Report - kurl.ru/HVMVk

Report Overview

Visited public
2023-12-02 22:12:47
Tags
URL
kurl.ru/HVMVk
Finishing URL
goo.su/o9CDejf
IP / ASN
45.130.41.96
#198610 Beget LLC
Title
Redirecting...

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
richinfo.co	285236	2019-06-20	2019-06-26 15:58:03	2023-12-02 20:00:14	459 B	71 kB	5.200.15.239
kurl.ru	unknown	2022-07-22	2020-08-26 21:20:16	2023-11-21 07:47:11	479 B	497 B	45.130.41.96
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-02 07:17:09	899 B	24 kB	142.250.74.106
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-02 07:24:06	1.1 kB	36 kB	216.58.207.227
enduresopens.com	unknown	2023-08-31	2023-08-31 14:06:40	2023-11-30 22:55:36	411 B	1.5 kB	172.255.6.166
rtb.pushdom.co	244282	2018-12-28	2019-01-08 20:36:00	2023-11-30 21:04:18	521 B	158 B	109.200.209.144
goo.su	377451	2019-06-14	2017-05-12 21:35:59	2023-12-01 13:03:18	8.1 kB	155 kB	172.67.139.105
st.top100.ru	27374	1999-09-30	2014-03-27 17:20:51	2023-12-02 16:11:31	827 B	130 kB	81.19.89.16

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-02 22:12:35	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-12-02 22:12:35	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-12-02 22:12:35	low	Client IP	Internal IP	ET INFO Observed URL Shortener Service Domain in DNS Lookup (goo .su)
2023-12-02 22:12:35	low	Client IP	Internal IP	ET INFO Observed URL Shortener Service Domain in DNS Lookup (goo .su)
2023-12-02 22:12:35	low	Client IP	172.67.139.105	ET INFO Observed URL Shortener Service Domain (goo .su in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (16)

	URL	From	Size	First Seen	Last Seen
	goo.su/o9CDejf	ScriptElement	586 B	2023-03-07	2025-01-27
Pretty URL goo.su/o9CDejf IP 172.67.139.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:04 Last Seen2025-01-27 13:24 Times Seen55 Hash 2b380b3e889f216df5c1a02cc5b137f9 f634ca3decc0ae35c3ecc085109423d471fadbb2 516a69de48e4087bf540894064ddcc49d1985f4799ab583fb1a12003af517821 Loading...

	unknown	ScriptElement	247 B	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 17:01 Last Seen2024-08-20 17:01 Times Seen1 Hash e8a7485872c862d79a4df76c62b40cb4 f2897f9d2f25cfa8cdb66c8692a7d9816b6f6a2f 3b0bd492d70dfc8294c6c1d2c0724dd73885c28b5dfd0e1de6e5ada62c4150c1 Loading...

	st.top100.ru/top100/top100.js	ScriptElement	114 kB	2023-11-23	2024-08-20
Pretty URL st.top100.ru/top100/top100.js IP 81.19.89.16 ASN #24638 Rambler Internet Holding LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 17:52 Last Seen2024-08-20 18:08 Times Seen57 Hash 41c3677568a4c937e2c12b14c97d5403 717e6988b588fcc21a21e54fc5681ec686c15c19 52042fa86553029692e962a7f139b2073d16496916a5248e5c1abda1f2c977a7 Loading...

	goo.su/o9CDejf	ScriptElement	586 B	2023-03-07	2025-01-27
Pretty URL goo.su/o9CDejf IP 172.67.139.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:04 Last Seen2025-01-27 13:24 Times Seen55 Hash e843b00692de2f72a9b77637c18329df 849c7da6b5c326356438106ed917adaa8806c6a6 816fdf433e4de91232f983788ac259925547207a34f59fcc35b9a719b4c8fc07 Loading...

	richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33	ScriptElement	71 kB	2023-08-18	2024-08-21
Pretty URL richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33 IP 5.200.15.239 ASN #49544 i3D.net B.V Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-18 17:52 Last Seen2024-08-21 08:26 Times Seen254 Hash 482657d8dc8d45dca5dbd78e2e988097 4d2eae324d0dd95de1c8d7a2c2d5a0f9d46eabf6 95bfb0165ee20b9404f599edcb7f7fee4bfedc1df340dfdce225ad35f3506ff7 Loading...

	enduresopens.com/ttkXIvunodY/69489	ScriptElement	5 B	2023-03-07	2025-05-09
Pretty URL enduresopens.com/ttkXIvunodY/69489 IP 172.255.6.166 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2025-05-09 08:24 Times Seen5994 Hash f7a2939527fd9e68723da600e96d76bd a9e717b6364d2895ee0a716050db32ca0ef1bb42 d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a Loading...

	st.top100.ru/top100/3.13.44/usability.js	ScriptElement	15 kB	2023-11-20	2023-12-05
Pretty URL st.top100.ru/top100/3.13.44/usability.js IP 81.19.89.16 ASN #24638 Rambler Internet Holding LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-20 15:41 Last Seen2023-12-05 17:39 Times Seen67 Hash 5631c815de35a6f6b448b0abbb1dd60c 9f35207e42f536afca4fe47eb4833ad3d4d370a8 022038891c775d0e6639f4cafd1607c96ec9fb39eccfd0b8d7d411af03767a33 Loading...

	goo.su/o9CDejf	ScriptElement	1.1 kB	2024-08-20	2024-08-20
Pretty URL goo.su/o9CDejf IP 172.67.139.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 17:01 Last Seen2024-08-20 17:01 Times Seen1 Hash 5df4a4e90fdcf23c3763a66bf83df882 39c849a3579447f3fc9da3076eadd96035bfe499 ce6bf9bc9d39a445885b7631d23800d69f4987b9940830d385ddd51231fc3998 Loading...

	unknown	Function	79 B	2023-04-11	2025-05-09
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:38 Last Seen2025-05-09 09:18 Times Seen112368 Hash aa049e2749b8531cb8f233c2f64fc2b2 b611a5a62c1813ae5b4763378b3a4a565556530a e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2 Loading...

