| | 104.21.38.221 | 301 Moved Permanently | 171 B |
URL User Request GET HTTP/1.1IP104.21.38.221:80
File typeHTML document, ASCII text Hashb4d53c96890ca204f96f30212a8146fd af6fbcfc6e858c48e84b19c262b2ed0cbff2f4cf e7d83cb9a48d133238f4b0a1d469c20382d2402e070e7f8901774a1cecc9f256
Analyzer | Verdict | Alert | OpenPhish | phishing | Apple Inc. | Quad9 DNS | malicious | Sinkholed |
GET /WgbQkIu HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: goosu_session=eyJpdiI6Ik12KzVZQjcya3ByQ2pXb3cvZi8ySEE9PSIsInZhbHVlIjoiRUJSTDlMZy9hWk5wMFB2cyt5NlZ3VUlscXdTMGlFSmJqUDJnUUNGcnF4b011YzZIM2ZucmkrMkV1aXZ1MW1TMnRmTzQ1OWt2bXdLaHRVV3piWUdaWkx4ejM5Y2U1d2ZQQ0d0ekRmSTRiSWNUMjdXaVAzQWttNjhFL0hicjNPUlYiLCJtYWMiOiJhNDY1MDhiZTA3Nzg3MGE0N2ZmOTJiZTg5Nzc5NjkwYmZiYWE1NWY1NjI2MzZiY2NlMmM3NmM4NDIxOWJkOGY3IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Wed, 17 Apr 2024 18:17:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://goo.su/WgbQkIu
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=79CRC4hJlqC%2FcwvQEaJIwsdCVMKOUIKZ3qL0lZxt%2Fmv2mewpKCW0s%2BLH1X9gd3CHDyAPOCxEYyEMY5FEtQ9tx%2BVL6QqCACuu%2BnoxEAMgYwYzmKjA3E2XOJM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 875e697d384056c7-OSL
alt-svc: h3=":443"; ma=86400
|
|
| www.googletagmanager.com/gtag/js?id=UA-144661405-1 | 142.250.74.168 | 200 OK | 73 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=UA-144661405-1 IP142.250.74.168:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
File typeJavaScript source, ASCII text, with very long lines (4179) Hash236bf9d0c3192ff9514bd31e562d43f5 5517273ce28a5ff42c960846c97da053d8344338 93e9ba322bc2f55adbf90cc1f258404da83d031205055249dffa3ca726d82c98
GET /gtag/js?id=UA-144661405-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 17 Apr 2024 18:17:28 GMT
expires: Wed, 17 Apr 2024 18:17:28 GMT
cache-control: private, max-age=900
last-modified: Wed, 17 Apr 2024 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 72909
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| goo.su/cdn-cgi/challenge-platform/scripts/jsd/main.js | 172.67.139.105 | 302 Found | 0 B |
URL GET HTTP/3goo.su/cdn-cgi/challenge-platform/scripts/jsd/main.js IP172.67.139.105:443
CertificateIssuerGoogle Trust Services LLC Subjectgoo.su FingerprintDE:C6:4D:AF:DC:06:3A:ED:C6:AF:B6:FD:D7:3A:E7:C4:A6:AB:A2:60 ValidityMon, 01 Apr 2024 06:02:27 GMT - Sun, 30 Jun 2024 06:02:26 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlNtTWRLUVhBaCsyZmF2VmdOWUdWMkE9PSIsInZhbHVlIjoidlNWc29wV0ovWUpPT3JGZ2I4R204Q0s1dSt6WTV1VVAzTjA0ZTBhMmRnQ25TQkw5R1RiZm5JY1h5cEd5cTRpbkpnS1hNeG1BdXEwdWRCT2tzRmhkdnVlSXhBUDJ3VFQ1OGhqOENMejl2ak5aemlSMk5zWmk1Q0YrTlcrdGZIa0MiLCJtYWMiOiI0YWI4YzhiNWQyZjY4MjQ3ODRlZmNkMWFlYzc5YjY1NjIyNzAwYzFiMWVjMDUwNDczMjc5NWJlYWE0ZDY2NWNkIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6ImwrL2lmdzhTcHhVdUFnL1ExOVUwYXc9PSIsInZhbHVlIjoiTEh5VlViRlVaSEZmamVQTGYrb0FscldXZkZoZzVPNVNWMjVaSzJKQjhJQkNrT2lLYzZTbWY3MHc2cSs4TXJMeXQzS3lMemFLYjY4MjZlVkxOMUoyUzJ1QW9qbUdYcjExcHdWeDdZT3hKRVB0V1dOSDVBR0syUzJuY3loR1RTZXciLCJtYWMiOiIzOGU0ZDQ1MjI5MzA5ZWRmNmNlYWIyN2JmOWQ5NmExN2ZiNjA1NGFiMWQxNzE0YmZkNGEyNTk0OTE5MmY3YTJhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
