMLrRPjnVUPqiOFwMa2aG2ZPY5axFVa2dXTEccrjaFJdpNjrGb2%2B9s64YKypI90%2F09fPcaVv8Le%2BLUWpkZqjc67GMbCog%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e32c53e5141bc-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400

goo.su/img/favicons/favicon-16x16.png

172.67.139.105

200 OK

1.6 kB

URL GET HTTP/3
goo.su/img/favicons/favicon-16x16.png
IP
172.67.139.105:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goo.su/oWpzob
Certificate
IssuerGoogle Trust Services LLC
Subjectgoo.su
FingerprintDE:C6:4D:AF:DC:06:3A:ED:C6:AF:B6:FD:D7:3A:E7:C4:A6:AB:A2:60
ValidityMon, 01 Apr 2024 06:02:27 GMT - Sun, 30 Jun 2024 06:02:26 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
1.6 kB (1567 bytes)
Hash
2b201347b6d90e0ad2bbad3be209db73
ae5de3e7f779cf33aefd5dc738f2126633bb7824
df0a5932ec719656fd8f147bcc0c14312e53e52c2df13f5f815d72833de9c852

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/favicons/favicon-16x16.png HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/oWpzob
Cookie: XSRF-TOKEN=eyJpdiI6Iml2bkRMVnY2OFd2eTg1KzUyRHdmRlE9PSIsInZhbHVlIjoibksvZGRuZk83U3VxTUhNVDhPRTl5T2d2M1hNdk5xVnFZdmQ3YlMzWHlYWFdIaXYvTGZhSENtRGVlRzZldjdPS1lZUkU1UHl0UFNWUFhtbnJUME1zNktNb0JMTWgxeW93dkhpNnZTN2FGU1NVTkxsbkltbDdoMWNhWXdjd1ArdkoiLCJtYWMiOiIyZTY4NmQ4MmZjNmUzZDNmYzY1ZGNhMGEyMGUwYzhkNjVkZTMzN2ViZjM0MjkxZTFlYmQ4OTJiMzkzNmRkMTAzIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6ImJKQ0orS214Z2Q5aktuTXZNeW0xK3c9PSIsInZhbHVlIjoieFdscllaTFg3OW1FR1lxTExONXBnbTRXa0kzUmdPZ0VtY3E5NzZNeGw1NXN1UWloMzZKUWpweHBHUlo0aHJQemJjaVBNRHNORUlFVGwvZ3ZkckloS0p4U01hc01IaHZKb0M4ZmQ2SWpqR1NFMG5PL1BSVzI4UzFlOHJZU2t6UmEiLCJtYWMiOiIyNzM1YTI0MzFjMjAwZGNmZGJjMTE1YzQxYzU5MTRiZDFmM2Q4NWUyZDE4YjVlNGU5MmIyYmYyODE2NGRmYzY4IiwidGFnIjoiIn0%3D; cf_clearance=So9OX8jOKynRI7FWd_Gj8JUxFnxL6u4.XrV6RUenuvc-1713375606-1.0.1.1-FPTvZ7oJQxGiWOh1bi5muh8Z3Uh_2RCdRs1iZhRYszazFmaneZ9C0ZdeQwa7PQqEqWVOhxfCPFs9A1T5V2ldcA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:40:06 GMT
content-type: image/png
content-length: 1567
last-modified: Sun, 24 Dec 2023 16:31:41 GMT
etag: "65885ced-61f"
expires: Wed, 17 Apr 2024 19:32:52 GMT
cache-control: max-age=604800
cf-cache-status: HIT
age: 598034
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1LQtZIZSdenyzRwM0lobRNhmgZ01Iq59LXQfOdGIKeAV1M5L7r%2FW%2FIJEEG00dJkM1moa6Tv24gZuVhUFK0%2BM8URKlFRKOFN4LW30DR4abeTut5YOTTOtvSQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875e32c5bee841bc-AMS
alt-svc: h3=":443"; ma=86400

rtb.pushdom.co/pb/st?sctp=content-locker&m=ht&pid=883146&sid=330256&dm=goo.su&c1=https&c2=1&c3=https://rtb.pushdom.co/pb/st