	goo.su/cdn-cgi/challenge-platform/scripts/jsd/main.js	ScriptElement	7.4 kB	2023-12-02	2023-12-02
Pretty URL goo.su/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 172.67.139.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-02 22:54 Last Seen2023-12-02 23:12 Times Seen2 Hash 618aa7eb2c1029b30c0d1284007f0284 f11b64bb59d91e25845a4660b728bf3cccc4b654 6b539c5844794b1e4af3929b8e8642293ee0b2519e114915eff46ddacc79df82 Loading...

	goo.su/o9CDejf	ScriptElement	622 B	2023-03-07	2025-04-28
Pretty URL goo.su/o9CDejf IP 172.67.139.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:04 Last Seen2025-04-28 02:53 Times Seen66 Hash 6a129b9966ad9370833e0bdb6056c91b eca2659bb27e32e86e02dc3c70b6528d08617d63 12b337f70504184e85b32753b25ae4870675033a4b862d256a10b709ac5d769b Loading...

	goo.su/o9CDejf	ScriptElement	514 B	2023-03-07	2025-04-28
Pretty URL goo.su/o9CDejf IP 172.67.139.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:04 Last Seen2025-04-28 02:53 Times Seen66 Hash db473c0638ca9295f4850801c7a35db2 b7db18f7bc30c96199489c29505fa72c2b1d6338 88a3c541e64d9ddafd066f9d4747a6088cf8255e8c1552b2e8b782e59cd12ee5 Loading...

	goo.su/o9CDejf	ScriptElement	861 B	2023-03-07	2025-04-28
Pretty URL goo.su/o9CDejf IP 172.67.139.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:04 Last Seen2025-04-28 02:53 Times Seen66 Hash 10a3a6c66b892d8538eec3608bca22e2 b226797b6cc2481382d7b760b5af97a9a7173689 269f0da0a1250e47ea814800ea6727502fbf6cba510026e23963122b29232035 Loading...

	goo.su/frontend/js/redirect.js?id=0206716eb65eec68ba60	ScriptElement	91 kB	2023-03-07	2024-08-21
Pretty URL goo.su/frontend/js/redirect.js?id=0206716eb65eec68ba60 IP 172.67.139.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04 Last Seen2024-08-21 09:42 Times Seen29 Hash 5133d0220333bcdfae34ba770e7c9b42 9a351d7b7ac64a836f602816548c86a249299003 2c84d9ab5b2dd5c770675c7c9e9219710fdd23745fbaf02a07e8c90ef078d38e Loading...

	unknown	Function	37 B	2023-04-11	2025-05-09
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:31 Last Seen2025-05-09 09:18 Times Seen263330 Hash 29d0c84b9d1d8da446a6062c6a840ad9 6d6b3a6065667c7c50d92f3889c85ed65a9ad784 3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1 Loading...

		Size	First Seen	Last Seen
	#1 Write - f03d395da0b2c2e8e092b67c951f52e7	239 B	2024-08-20 17:01	2024-08-20 17:01
Pretty Observations First Seen2024-08-20 17:01 Last Seen2024-08-20 17:01 Times Seen1 Hash f03d395da0b2c2e8e092b67c951f52e7 4e27e5c5f4d1fa13f37a2e1768a870a67b670b80 cc5f49a37f3a7a2b0608cb8a592bc2c5170d3cda1e01bf168b699a25cbc66a24 Loading...

HTTP Transactions (17)

	URL	IP	Response	Size
	kurl.ru/HVMVk	45.130.41.96	301 Moved Permanently	0 B
URL User Request GET HTTP/2 kurl.ru/HVMVk IP 45.130.41.96:443 ASN #198610 Beget LLC Certificate IssuerLet's Encrypt Subjectkurl.ru FingerprintD0:8D:26:3E:B8:EA:32:E3:7B:4E:53:FA:BD:0A:C4:57:40:88:E5:D3 ValidityTue, 10 Oct 2023 08:33:23 GMT - Mon, 08 Jan 2024 08:33:22 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /HVMVk HTTP/1.1 Host: kurl.ru User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 301 Moved Permanently server: nginx-reuseport/1.21.1 date: Sat, 02 Dec 2023 22:12:30 GMT content-type: text/html; charset=UTF-8 content-length: 0 x-powered-by: PHP/7.4.33 expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache set-cookie: PHPSESSID=c23dfaf50bbe5026f8815bd695ac01ea; path=/ short_258481=1; expires=Sat, 02-Dec-2023 22:27:30 GMT; Max-Age=900; path=/; HttpOnly location: https://goo.su/o9CDejf X-Firefox-Spdy: h2`