date: Wed, 17 Apr 2024 18:17:28 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js
cache-control: max-age=300, public
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zoEUnQsxOhphnQ3e8Ez2oC77C%2FZEt4bZBtmRn8numRitHs%2Bpzc3uF0OuZIyZT5ZU0OqS2cUwa0WUaCvRzk7m6ZDBGimPqzwNwL6jIbo0dV9gXskHbxb4Lnc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875e69803ff5b51e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| enduresopens.com/ttkXIvunodY/69489 | 23.109.170.125 | 200 OK | 25 B |
URL GET HTTP/1.1enduresopens.com/ttkXIvunodY/69489 IP23.109.170.125:443
CertificateIssuerLet's Encrypt Subjectenduresopens.com FingerprintC4:F1:82:55:01:80:DE:E4:BA:76:D0:1C:20:FC:58:30:9D:43:C0:2B ValidityMon, 25 Mar 2024 23:51:07 GMT - Sun, 23 Jun 2024 23:51:06 GMT
File typeASCII text, with no line terminators Hashf7a2939527fd9e68723da600e96d76bd a9e717b6364d2895ee0a716050db32ca0ef1bb42 d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ttkXIvunodY/69489 HTTP/1.1
Host: enduresopens.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 17 Apr 2024 18:17:28 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://goo.su
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Thu, 18-Apr-2024 18:17:28 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Thu, 18-Apr-2024 18:17:28 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| fonts.gstatic.com/s/nunito/v26/XRXI3I6Li01BKofiOc5wtlZ2di8HDLshdTQ3jw.woff2 | 142.250.74.163 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/nunito/v26/XRXI3I6Li01BKofiOc5wtlZ2di8HDLshdTQ3jw.woff2 IP142.250.74.163:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 16292, version 1.0 Hashce485a2bdee361bb271bd6d3ce1ee5cd 4f9a446275d160cccd6666addee65f849c9c5a50 923963e0a56b84c4438f2359121e855e147a01a78a2591c471179cfc9bf0e784
GET /s/nunito/v26/XRXI3I6Li01BKofiOc5wtlZ2di8HDLshdTQ3jw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://goo.su
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16292
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 Apr 2024 02:59:27 GMT
expires: Fri, 11 Apr 2025 02:59:27 GMT
cache-control: public, max-age=31536000
age: 573481
last-modified: Thu, 14 Sep 2023 00:41:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| | 172.67.139.105 | 301 Moved Permanently | 91 kB |
URL User Request GET HTTP/1.1IP172.67.139.105:80
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (1125) Hasha0ccede71b34b3cbe78f3a61cb640538 4903b663a33d4ffdb76ed4d7c2e1c840665f8adc d7e157870571d2b2c6fcb708078b658a48e74128d573ccded8820498d6fd12cf
Analyzer | Verdict | Alert | OpenPhish | phishing | Apple Inc. | Quad9 DNS | malicious | Sinkholed |