31.204.132.207

200 OK

0 B

URL GET HTTP/2
rtb.pushdom.co/pb/st?sctp=content-locker&m=ht&pid=883146&sid=330256&dm=goo.su&c1=https&c2=1&c3=https://rtb.pushdom.co/pb/st
IP
31.204.132.207:443
ASN
#49544 i3D.net B.V

Requested by
https://goo.su/oWpzob
Certificate
IssuerLet's Encrypt
Subjectrtb.pushdom.co
Fingerprint12:C4:C5:EF:24:BE:28:31:C7:C1:45:E0:0F:F3:7E:9C:7F:5E:3E:30
ValidityMon, 01 Apr 2024 18:28:04 GMT - Sun, 30 Jun 2024 18:28:03 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pb/st?sctp=content-locker&m=ht&pid=883146&sid=330256&dm=goo.su&c1=https&c2=1&c3=https://rtb.pushdom.co/pb/st HTTP/1.1
Host: rtb.pushdom.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty/1.21.4.1
date: Wed, 17 Apr 2024 17:40:06 GMT
content-type: text/html;charset=UTF-8
content-length: 0
X-Firefox-Spdy: h2

st.top100.ru/top100/3.16.3/usability.js

81.19.89.18

200 OK

11 kB

URL GET HTTP/2
st.top100.ru/top100/3.16.3/usability.js
IP
81.19.89.18:443
ASN
#24638 Rambler Internet Holding LLC

Requested by
https://goo.su/oWpzob
Certificate
IssuerGlobalSign nv-sa
Subject*.top100.ru
Fingerprint67:1D:AC:E1:B4:A0:6A:53:F1:28:8C:9E:68:9F:77:67:A2:55:01:F3
ValidityWed, 14 Feb 2024 08:25:42 GMT - Mon, 17 Mar 2025 08:25:41 GMT

File type
gzip compressed data, from Unix
Size
11 kB (11360 bytes)
Hash
da2836a94f100576ece01450ef9d11b8
b284d49209ec342bbfd01beaade1b24c07227eb8
6c341bd5bb2fd5e2cea696cfb6b4cc94af2fa027b1006bb58f8647aace556f7e

HTTP Headers

GET /top100/3.16.3/usability.js HTTP/1.1
Host: st.top100.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 17 Apr 2024 17:40:07 GMT
content-type: application/javascript
vary: Accept-Encoding
x-obs-request-id: 0000018EED203282B00669CF03020E3C
etag: W/"c36ada7e993bed0165b7127d977750fa"
last-modified: Thu, 11 Apr 2024 09:09:15 GMT
x-obs-meta-s3cmd-attrs: atime:1712825941/ctime:1712825934/gid:0/gname:root/md5:c36ada7e993bed0165b7127d977750fa/mode:33188/mtime:1712825931/uid:0/uname:root
x-obs-tagging-count: 0
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSAzGhscA40K2HvvkKwyKieR8GdlEcYP
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
set-cookie: proto_uid=1CIAAHcJIGasCyKjAQQ3hgB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/
p3p: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
content-encoding: gzip
X-Firefox-Spdy: h2

st.top100.ru/top100/top100.js

81.19.89.18

200 OK

45 kB

URL GET HTTP/2
st.top100.ru/top100/top100.js
IP
81.19.89.18:443
ASN
#24638 Rambler Internet Holding LLC

Requested by
https://goo.su/oWpzob
Certificate
IssuerGlobalSign nv-sa
Subject*.top100.ru
Fingerprint67:1D:AC:E1:B4:A0:6A:53:F1:28:8C:9E:68:9F:77:67:A2:55:01:F3
ValidityWed, 14 Feb 2024 08:25:42 GMT - Mon, 17 Mar 2025 08:25:41 GMT

File type
gzip compressed data, from Unix
Size
45 kB (44842 bytes)
Hash
aa72ff536327c3b0682d70e77843ac45
cf9f0444348d70a781209eb6b7ad3f8442f84833
033d8f16fdebb391c48c775f1ccb9b5ab35d5f65119c7497a26a2e761c8e38cd