	fonts.googleapis.com/css?family=Roboto:400&display=swap	142.250.74.106	200 OK	19 kB
URL GET HTTP/2 fonts.googleapis.com/css?family=Roboto:400&display=swap IP 142.250.74.106:443 ASN #15169 GOOGLE Requested by https://goo.su/o9CDejf Certificate IssuerGoogle Trust Services LLC Subjectupload.video.google.com FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42 ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT File type gzip compressed data, max compression\012- data Size 19 kB (19221 bytes) Hash 9dc716177b034b628abcde28d18dc2dd 1d165d5388f6a4306f152382469cd235357a43a2 b90cbcaab277c0533a2171de299146b98afca9a28945fe62e4646fde8e3cf63e HTTP Headers `GET /css?family=Roboto:400&display=swap HTTP/1.1 Host: fonts.googleapis.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://goo.su/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: text/css; charset=utf-8 access-control-allow-origin: * timing-allow-origin: * link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin strict-transport-security: max-age=31536000 expires: Sat, 02 Dec 2023 22:12:31 GMT date: Sat, 02 Dec 2023 22:12:31 GMT cache-control: private, max-age=86400 cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin-allow-popups content-encoding: gzip server: ESF x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2	216.58.207.227	200 OK	16 kB
URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP 216.58.207.227:443 ASN #15169 GOOGLE Requested by https://goo.su/o9CDejf Certificate IssuerGoogle Trust Services LLC Subject.gstatic.com FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data Size 16 kB (15744 bytes) Hash 15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615 HTTP Headers GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://goo.su DNT: 1 Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 15744 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 30 Nov 2023 04:57:34 GMT expires: Fri, 29 Nov 2024 04:57:34 GMT cache-control: public, max-age=31536000 age: 234897 last-modified: Wed, 11 May 2022 19:24:48 GMT content-type: font/woff2 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	enduresopens.com/ttkXIvunodY/69489	172.255.6.166	200 OK	25 B
URL GET HTTP/1.1 enduresopens.com/ttkXIvunodY/69489 IP 172.255.6.166:443 ASN #7979 SERVERS-COM Requested by https://goo.su/o9CDejf Certificate IssuerLet's Encrypt Subjectenduresopens.com FingerprintB6:C5:5B:70:B5:C3:9D:34:75:17:50:9E:4E:CE:9A:FB:8A:87:E2:E4 ValidityWed, 08 Nov 2023 23:08:29 GMT - Tue, 06 Feb 2024 23:08:28 GMT File type ASCII text, with no line terminators Size 25 B (25 bytes) Hash f7a2939527fd9e68723da600e96d76bd a9e717b6364d2895ee0a716050db32ca0ef1bb42 d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a HTTP Headers `GET /ttkXIvunodY/69489 HTTP/1.1 Host: enduresopens.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://goo.su/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 200 OK Server: nginx Date: Sat, 02 Dec 2023 22:12:31 GMT Content-Type: application/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=20 Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://goo.su Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires Access-Control-Max-Age: 600 Access-Control-Allow-Methods: GET, POST, OPTIONS X-Frame-Options: SAMEORIGIN Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWXVBJ%2BEAHqFVQXz0Za%2FgIyntH6wL7aZU0NtLTPRtMvlNJgiCqLpFuGYp4k9R414NvJGs5fKhfmRNUz8JRkPfvvTtc8MFa3Gll86LfiKf4LDMwvnOrwmOIxlyWnbSKipwt6u%2F5mzsZhKkvRNGFUjnXUwF8t7ZbSFXxUiMmAn5STsa7NcuxId1iDmr96zNnkOGyC5VXF4jf9NG7cvyiIizsswC3Fwm4Qfr5k6rLEQ6OqEI4SsOUngarftGrmg5e3sB7KS6f%2F97HG%2BcIVO0aklIrX8n9wNBjE5s; expires=Sun, 03-Dec-2023 22:12:31 GMT; Max-Age=86400; path=/; secure; SameSite=None GL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D; expires=Sun, 03-Dec-2023 22:12:31 GMT; Max-Age=86400; path=/; secure; SameSite=None Content-Encoding: gzip Vary: Accept-Encoding Strict-Transport-Security: max-age=1 X-Content-Type-Options: nosniff

	rtb.pushdom.co/pb/st?sctp=content-locker&m=ht&pid=883146&sid=330256&dm=goo.su&c1=https&c2=1&c3=https://rtb.pushdom.co/pb/st	109.200.209.144	200 OK	0 B
URL GET HTTP/2 rtb.pushdom.co/pb/st?sctp=content-locker&m=ht&pid=883146&sid=330256&dm=goo.su&c1=https&c2=1&c3=https://rtb.pushdom.co/pb/st IP 109.200.209.144:443 ASN #49544 i3D.net B.V Requested by https://goo.su/o9CDejf Certificate IssuerLet's Encrypt Subjectrtb.pushdom.co Fingerprint24:5E:C5:CD:AF:AA:7D:3F:BA:DD:C0:63:32:DB:F1:38:20:5F:70:88 ValidityWed, 04 Oct 2023 13:08:31 GMT - Tue, 02 Jan 2024 13:08:30 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /pb/st?sctp=content-locker&m=ht&pid=883146&sid=330256&dm=goo.su&c1=https&c2=1&c3=https://rtb.pushdom.co/pb/st HTTP/1.1 Host: rtb.pushdom.co User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://goo.su/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK server: openresty/1.21.4.1 date: Sat, 02 Dec 2023 22:12:31 GMT content-type: text/html;charset=UTF-8 content-length: 0 X-Firefox-Spdy: h2`