GET /WgbQkIu HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImkzN2lqWnlpOW1ZL285eUUySGpvQUE9PSIsInZhbHVlIjoiQ2dwYlkwSHZhOTNRaWlLZzc2b0FLdmkwbXFHNXpXUVNkNm4rNGFrV0draU1nVVMxTTRFbERUb1VDZEdQOFU5bzFTdmdhRWFTakdacDZoTnhqcFhGMmdndVVoMTUyNktjYTloNXBqVE1IeGsxb3lkZW52a1dPMkdwdXkwWitMQWkiLCJtYWMiOiI2YWNjNmZlYmNmMGU4NDhkMjE2YmFlMzVkZDI1MGZmNDRhYjFhZThhNDE4OGVmOGZiMTQxZjc4YmZmMzk2NGEzIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6Ik12KzVZQjcya3ByQ2pXb3cvZi8ySEE9PSIsInZhbHVlIjoiRUJSTDlMZy9hWk5wMFB2cyt5NlZ3VUlscXdTMGlFSmJqUDJnUUNGcnF4b011YzZIM2ZucmkrMkV1aXZ1MW1TMnRmTzQ1OWt2bXdLaHRVV3piWUdaWkx4ejM5Y2U1d2ZQQ0d0ekRmSTRiSWNUMjdXaVAzQWttNjhFL0hicjNPUlYiLCJtYWMiOiJhNDY1MDhiZTA3Nzg3MGE0N2ZmOTJiZTg5Nzc5NjkwYmZiYWE1NWY1NjI2MzZiY2NlMmM3NmM4NDIxOWJkOGY3IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
date: Wed, 17 Apr 2024 18:17:27 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/8.2.13
cache-control: no-cache, private
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6IlNtTWRLUVhBaCsyZmF2VmdOWUdWMkE9PSIsInZhbHVlIjoidlNWc29wV0ovWUpPT3JGZ2I4R204Q0s1dSt6WTV1VVAzTjA0ZTBhMmRnQ25TQkw5R1RiZm5JY1h5cEd5cTRpbkpnS1hNeG1BdXEwdWRCT2tzRmhkdnVlSXhBUDJ3VFQ1OGhqOENMejl2ak5aemlSMk5zWmk1Q0YrTlcrdGZIa0MiLCJtYWMiOiI0YWI4YzhiNWQyZjY4MjQ3ODRlZmNkMWFlYzc5YjY1NjIyNzAwYzFiMWVjMDUwNDczMjc5NWJlYWE0ZDY2NWNkIiwidGFnIjoiIn0%3D; expires=Thu, 18 Apr 2024 12:57:27 GMT; Max-Age=67200; path=/; secure; samesite=lax
goosu_session=eyJpdiI6ImwrL2lmdzhTcHhVdUFnL1ExOVUwYXc9PSIsInZhbHVlIjoiTEh5VlViRlVaSEZmamVQTGYrb0FscldXZkZoZzVPNVNWMjVaSzJKQjhJQkNrT2lLYzZTbWY3MHc2cSs4TXJMeXQzS3lMemFLYjY4MjZlVkxOMUoyUzJ1QW9qbUdYcjExcHdWeDdZT3hKRVB0V1dOSDVBR0syUzJuY3loR1RTZXciLCJtYWMiOiIzOGU0ZDQ1MjI5MzA5ZWRmNmNlYWIyN2JmOWQ5NmExN2ZiNjA1NGFiMWQxNzE0YmZkNGEyNTk0OTE5MmY3YTJhIiwidGFnIjoiIn0%3D; expires=Thu, 18 Apr 2024 12:57:27 GMT; Max-Age=67200; path=/; httponly; samesite=lax
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=24OD0QaHLrRw50S154h621yZAYfDkBRhj9M9q%2F1VRoqI%2FFo9mv3W7cF2%2F53RsBRWD5Hn3W8LQtSO8Dm99wLQWtXbrQTFQdBhz9gN%2B1RaunBbF5MgNr%2BFrX4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e697dab44b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| fonts.googleapis.com/css?family=Nunito | 142.250.74.106 | 200 OK | 993 B |
URL GET HTTP/2fonts.googleapis.com/css?family=Nunito IP142.250.74.106:443
CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
File typegzip compressed data, max compression Hash07ebf5da775b0a7d26faf8ce797e351e 05f597bb0a761923f925f7cc6340efad49e07e69 dad634db5fffad1c032cb3ce3ad6070515bea4e11f83a71c8e55db16345a6955
GET /css?family=Nunito HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 17 Apr 2024 18:17:28 GMT
date: Wed, 17 Apr 2024 18:17:28 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| st.top100.ru/top100/3.16.3/usability.js | 81.19.89.17 | 200 OK | 4.4 kB |
URL GET HTTP/2st.top100.ru/top100/3.16.3/usability.js IP81.19.89.17:443 ASN#24638 Rambler Internet Holding LLC
CertificateIssuerGlobalSign nv-sa Subject*.top100.ru Fingerprint67:1D:AC:E1:B4:A0:6A:53:F1:28:8C:9E:68:9F:77:67:A2:55:01:F3 ValidityWed, 14 Feb 2024 08:25:42 GMT - Mon, 17 Mar 2025 08:25:41 GMT