HTTP Headers

GET /top100/top100.js HTTP/1.1
Host: st.top100.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 17 Apr 2024 17:40:06 GMT
content-type: application/javascript
vary: Accept-Encoding
x-obs-request-id: 0000018EED22C29CA804439A00EBD464
etag: W/"b98a11c666d493857a7cc44ed3c02bdf"
last-modified: Thu, 11 Apr 2024 09:09:15 GMT
x-obs-meta-s3cmd-attrs: atime:1712825941/ctime:1712825934/gid:0/gname:root/md5:b98a11c666d493857a7cc44ed3c02bdf/mode:33188/mtime:1712825931/uid:0/uname:root
x-obs-tagging-count: 0
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCS1ix/VhSuThOe8MQyFjSXnZcZtVYrnU
expires: Wed, 17 Apr 2024 18:40:06 GMT
cache-control: max-age=3600
set-cookie: proto_uid=1CIAAHYJIGasCyKjAfw2hgB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/
p3p: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
content-encoding: gzip
X-Firefox-Spdy: h2

goo.su/oWpzob

172.67.139.105

200 OK

21 kB

URL User Request GET HTTP/2
goo.su/oWpzob
IP
172.67.139.105:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectgoo.su
FingerprintDE:C6:4D:AF:DC:06:3A:ED:C6:AF:B6:FD:D7:3A:E7:C4:A6:AB:A2:60
ValidityMon, 01 Apr 2024 06:02:27 GMT - Sun, 30 Jun 2024 06:02:26 GMT

File type

Size
21 kB (20792 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Apple Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /oWpzob HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 17 Apr 2024 17:40:05 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/8.2.13
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6Iml2bkRMVnY2OFd2eTg1KzUyRHdmRlE9PSIsInZhbHVlIjoibksvZGRuZk83U3VxTUhNVDhPRTl5T2d2M1hNdk5xVnFZdmQ3YlMzWHlYWFdIaXYvTGZhSENtRGVlRzZldjdPS1lZUkU1UHl0UFNWUFhtbnJUME1zNktNb0JMTWgxeW93dkhpNnZTN2FGU1NVTkxsbkltbDdoMWNhWXdjd1ArdkoiLCJtYWMiOiIyZTY4NmQ4MmZjNmUzZDNmYzY1ZGNhMGEyMGUwYzhkNjVkZTMzN2ViZjM0MjkxZTFlYmQ4OTJiMzkzNmRkMTAzIiwidGFnIjoiIn0%3D; expires=Thu, 18 Apr 2024 12:20:05 GMT; Max-Age=67200; path=/; secure; samesite=lax
goosu_session=eyJpdiI6ImJKQ0orS214Z2Q5aktuTXZNeW0xK3c9PSIsInZhbHVlIjoieFdscllaTFg3OW1FR1lxTExONXBnbTRXa0kzUmdPZ0VtY3E5NzZNeGw1NXN1UWloMzZKUWpweHBHUlo0aHJQemJjaVBNRHNORUlFVGwvZ3ZkckloS0p4U01hc01IaHZKb0M4ZmQ2SWpqR1NFMG5PL1BSVzI4UzFlOHJZU2t6UmEiLCJtYWMiOiIyNzM1YTI0MzFjMjAwZGNmZGJjMTE1YzQxYzU5MTRiZDFmM2Q4NWUyZDE4YjVlNGU5MmIyYmYyODE2NGRmYzY4IiwidGFnIjoiIn0%3D; expires=Thu, 18 Apr 2024 12:20:05 GMT; Max-Age=67200; path=/; httponly; samesite=lax
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8AyfkMrgS3fuZTmvBonlgdfYgQ2US9BPrtLtJU7YR%2FiseuFd%2Fy6VACZs9WkrnLbcxYkxfFXcz5oyt5HdNjg9GfXJ4qO%2BEACyyb2uQezvFkGIJZf7hOOjxWk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e32c06c7341c8-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

goo.su/frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb5

172.67.139.105

200 OK

88 kB

URL GET HTTP/3
goo.su/frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb5
IP
172.67.139.105:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goo.su/oWpzob
Certificate
IssuerGoogle Trust Services LLC
Subjectgoo.su
FingerprintDE:C6:4D:AF:DC:06:3A:ED:C6:AF:B6:FD:D7:3A:E7:C4:A6:AB:A2:60
ValidityMon, 01 Apr 2024 06:02:27 GMT - Sun, 30 Jun 2024 06:02:26 GMT