	goo.su/cdn-cgi/challenge-platform/h/b/jsd/r/82f6e96aadd70b06	172.67.139.105	200 OK	11 kB
URL POST HTTP/3 goo.su/cdn-cgi/challenge-platform/h/b/jsd/r/82f6e96aadd70b06 IP 172.67.139.105:443 ASN #13335 CLOUDFLARENET Requested by https://goo.su/o9CDejf Certificate IssuerGoogle Trust Services LLC Subjectgoo.su FingerprintC7:43:5F:AB:2E:5B:9D:DF:91:5A:64:48:54:CA:F4:CD:DF:39:92:A6 ValidityFri, 06 Oct 2023 22:31:19 GMT - Thu, 04 Jan 2024 22:31:18 GMT File type data Size 11 kB (10927 bytes) Hash 6dafffaa426a13dcb031c4134816a801 a98e52ba8407074583b5fa74f04cb35d5b6b6168 273b35c4706b713f303b9ed42eb667b6800e715e245d34b865176107705dc766 HTTP Headers POST /cdn-cgi/challenge-platform/h/b/jsd/r/82f6e96aadd70b06 HTTP/1.1 Host: goo.su User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Content-Length: 12166 Origin: https://goo.su DNT: 1 Connection: keep-alive Referer: https://goo.su/o9CDejf Cookie: XSRF-TOKEN=eyJpdiI6IjJJYXIzZXlVNWR0alZhNCsyNmtQcGc9PSIsInZhbHVlIjoiQ3hPRkxGOUxGbVdudU5RbG9kU1NJanN0OERHV0VGZmJhQU5nM0JPNUd1YThJWFdIbFlBbnloMTdtSGRrTTIzQitPT3hMZ29YL1E4TWMrOGRtQWgrczBKZU1IbkFrOXNXTW9na01YK0diSFNiS28wUHE4NHd2NzdEV3RsdVNjQXUiLCJtYWMiOiJiYWUyOTM0ZDQxMzkwYzljYjc4ZWVmNzNjYTcwM2ZmMGYzODIyNzk3ZTNlM2Q1ZWJmZTQyMDcwMjI4Y2YyODQxIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6InNhbktCQ3Qxa2ZpYUltMFFHSTY3ZGc9PSIsInZhbHVlIjoiZnlxakx4MitjeWp6Y2ZlbE0zREI5ZERTVkd4UEMyM0Vad0JtTnI2N1ByTkxXMjBocExsU0Z4R21SVWM3dWphaWRXUnNad0tSYUpydmY0TEYvQ1BzRlhqczEvSkJVeENoYUg0ZUQyaStkK0xpT0xJa0VQZk16N3JvVmcyV0tHdnkiLCJtYWMiOiI2MzhlODZhMjk3ZGNkNGY5NmEwZWQ1ZjQ4NTg2MjM5NDUwYzg1Y2Q3OWU4YjQxMjY3MTc2ZTVhMDBlZjA0ZDQzIiwidGFnIjoiIn0%3D Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK date: Sat, 02 Dec 2023 22:12:31 GMT content-type: text/plain; charset=UTF-8 set-cookie: cf_clearance=Ai0KBXvALKpEcyIKnNpdbHvY2hQAi6GrjPXWikcfG5s-1701555151-0-1-730ca2d2.73a07051.5b213570-0.2.1701555151; path=/; expires=Sun, 01-Dec-24 22:12:31 GMT; domain=.goo.su; HttpOnly; Secure; SameSite=None report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bKOeGsoZm3Z%2FvOIbvCdBk7Z4kBykj8UmV2UosHG8ki9ylU7XC0bCwh2xBU82OgIJPF4W3vSzAZsPX7GY5GehU0WgoR%2B8pLJyFk1YXLUGbQlp89H%2B0LvVYS4%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 82f6e9720eb50afe-OSL content-encoding: br alt-svc: h3=":443"; ma=86400

	goo.su/img/favicons/favicon-16x16.png	172.67.139.105	200 OK	1.6 kB
URL GET HTTP/3 goo.su/img/favicons/favicon-16x16.png IP 172.67.139.105:443 ASN #13335 CLOUDFLARENET Requested by https://goo.su/o9CDejf Certificate IssuerGoogle Trust Services LLC Subjectgoo.su FingerprintC7:43:5F:AB:2E:5B:9D:DF:91:5A:64:48:54:CA:F4:CD:DF:39:92:A6 ValidityFri, 06 Oct 2023 22:31:19 GMT - Thu, 04 Jan 2024 22:31:18 GMT File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data Size 1.6 kB (1567 bytes) Hash 2b201347b6d90e0ad2bbad3be209db73 ae5de3e7f779cf33aefd5dc738f2126633bb7824 df0a5932ec719656fd8f147bcc0c14312e53e52c2df13f5f815d72833de9c852 HTTP Headers GET /img/favicons/favicon-16x16.png HTTP/1.1 Host: goo.su User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://goo.su/o9CDejf Cookie: XSRF-TOKEN=eyJpdiI6IjJJYXIzZXlVNWR0alZhNCsyNmtQcGc9PSIsInZhbHVlIjoiQ3hPRkxGOUxGbVdudU5RbG9kU1NJanN0OERHV0VGZmJhQU5nM0JPNUd1YThJWFdIbFlBbnloMTdtSGRrTTIzQitPT3hMZ29YL1E4TWMrOGRtQWgrczBKZU1IbkFrOXNXTW9na01YK0diSFNiS28wUHE4NHd2NzdEV3RsdVNjQXUiLCJtYWMiOiJiYWUyOTM0ZDQxMzkwYzljYjc4ZWVmNzNjYTcwM2ZmMGYzODIyNzk3ZTNlM2Q1ZWJmZTQyMDcwMjI4Y2YyODQxIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6InNhbktCQ3Qxa2ZpYUltMFFHSTY3ZGc9PSIsInZhbHVlIjoiZnlxakx4MitjeWp6Y2ZlbE0zREI5ZERTVkd4UEMyM0Vad0JtTnI2N1ByTkxXMjBocExsU0Z4R21SVWM3dWphaWRXUnNad0tSYUpydmY0TEYvQ1BzRlhqczEvSkJVeENoYUg0ZUQyaStkK0xpT0xJa0VQZk16N3JvVmcyV0tHdnkiLCJtYWMiOiI2MzhlODZhMjk3ZGNkNGY5NmEwZWQ1ZjQ4NTg2MjM5NDUwYzg1Y2Q3OWU4YjQxMjY3MTc2ZTVhMDBlZjA0ZDQzIiwidGFnIjoiIn0%3D; cf_clearance=Ai0KBXvALKpEcyIKnNpdbHvY2hQAi6GrjPXWikcfG5s-1701555151-0-1-730ca2d2.73a07051.5b213570-0.2.1701555151; adtech_uid=c5ba3021-0cca-4c01-8a33-1385072522d3%3Agoo.su; top100_id=t1.6673155.1654267306.1701555156912; t3_sid_6673155=s1.1928373602.1701555156914.1701555156914.1.1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK date: Sat, 02 Dec 2023 22:12:31 GMT content-type: image/png content-length: 1567 last-modified: Sun, 13 Feb 2022 17:51:43 GMT etag: "6209452f-61f" expires: Tue, 05 Dec 2023 08:21:25 GMT cache-control: max-age=604800 cf-cache-status: HIT age: 395466 accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PIbLb4M7M3RKNjDWmXpba0HVI3rYpeM3Afr6RDsIwTSN5wiWtx6s94tYbJR7QOV96kJFt96RfhqH9L53hncPeBNYkdM9EYaVfDHltmqptkq8fXeMLI5ReUQ%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82f6e973af980afe-OSL alt-svc: h3=":443"; ma=86400