File typegzip compressed data, from Unix Hash51f9cc0d5f0e4fd36a861174f1b068e0 bacbbf14ac73ae68d081dc80887fd7171f3263ac e523f2753e6fd8beed6902b604d0fb57078f52edfa04c3a1524f3d1252783571
GET /top100/3.16.3/usability.js HTTP/1.1
Host: st.top100.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 17 Apr 2024 18:17:28 GMT
content-type: application/javascript
vary: Accept-Encoding
x-obs-request-id: 0000018EED45D4C7B02646237C906C03
etag: W/"c36ada7e993bed0165b7127d977750fa"
last-modified: Thu, 11 Apr 2024 09:09:15 GMT
x-obs-meta-s3cmd-attrs: atime:1712825941/ctime:1712825934/gid:0/gname:root/md5:c36ada7e993bed0165b7127d977750fa/mode:33188/mtime:1712825931/uid:0/uname:root
x-obs-tagging-count: 0
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSlA2MBb+/ge9vH63DWY17FRXycoWCZ8
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
set-cookie: proto_uid=1CIAADgSIGYRb8YqAUjrjwB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/
p3p: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| goo.su/favicon.ico | 172.67.139.105 | 200 OK | 15 kB |
IP172.67.139.105:443
CertificateIssuerGoogle Trust Services LLC Subjectgoo.su FingerprintDE:C6:4D:AF:DC:06:3A:ED:C6:AF:B6:FD:D7:3A:E7:C4:A6:AB:A2:60 ValidityMon, 01 Apr 2024 06:02:27 GMT - Sun, 30 Jun 2024 06:02:26 GMT
File typeMS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel Hashd1aabf7d4d55969e61f11c1fd069bab9 f023ddc6ac59f9a437f31bc97ac5448235063d31 4286c3fed7075e00cbd2b574690e9878d945e42ba92bac2b3464c1a943c2d3c2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/WgbQkIu
Cookie: XSRF-TOKEN=eyJpdiI6IlNtTWRLUVhBaCsyZmF2VmdOWUdWMkE9PSIsInZhbHVlIjoidlNWc29wV0ovWUpPT3JGZ2I4R204Q0s1dSt6WTV1VVAzTjA0ZTBhMmRnQ25TQkw5R1RiZm5JY1h5cEd5cTRpbkpnS1hNeG1BdXEwdWRCT2tzRmhkdnVlSXhBUDJ3VFQ1OGhqOENMejl2ak5aemlSMk5zWmk1Q0YrTlcrdGZIa0MiLCJtYWMiOiI0YWI4YzhiNWQyZjY4MjQ3ODRlZmNkMWFlYzc5YjY1NjIyNzAwYzFiMWVjMDUwNDczMjc5NWJlYWE0ZDY2NWNkIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6ImwrL2lmdzhTcHhVdUFnL1ExOVUwYXc9PSIsInZhbHVlIjoiTEh5VlViRlVaSEZmamVQTGYrb0FscldXZkZoZzVPNVNWMjVaSzJKQjhJQkNrT2lLYzZTbWY3MHc2cSs4TXJMeXQzS3lMemFLYjY4MjZlVkxOMUoyUzJ1QW9qbUdYcjExcHdWeDdZT3hKRVB0V1dOSDVBR0syUzJuY3loR1RTZXciLCJtYWMiOiIzOGU0ZDQ1MjI5MzA5ZWRmNmNlYWIyN2JmOWQ5NmExN2ZiNjA1NGFiMWQxNzE0YmZkNGEyNTk0OTE5MmY3YTJhIiwidGFnIjoiIn0%3D; cf_clearance=ys03MkID4n4HKkYWF4BJotFDAxWn4kydzF1le5CkSMk-1713377848-1.0.1.1-XoCM84UxPbGlhqVehzAt_5NNh5J0cIBy6vQdurGSbia9306aHJa9R7rM0K1s.ti25VR_F3BRJDHmGjfZ5.H3IQ; _ga_CFRSCHBSP6=GS1.1.1713377848.1.0.1713377848.0.0.0; _ga=GA1.1.1074962111.1713377849
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 17 Apr 2024 18:17:28 GMT
content-type: image/x-icon
last-modified: Sun, 24 Dec 2023 16:31:41 GMT
etag: W/"65885ced-3aee"
expires: Wed, 24 Apr 2024 18:17:28 GMT
cache-control: max-age=604800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SXdvt7ojyNCRhV0iv9RG8SFxeYVcjReVYq98rmfkVjrSxKQvzy%2FvsVEsAfTtzuatC%2FjkhnclrZIaW%2F8nwpJpPfwe8gUXWn7yHkOp%2F7%2BYY%2B8%2BGdE0PR1wmdM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875e69820ba8b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| goo.su/cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js | 172.67.139.105 | 200 OK | 7.9 kB |