File type

Size
88 kB (87784 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb5 HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/oWpzob
Cookie: XSRF-TOKEN=eyJpdiI6Iml2bkRMVnY2OFd2eTg1KzUyRHdmRlE9PSIsInZhbHVlIjoibksvZGRuZk83U3VxTUhNVDhPRTl5T2d2M1hNdk5xVnFZdmQ3YlMzWHlYWFdIaXYvTGZhSENtRGVlRzZldjdPS1lZUkU1UHl0UFNWUFhtbnJUME1zNktNb0JMTWgxeW93dkhpNnZTN2FGU1NVTkxsbkltbDdoMWNhWXdjd1ArdkoiLCJtYWMiOiIyZTY4NmQ4MmZjNmUzZDNmYzY1ZGNhMGEyMGUwYzhkNjVkZTMzN2ViZjM0MjkxZTFlYmQ4OTJiMzkzNmRkMTAzIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6ImJKQ0orS214Z2Q5aktuTXZNeW0xK3c9PSIsInZhbHVlIjoieFdscllaTFg3OW1FR1lxTExONXBnbTRXa0kzUmdPZ0VtY3E5NzZNeGw1NXN1UWloMzZKUWpweHBHUlo0aHJQemJjaVBNRHNORUlFVGwvZ3ZkckloS0p4U01hc01IaHZKb0M4ZmQ2SWpqR1NFMG5PL1BSVzI4UzFlOHJZU2t6UmEiLCJtYWMiOiIyNzM1YTI0MzFjMjAwZGNmZGJjMTE1YzQxYzU5MTRiZDFmM2Q4NWUyZDE4YjVlNGU5MmIyYmYyODE2NGRmYzY4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:40:06 GMT
content-type: application/javascript
cache-control: max-age=604800
cf-bgj: minify
cf-polished: origSize=87787
etag: W/"65896ec2-156eb"
expires: Wed, 17 Apr 2024 18:01:34 GMT
last-modified: Mon, 25 Dec 2023 12:00:02 GMT
cf-cache-status: HIT
age: 603512
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H78mK5hrXwLP9aa72qatmYMSG0lM%2FT%2F4sSPVZMzjakdaetUzzHR%2B%2F3dCuKcKURQSXRBmq0lLPm1OnzJXq7Kis%2B88thoF4t8Ir1nlSC7QRKZtbD83zGGaxec%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875e32c22ab941bc-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400