	fonts.gstatic.com/s/opensans/v36/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2	216.58.207.227	200 OK	19 kB
URL GET HTTP/2 fonts.gstatic.com/s/opensans/v36/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 IP 216.58.207.227:443 ASN #15169 GOOGLE Requested by https://goo.su/o9CDejf Certificate IssuerGoogle Trust Services LLC Subject.gstatic.com FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT File type Web Open Font Format (Version 2), TrueType, length 18664, version 1.0\012- data Size 19 kB (18664 bytes) Hash 8d1c44b2bf75a4e6f1bd141f9a965f4f 1e5dfdb7ca5ee8e823f9f5787f84b18fbdc38434 441e23601fe7525a142857c98cbb2784997579d51a17f736d7964dceee609709 HTTP Headers GET /s/opensans/v36/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://goo.su DNT: 1 Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 18664 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 30 Nov 2023 23:21:50 GMT expires: Fri, 29 Nov 2024 23:21:50 GMT cache-control: public, max-age=31536000 age: 168641 last-modified: Thu, 14 Sep 2023 01:36:18 GMT content-type: font/woff2 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	st.top100.ru/top100/top100.js	81.19.89.16	200 OK	114 kB
URL GET HTTP/2 st.top100.ru/top100/top100.js IP 81.19.89.16:443 ASN #24638 Rambler Internet Holding LLC Requested by https://goo.su/o9CDejf Certificate IssuerGlobalSign nv-sa Subject.top100.ru Fingerprint69:AD:E6:85:0B:3A:87:2C:3B:C1:7E:CB:EF:53:D7:2E:12:F3:76:6B ValidityWed, 08 Feb 2023 07:55:45 GMT - Mon, 11 Mar 2024 07:55:44 GMT File type Size 114 kB (114426 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /top100/top100.js HTTP/1.1 Host: st.top100.ru User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://goo.su/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK server: nginx date: Sat, 02 Dec 2023 22:12:31 GMT content-type: application/javascript vary: Accept-Encoding last-modified: Thu, 23 Nov 2023 11:30:43 GMT x-rgw-object-type: Normal etag: W/"41c3677568a4c937e2c12b14c97d5403" x-amz-request-id: tx00000000000000357428d-00656ba9ca-f7b1f19-default expires: Sat, 02 Dec 2023 23:12:31 GMT cache-control: max-age=3600 set-cookie: proto_uid=1CIAAM+ra2XBc0qzAY1yewB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/ p3p: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV" content-encoding: gzip X-Firefox-Spdy: h2

	goo.su/frontend/js/redirect.js?id=0206716eb65eec68ba60	172.67.139.105	200 OK	91 kB
URL GET HTTP/3 goo.su/frontend/js/redirect.js?id=0206716eb65eec68ba60 IP 172.67.139.105:443 ASN #13335 CLOUDFLARENET Requested by https://goo.su/o9CDejf Certificate IssuerGoogle Trust Services LLC Subjectgoo.su FingerprintC7:43:5F:AB:2E:5B:9D:DF:91:5A:64:48:54:CA:F4:CD:DF:39:92:A6 ValidityFri, 06 Oct 2023 22:31:19 GMT - Thu, 04 Jan 2024 22:31:18 GMT File type Size 91 kB (90590 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /frontend/js/redirect.js?id=0206716eb65eec68ba60 HTTP/1.1 Host: goo.su User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://goo.su/o9CDejf Cookie: XSRF-TOKEN=eyJpdiI6IjJJYXIzZXlVNWR0alZhNCsyNmtQcGc9PSIsInZhbHVlIjoiQ3hPRkxGOUxGbVdudU5RbG9kU1NJanN0OERHV0VGZmJhQU5nM0JPNUd1YThJWFdIbFlBbnloMTdtSGRrTTIzQitPT3hMZ29YL1E4TWMrOGRtQWgrczBKZU1IbkFrOXNXTW9na01YK0diSFNiS28wUHE4NHd2NzdEV3RsdVNjQXUiLCJtYWMiOiJiYWUyOTM0ZDQxMzkwYzljYjc4ZWVmNzNjYTcwM2ZmMGYzODIyNzk3ZTNlM2Q1ZWJmZTQyMDcwMjI4Y2YyODQxIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6InNhbktCQ3Qxa2ZpYUltMFFHSTY3ZGc9PSIsInZhbHVlIjoiZnlxakx4MitjeWp6Y2ZlbE0zREI5ZERTVkd4UEMyM0Vad0JtTnI2N1ByTkxXMjBocExsU0Z4R21SVWM3dWphaWRXUnNad0tSYUpydmY0TEYvQ1BzRlhqczEvSkJVeENoYUg0ZUQyaStkK0xpT0xJa0VQZk16N3JvVmcyV0tHdnkiLCJtYWMiOiI2MzhlODZhMjk3ZGNkNGY5NmEwZWQ1ZjQ4NTg2MjM5NDUwYzg1Y2Q3OWU4YjQxMjY3MTc2ZTVhMDBlZjA0ZDQzIiwidGFnIjoiIn0%3D Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/3 200 OK date: Sat, 02 Dec 2023 22:12:31 GMT content-type: application/javascript cache-control: max-age=604800 cf-bgj: minify cf-polished: origSize=90593 etag: W/"620befd7-161e1" expires: Sat, 09 Dec 2023 05:00:37 GMT last-modified: Tue, 15 Feb 2022 18:24:23 GMT cf-cache-status: HIT age: 61914 report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OgGNtCddoU3rPOm94Xyt7cdGZBTiuR7LOzq3HZmmQHH88D6oDgtb%2B2kwoC7PIfuTLXfEz%2BY3KzcfwPAVNj84CSoipo3Gg3aldArSsxh54%2F8Yij7ufFSix5A%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82f6e96ecc6c0afe-OSL content-encoding: br alt-svc: h3=":443"; ma=86400