URL GET HTTP/3goo.su/cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js IP172.67.139.105:443
CertificateIssuerGoogle Trust Services LLC Subjectgoo.su FingerprintDE:C6:4D:AF:DC:06:3A:ED:C6:AF:B6:FD:D7:3A:E7:C4:A6:AB:A2:60 ValidityMon, 01 Apr 2024 06:02:27 GMT - Sun, 30 Jun 2024 06:02:26 GMT
File typeJavaScript source, ASCII text, with very long lines (7854), with no line terminators Hashd10cc70ecad41ab51cdd5c7ee4449981 3a2699bfc85799622b4baea20d30c7b45bf26128 4ef8587fbce2d4f8c5ddfb3f0c53bbf5b1cae2db208989b148400dc530da65ce
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlNtTWRLUVhBaCsyZmF2VmdOWUdWMkE9PSIsInZhbHVlIjoidlNWc29wV0ovWUpPT3JGZ2I4R204Q0s1dSt6WTV1VVAzTjA0ZTBhMmRnQ25TQkw5R1RiZm5JY1h5cEd5cTRpbkpnS1hNeG1BdXEwdWRCT2tzRmhkdnVlSXhBUDJ3VFQ1OGhqOENMejl2ak5aemlSMk5zWmk1Q0YrTlcrdGZIa0MiLCJtYWMiOiI0YWI4YzhiNWQyZjY4MjQ3ODRlZmNkMWFlYzc5YjY1NjIyNzAwYzFiMWVjMDUwNDczMjc5NWJlYWE0ZDY2NWNkIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6ImwrL2lmdzhTcHhVdUFnL1ExOVUwYXc9PSIsInZhbHVlIjoiTEh5VlViRlVaSEZmamVQTGYrb0FscldXZkZoZzVPNVNWMjVaSzJKQjhJQkNrT2lLYzZTbWY3MHc2cSs4TXJMeXQzS3lMemFLYjY4MjZlVkxOMUoyUzJ1QW9qbUdYcjExcHdWeDdZT3hKRVB0V1dOSDVBR0syUzJuY3loR1RTZXciLCJtYWMiOiIzOGU0ZDQ1MjI5MzA5ZWRmNmNlYWIyN2JmOWQ5NmExN2ZiNjA1NGFiMWQxNzE0YmZkNGEyNTk0OTE5MmY3YTJhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 17 Apr 2024 18:17:28 GMT
content-type: application/javascript; charset=UTF-8
content-encoding: br
vary: accept-encoding
x-content-type-options: nosniff
cache-control: max-age=14400, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ln1nfZ2NM3U18NnJiBzzeXxRZm%2B15vIil%2F02BV%2BRBJdKsD4qVNrCQBzE78GF4dasMSKj8jWcZIhTxeVfBbKhyXgLmxnVNAUGAwcd2lOZ8bHTRKqijWgh2xs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e69807853b51e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| www.googletagmanager.com/gtag/js?id=G-CFRSCHBSP6&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 249 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=G-CFRSCHBSP6&l=dataLayer&cx=c IP142.250.74.168:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
File typeJavaScript source, ASCII text, with very long lines (5955) Size249 kB (248749 bytes) Hashac3dab1a32bfa4907ee91709df58d90a b1ffb1cbeb4697ba91108d20d21af07f417210fc e53ffbc27ac64151388ef71e22548fc326fa5258302ae050086b1f3bf76b93e2
GET /gtag/js?id=G-CFRSCHBSP6&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 17 Apr 2024 18:17:28 GMT
expires: Wed, 17 Apr 2024 18:17:28 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 88108
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| st.top100.ru/top100/top100.js | 81.19.89.17 | 200 OK | 129 kB |
URL GET HTTP/2st.top100.ru/top100/top100.js IP81.19.89.17:443 ASN#24638 Rambler Internet Holding LLC