goo.su/img/favicons/apple-touch-icon.png

172.67.139.105

200 OK

11 kB

URL GET HTTP/3
goo.su/img/favicons/apple-touch-icon.png
IP
172.67.139.105:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goo.su/oWpzob
Certificate
IssuerGoogle Trust Services LLC
Subjectgoo.su
FingerprintDE:C6:4D:AF:DC:06:3A:ED:C6:AF:B6:FD:D7:3A:E7:C4:A6:AB:A2:60
ValidityMon, 01 Apr 2024 06:02:27 GMT - Sun, 30 Jun 2024 06:02:26 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGB, non-interlaced
Size
11 kB (10926 bytes)
Hash
dc1648f034a8879145ce2db071bdc305
28dfdc4f3f97f00e54528685427a83974cb04a81
7c51dc3139a5a8a07e00884f6558ed62511359803bcb4123668b8e0ccab896c7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/favicons/apple-touch-icon.png HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/oWpzob
Cookie: XSRF-TOKEN=eyJpdiI6Iml2bkRMVnY2OFd2eTg1KzUyRHdmRlE9PSIsInZhbHVlIjoibksvZGRuZk83U3VxTUhNVDhPRTl5T2d2M1hNdk5xVnFZdmQ3YlMzWHlYWFdIaXYvTGZhSENtRGVlRzZldjdPS1lZUkU1UHl0UFNWUFhtbnJUME1zNktNb0JMTWgxeW93dkhpNnZTN2FGU1NVTkxsbkltbDdoMWNhWXdjd1ArdkoiLCJtYWMiOiIyZTY4NmQ4MmZjNmUzZDNmYzY1ZGNhMGEyMGUwYzhkNjVkZTMzN2ViZjM0MjkxZTFlYmQ4OTJiMzkzNmRkMTAzIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6ImJKQ0orS214Z2Q5aktuTXZNeW0xK3c9PSIsInZhbHVlIjoieFdscllaTFg3OW1FR1lxTExONXBnbTRXa0kzUmdPZ0VtY3E5NzZNeGw1NXN1UWloMzZKUWpweHBHUlo0aHJQemJjaVBNRHNORUlFVGwvZ3ZkckloS0p4U01hc01IaHZKb0M4ZmQ2SWpqR1NFMG5PL1BSVzI4UzFlOHJZU2t6UmEiLCJtYWMiOiIyNzM1YTI0MzFjMjAwZGNmZGJjMTE1YzQxYzU5MTRiZDFmM2Q4NWUyZDE4YjVlNGU5MmIyYmYyODE2NGRmYzY4IiwidGFnIjoiIn0%3D; cf_clearance=So9OX8jOKynRI7FWd_Gj8JUxFnxL6u4.XrV6RUenuvc-1713375606-1.0.1.1-FPTvZ7oJQxGiWOh1bi5muh8Z3Uh_2RCdRs1iZhRYszazFmaneZ9C0ZdeQwa7PQqEqWVOhxfCPFs9A1T5V2ldcA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:40:06 GMT
content-type: image/png
content-length: 10926
last-modified: Sun, 24 Dec 2023 16:31:41 GMT
etag: "65885ced-2aae"
expires: Wed, 17 Apr 2024 19:26:05 GMT
cache-control: max-age=604800
cf-cache-status: HIT
age: 598441
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3yCfh%2FWIDkntrzvY1h71CNrUGpINb%2Fih82iAf46sEkT9CZi4rDm2ITw0gE30kew1sry3tMCXp%2BHGUINL%2BQF0xSubPm%2BDM6Y%2FEz0BXRRuoGhjxIe4YIFceI4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875e32c5bee541bc-AMS
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css?family=Roboto:400&display=swap

142.250.74.106

200 OK

2.3 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:400&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://goo.su/oWpzob
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
ASCII text, with very long lines (2379), with no line terminators
Size
2.3 kB (2316 bytes)
Hash
03278c047a3192f4a25c4644284d910b
61fc733be8553b3e6d9847d43b4bef84b5ae947d
d5e8a5e5b7bfea2764abadded25ab112a034543a2315c942bb9fd3cbe7ece8fb

HTTP Headers

GET /css?family=Roboto:400&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 17 Apr 2024 17:40:06 GMT
date: Wed, 17 Apr 2024 17:40:06 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33

109.200.199.110

200 OK

97 kB

URL GET HTTP/2
richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33
IP
109.200.199.110:443
ASN
#49544 i3D.net B.V

Requested by
https://goo.su/oWpzob
Certificate
IssuerLet's Encrypt
Subjectrichinfo.co
Fingerprint25:29:37:EE:41:C6:34:D2:D5:4C:10:A7:3F:D7:C5:E4:2E:7D:3B:2D
ValidityMon, 25 Mar 2024 13:05:17 GMT - Sun, 23 Jun 2024 13:05:16 GMT

File type

Size
97 kB (96639 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33 HTTP/1.1
Host: richinfo.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty/1.21.4.1
date: Wed, 17 Apr 2024 17:40:06 GMT
content-type: application/x-javascript
x-amz-id-2: N8tWu6cnBNILDlJEtwOYfX8Cy0eCt2IctBrkyxJAFO+UpoLU7QVPPJkHJSNOthZJU40xVXkr01g=
x-amz-request-id: CA3EZVPJBXVF0PX9
last-modified: Wed, 10 Apr 2024 13:16:50 GMT
etag: W/"48e0c66e13f063ffe401a275add23665"
x-amz-server-side-encryption: AES256
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by