	goo.su/img/favicons/apple-touch-icon.png	172.67.139.105	200 OK	11 kB
URL GET HTTP/3 goo.su/img/favicons/apple-touch-icon.png IP 172.67.139.105:443 ASN #13335 CLOUDFLARENET Requested by https://goo.su/o9CDejf Certificate IssuerGoogle Trust Services LLC Subjectgoo.su FingerprintC7:43:5F:AB:2E:5B:9D:DF:91:5A:64:48:54:CA:F4:CD:DF:39:92:A6 ValidityFri, 06 Oct 2023 22:31:19 GMT - Thu, 04 Jan 2024 22:31:18 GMT File type PNG image data, 180 x 180, 8-bit/color RGB, non-interlaced\012- data Size 11 kB (10926 bytes) Hash dc1648f034a8879145ce2db071bdc305 28dfdc4f3f97f00e54528685427a83974cb04a81 7c51dc3139a5a8a07e00884f6558ed62511359803bcb4123668b8e0ccab896c7 HTTP Headers GET /img/favicons/apple-touch-icon.png HTTP/1.1 Host: goo.su User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://goo.su/o9CDejf Cookie: XSRF-TOKEN=eyJpdiI6IjJJYXIzZXlVNWR0alZhNCsyNmtQcGc9PSIsInZhbHVlIjoiQ3hPRkxGOUxGbVdudU5RbG9kU1NJanN0OERHV0VGZmJhQU5nM0JPNUd1YThJWFdIbFlBbnloMTdtSGRrTTIzQitPT3hMZ29YL1E4TWMrOGRtQWgrczBKZU1IbkFrOXNXTW9na01YK0diSFNiS28wUHE4NHd2NzdEV3RsdVNjQXUiLCJtYWMiOiJiYWUyOTM0ZDQxMzkwYzljYjc4ZWVmNzNjYTcwM2ZmMGYzODIyNzk3ZTNlM2Q1ZWJmZTQyMDcwMjI4Y2YyODQxIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6InNhbktCQ3Qxa2ZpYUltMFFHSTY3ZGc9PSIsInZhbHVlIjoiZnlxakx4MitjeWp6Y2ZlbE0zREI5ZERTVkd4UEMyM0Vad0JtTnI2N1ByTkxXMjBocExsU0Z4R21SVWM3dWphaWRXUnNad0tSYUpydmY0TEYvQ1BzRlhqczEvSkJVeENoYUg0ZUQyaStkK0xpT0xJa0VQZk16N3JvVmcyV0tHdnkiLCJtYWMiOiI2MzhlODZhMjk3ZGNkNGY5NmEwZWQ1ZjQ4NTg2MjM5NDUwYzg1Y2Q3OWU4YjQxMjY3MTc2ZTVhMDBlZjA0ZDQzIiwidGFnIjoiIn0%3D; cf_clearance=Ai0KBXvALKpEcyIKnNpdbHvY2hQAi6GrjPXWikcfG5s-1701555151-0-1-730ca2d2.73a07051.5b213570-0.2.1701555151; adtech_uid=c5ba3021-0cca-4c01-8a33-1385072522d3%3Agoo.su; top100_id=t1.6673155.1654267306.1701555156912; t3_sid_6673155=s1.1928373602.1701555156914.1701555156914.1.1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/3 200 OK date: Sat, 02 Dec 2023 22:12:31 GMT content-type: image/png content-length: 10926 last-modified: Sun, 13 Feb 2022 17:51:43 GMT etag: "6209452f-2aae" expires: Fri, 08 Dec 2023 07:34:06 GMT cache-control: max-age=604800 cf-cache-status: HIT age: 139105 accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SqRRITzoyveHkaybWmq%2BQdC5lbQzVggVXTYdDPO2oYNmVn9RByICcoBfjEoYbYcI0K6N3D%2FSLNA660ZqU0EFfKfvH6gxZ3Bhjga1lO4ih7xzvCuEz%2F0NalI%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82f6e973af970afe-OSL alt-svc: h3=":443"; ma=86400

	goo.su/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js	172.67.139.105	200 OK	7.4 kB
URL GET HTTP/3 goo.su/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js IP 172.67.139.105:443 ASN #13335 CLOUDFLARENET Requested by https://goo.su/o9CDejf Certificate IssuerGoogle Trust Services LLC Subjectgoo.su FingerprintC7:43:5F:AB:2E:5B:9D:DF:91:5A:64:48:54:CA:F4:CD:DF:39:92:A6 ValidityFri, 06 Oct 2023 22:31:19 GMT - Thu, 04 Jan 2024 22:31:18 GMT File type ASCII text, with very long lines (7382), with no line terminators Size 7.4 kB (7382 bytes) Hash 618aa7eb2c1029b30c0d1284007f0284 f11b64bb59d91e25845a4660b728bf3cccc4b654 6b539c5844794b1e4af3929b8e8642293ee0b2519e114915eff46ddacc79df82 HTTP Headers GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js HTTP/1.1 Host: goo.su User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Cookie: XSRF-TOKEN=eyJpdiI6IjJJYXIzZXlVNWR0alZhNCsyNmtQcGc9PSIsInZhbHVlIjoiQ3hPRkxGOUxGbVdudU5RbG9kU1NJanN0OERHV0VGZmJhQU5nM0JPNUd1YThJWFdIbFlBbnloMTdtSGRrTTIzQitPT3hMZ29YL1E4TWMrOGRtQWgrczBKZU1IbkFrOXNXTW9na01YK0diSFNiS28wUHE4NHd2NzdEV3RsdVNjQXUiLCJtYWMiOiJiYWUyOTM0ZDQxMzkwYzljYjc4ZWVmNzNjYTcwM2ZmMGYzODIyNzk3ZTNlM2Q1ZWJmZTQyMDcwMjI4Y2YyODQxIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6InNhbktCQ3Qxa2ZpYUltMFFHSTY3ZGc9PSIsInZhbHVlIjoiZnlxakx4MitjeWp6Y2ZlbE0zREI5ZERTVkd4UEMyM0Vad0JtTnI2N1ByTkxXMjBocExsU0Z4R21SVWM3dWphaWRXUnNad0tSYUpydmY0TEYvQ1BzRlhqczEvSkJVeENoYUg0ZUQyaStkK0xpT0xJa0VQZk16N3JvVmcyV0tHdnkiLCJtYWMiOiI2MzhlODZhMjk3ZGNkNGY5NmEwZWQ1ZjQ4NTg2MjM5NDUwYzg1Y2Q3OWU4YjQxMjY3MTc2ZTVhMDBlZjA0ZDQzIiwidGFnIjoiIn0%3D Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/3 200 OK date: Sat, 02 Dec 2023 22:12:31 GMT content-type: application/javascript; charset=UTF-8 x-content-type-options: nosniff vary: accept-encoding cache-control: max-age=14400, public report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=outOrRfRxWJmt8PCqu2ayR%2FaY0H%2FcXSSMdMUPaMTUFNj0LaFlX%2FOX4JKFSmyahancnsQwQzqQZs29W86xvpOP6PI%2FDh3d5rV2O7a%2BHAjfFt2w6GvJ2TQp7I%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 82f6e970edf80afe-OSL content-encoding: br alt-svc: h3=":443"; ma=86400