CertificateIssuerGlobalSign nv-sa Subject*.top100.ru Fingerprint67:1D:AC:E1:B4:A0:6A:53:F1:28:8C:9E:68:9F:77:67:A2:55:01:F3 ValidityWed, 14 Feb 2024 08:25:42 GMT - Mon, 17 Mar 2025 08:25:41 GMT
Size129 kB (128948 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /top100/top100.js HTTP/1.1
Host: st.top100.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 17 Apr 2024 18:17:28 GMT
content-type: application/javascript
vary: Accept-Encoding
x-obs-request-id: 0000018EED440574A8047DA63A8EC3FF
etag: W/"b98a11c666d493857a7cc44ed3c02bdf"
last-modified: Thu, 11 Apr 2024 09:09:15 GMT
x-obs-meta-s3cmd-attrs: atime:1712825941/ctime:1712825934/gid:0/gname:root/md5:b98a11c666d493857a7cc44ed3c02bdf/mode:33188/mtime:1712825931/uid:0/uname:root
x-obs-tagging-count: 0
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCTUW+Cn+FT2SvyaaNEJLFFFKEHzFtSuM
expires: Wed, 17 Apr 2024 19:17:28 GMT
cache-control: max-age=3600
set-cookie: proto_uid=1CIAADgSIGYRb8YqAR/rjwB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/
p3p: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| goo.su/cdn-cgi/challenge-platform/h/g/jsd/r/875e697dab44b51e | 172.67.139.105 | 200 OK | 0 B |
URL POST HTTP/3goo.su/cdn-cgi/challenge-platform/h/g/jsd/r/875e697dab44b51e IP172.67.139.105:443
CertificateIssuerGoogle Trust Services LLC Subjectgoo.su FingerprintDE:C6:4D:AF:DC:06:3A:ED:C6:AF:B6:FD:D7:3A:E7:C4:A6:AB:A2:60 ValidityMon, 01 Apr 2024 06:02:27 GMT - Sun, 30 Jun 2024 06:02:26 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/jsd/r/875e697dab44b51e HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12136
Origin: https://goo.su
DNT: 1
Connection: keep-alive
Referer: https://goo.su/WgbQkIu
Cookie: XSRF-TOKEN=eyJpdiI6IlNtTWRLUVhBaCsyZmF2VmdOWUdWMkE9PSIsInZhbHVlIjoidlNWc29wV0ovWUpPT3JGZ2I4R204Q0s1dSt6WTV1VVAzTjA0ZTBhMmRnQ25TQkw5R1RiZm5JY1h5cEd5cTRpbkpnS1hNeG1BdXEwdWRCT2tzRmhkdnVlSXhBUDJ3VFQ1OGhqOENMejl2ak5aemlSMk5zWmk1Q0YrTlcrdGZIa0MiLCJtYWMiOiI0YWI4YzhiNWQyZjY4MjQ3ODRlZmNkMWFlYzc5YjY1NjIyNzAwYzFiMWVjMDUwNDczMjc5NWJlYWE0ZDY2NWNkIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6ImwrL2lmdzhTcHhVdUFnL1ExOVUwYXc9PSIsInZhbHVlIjoiTEh5VlViRlVaSEZmamVQTGYrb0FscldXZkZoZzVPNVNWMjVaSzJKQjhJQkNrT2lLYzZTbWY3MHc2cSs4TXJMeXQzS3lMemFLYjY4MjZlVkxOMUoyUzJ1QW9qbUdYcjExcHdWeDdZT3hKRVB0V1dOSDVBR0syUzJuY3loR1RTZXciLCJtYWMiOiIzOGU0ZDQ1MjI5MzA5ZWRmNmNlYWIyN2JmOWQ5NmExN2ZiNjA1NGFiMWQxNzE0YmZkNGEyNTk0OTE5MmY3YTJhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 17 Apr 2024 18:17:28 GMT
content-type: text/plain; charset=UTF-8
set-cookie: cf_clearance=ys03MkID4n4HKkYWF4BJotFDAxWn4kydzF1le5CkSMk-1713377848-1.0.1.1-XoCM84UxPbGlhqVehzAt_5NNh5J0cIBy6vQdurGSbia9306aHJa9R7rM0K1s.ti25VR_F3BRJDHmGjfZ5.H3IQ; path=/; expires=Thu, 17-Apr-25 18:17:28 GMT; domain=.goo.su; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cRbB%2BVXHxObC5UDm82JAd27C%2Fv0TqMXR9qp4EeQWmxmEHGSaidqEx%2BWkBdEmzwsVi3yrxnkLMq14mYUFIvzmNwX4l6QsYsNDOotbua%2BSbzpEke7EEVGNcWo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e698159e3b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|