	st.top100.ru/top100/3.13.44/usability.js	81.19.89.16	200 OK	15 kB
URL GET HTTP/2 st.top100.ru/top100/3.13.44/usability.js IP 81.19.89.16:443 ASN #24638 Rambler Internet Holding LLC Requested by https://goo.su/o9CDejf Certificate IssuerGlobalSign nv-sa Subject.top100.ru Fingerprint69:AD:E6:85:0B:3A:87:2C:3B:C1:7E:CB:EF:53:D7:2E:12:F3:76:6B ValidityWed, 08 Feb 2023 07:55:45 GMT - Mon, 11 Mar 2024 07:55:44 GMT File type ASCII text, with very long lines (14628), with no line terminators Size 15 kB (14628 bytes) Hash 5631c815de35a6f6b448b0abbb1dd60c 9f35207e42f536afca4fe47eb4833ad3d4d370a8 022038891c775d0e6639f4cafd1607c96ec9fb39eccfd0b8d7d411af03767a33 HTTP Headers `GET /top100/3.13.44/usability.js HTTP/1.1 Host: st.top100.ru User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://goo.su/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK server: nginx date: Sat, 02 Dec 2023 22:12:31 GMT content-type: application/javascript vary: Accept-Encoding last-modified: Thu, 23 Nov 2023 11:30:43 GMT x-rgw-object-type: Normal etag: W/"5631c815de35a6f6b448b0abbb1dd60c" x-amz-request-id: tx000000000000003574282-00656ba9ca-f7b1f19-default expires: Thu, 31 Dec 2037 23:55:55 GMT cache-control: max-age=315360000 set-cookie: proto_uid=1CIAAM+ra2XBc0qzAZxyewB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/ p3p: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV" content-encoding: gzip X-Firefox-Spdy: h2

	richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33	5.200.15.239	200 OK	71 kB
URL GET HTTP/2 richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33 IP 5.200.15.239:443 ASN #49544 i3D.net B.V Requested by https://goo.su/o9CDejf Certificate IssuerLet's Encrypt Subjectrichinfo.co FingerprintDC:D3:66:CE:54:D0:16:6E:8F:14:83:03:42:F9:BA:DB:D3:17:99:55 ValiditySat, 25 Nov 2023 15:24:58 GMT - Fri, 23 Feb 2024 15:24:57 GMT File type ASCII text, with very long lines (65536), with no line terminators Size 71 kB (70686 bytes) Hash 482657d8dc8d45dca5dbd78e2e988097 4d2eae324d0dd95de1c8d7a2c2d5a0f9d46eabf6 95bfb0165ee20b9404f599edcb7f7fee4bfedc1df340dfdce225ad35f3506ff7 HTTP Headers `GET /richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33 HTTP/1.1 Host: richinfo.co User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://goo.su/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: openresty/1.21.4.1 date: Sat, 02 Dec 2023 22:12:31 GMT content-type: application/x-javascript x-amz-id-2: gSK/NrSqUfiH0IDn9yKjIzqq7NctJm8mccpEdWmg0cWJBImLnouMcX/1O0dMT8/lAvNfeyYGHDA= x-amz-request-id: 7WHFX3GE16VF6H3T last-modified: Mon, 27 Nov 2023 12:20:56 GMT etag: W/"482657d8dc8d45dca5dbd78e2e988097" x-amz-server-side-encryption: AES256 content-encoding: gzip X-Firefox-Spdy: h2`

	goo.su/cdn-cgi/challenge-platform/scripts/jsd/main.js	172.67.139.105	302 Found	7.4 kB
URL GET HTTP/3 goo.su/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 172.67.139.105:443 ASN #13335 CLOUDFLARENET Requested by https://goo.su/o9CDejf Certificate IssuerGoogle Trust Services LLC Subjectgoo.su FingerprintC7:43:5F:AB:2E:5B:9D:DF:91:5A:64:48:54:CA:F4:CD:DF:39:92:A6 ValidityFri, 06 Oct 2023 22:31:19 GMT - Thu, 04 Jan 2024 22:31:18 GMT File type Size 7.4 kB (7382 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1 Host: goo.su User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Cookie: XSRF-TOKEN=eyJpdiI6IjJJYXIzZXlVNWR0alZhNCsyNmtQcGc9PSIsInZhbHVlIjoiQ3hPRkxGOUxGbVdudU5RbG9kU1NJanN0OERHV0VGZmJhQU5nM0JPNUd1YThJWFdIbFlBbnloMTdtSGRrTTIzQitPT3hMZ29YL1E4TWMrOGRtQWgrczBKZU1IbkFrOXNXTW9na01YK0diSFNiS28wUHE4NHd2NzdEV3RsdVNjQXUiLCJtYWMiOiJiYWUyOTM0ZDQxMzkwYzljYjc4ZWVmNzNjYTcwM2ZmMGYzODIyNzk3ZTNlM2Q1ZWJmZTQyMDcwMjI4Y2YyODQxIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6InNhbktCQ3Qxa2ZpYUltMFFHSTY3ZGc9PSIsInZhbHVlIjoiZnlxakx4MitjeWp6Y2ZlbE0zREI5ZERTVkd4UEMyM0Vad0JtTnI2N1ByTkxXMjBocExsU0Z4R21SVWM3dWphaWRXUnNad0tSYUpydmY0TEYvQ1BzRlhqczEvSkJVeENoYUg0ZUQyaStkK0xpT0xJa0VQZk16N3JvVmcyV0tHdnkiLCJtYWMiOiI2MzhlODZhMjk3ZGNkNGY5NmEwZWQ1ZjQ4NTg2MjM5NDUwYzg1Y2Q3OWU4YjQxMjY3MTc2ZTVhMDBlZjA0ZDQzIiwidGFnIjoiIn0%3D Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/3 302 Found date: Sat, 02 Dec 2023 22:12:31 GMT cache-control: max-age=300, public vary: accept-encoding access-control-allow-origin: * location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BPHWgTq0EMNfoCfKDsnIEid1DFLCaiQkIqeG3NGh6gZ58wi%2BWAqKh9pO1h1Vk%2Bf6qTG5vZVSsvMymofzG79lsgwTTUusNfSa0mjdON8VVRfYqgKtEghTJt8%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 82f6e970cddf0afe-OSL alt-svc: h3=":443"; ma=86400

	goo.su/o9CDejf	172.67.139.105	200 OK	21 kB
URL User Request GET HTTP/2 goo.su/o9CDejf IP 172.67.139.105:443 ASN #13335 CLOUDFLARENET Certificate IssuerGoogle Trust Services LLC Subjectgoo.su FingerprintC7:43:5F:AB:2E:5B:9D:DF:91:5A:64:48:54:CA:F4:CD:DF:39:92:A6 ValidityFri, 06 Oct 2023 22:31:19 GMT - Thu, 04 Jan 2024 22:31:18 GMT File type Size 21 kB (20685 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /o9CDejf HTTP/1.1 Host: goo.su User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Sat, 02 Dec 2023 22:12:30 GMT content-type: text/html; charset=UTF-8 vary: Accept-Encoding x-powered-by: PHP/8.0.15 cache-control: private, must-revalidate pragma: no-cache expires: -1 set-cookie: XSRF-TOKEN=eyJpdiI6IjJJYXIzZXlVNWR0alZhNCsyNmtQcGc9PSIsInZhbHVlIjoiQ3hPRkxGOUxGbVdudU5RbG9kU1NJanN0OERHV0VGZmJhQU5nM0JPNUd1YThJWFdIbFlBbnloMTdtSGRrTTIzQitPT3hMZ29YL1E4TWMrOGRtQWgrczBKZU1IbkFrOXNXTW9na01YK0diSFNiS28wUHE4NHd2NzdEV3RsdVNjQXUiLCJtYWMiOiJiYWUyOTM0ZDQxMzkwYzljYjc4ZWVmNzNjYTcwM2ZmMGYzODIyNzk3ZTNlM2Q1ZWJmZTQyMDcwMjI4Y2YyODQxIiwidGFnIjoiIn0%3D; expires=Sun, 03-Dec-2023 16:52:30 GMT; Max-Age=67200; path=/; samesite=lax goosu_session=eyJpdiI6InNhbktCQ3Qxa2ZpYUltMFFHSTY3ZGc9PSIsInZhbHVlIjoiZnlxakx4MitjeWp6Y2ZlbE0zREI5ZERTVkd4UEMyM0Vad0JtTnI2N1ByTkxXMjBocExsU0Z4R21SVWM3dWphaWRXUnNad0tSYUpydmY0TEYvQ1BzRlhqczEvSkJVeENoYUg0ZUQyaStkK0xpT0xJa0VQZk16N3JvVmcyV0tHdnkiLCJtYWMiOiI2MzhlODZhMjk3ZGNkNGY5NmEwZWQ1ZjQ4NTg2MjM5NDUwYzg1Y2Q3OWU4YjQxMjY3MTc2ZTVhMDBlZjA0ZDQzIiwidGFnIjoiIn0%3D; expires=Sun, 03-Dec-2023 16:52:30 GMT; Max-Age=67200; path=/; httponly; samesite=lax cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xYv%2B6T9OhZ4ci16i6pNGIlxAVHRyC1TgPXFEueQbnanfdlwI9ydY1vbfFNNGDBR2GCXLMtlcHLZ1Y6ypX9iT66XNeV9d%2Bm3WS8AWXv1Kx2CR7Q3mrGFO2Do%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 82f6e96aadd70b06-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	fonts.googleapis.com/css?family=Open%20Sans:400&display=swap	142.250.74.106	200 OK	3.1 kB
URL GET HTTP/2 fonts.googleapis.com/css?family=Open%20Sans:400&display=swap IP 142.250.74.106:443 ASN #15169 GOOGLE Requested by https://goo.su/o9CDejf Certificate IssuerGoogle Trust Services LLC Subjectupload.video.google.com FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42 ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT File type ASCII text, with very long lines (3151), with no line terminators Size 3.1 kB (3071 bytes) Hash 4fc21aadfc58ee9c99b3b02d3eba6a4b e1c98a88dd2b002efa414c06be2e3e7942e9c657 5db8d90fdd4593270cb2cc883cc26cf362fbc86ebab6b8382c0794b0335e9ec3 HTTP Headers `GET /css?family=Open%20Sans:400&display=swap HTTP/1.1 Host: fonts.googleapis.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://goo.su/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: text/css; charset=utf-8 access-control-allow-origin: * timing-allow-origin: * link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin strict-transport-security: max-age=31536000 expires: Sat, 02 Dec 2023 22:12:31 GMT date: Sat, 02 Dec 2023 22:12:31 GMT cache-control: private, max-age=86400 cross-origin-opener-policy: same-origin-allow-popups cross-origin-resource-policy: cross-origin content-encoding: gzip server: ESF x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN