| goo.su/L8XL | 104.21.38.221 | | 42 kB |
IP104.21.38.221:0
File typeHTML document, Unicode text, UTF-8 text, with very long lines (7391) Hashfd84fb13efcf7d76c3cf92bd959f884b ff16c61609bd0d590e577a7ba2e4e086d9f1884d 53b2410c317385907f27401f59b96a4d6759a5f7779098337fad9e61c61175ea
Analyzer | Verdict | Alert | OpenPhish | phishing | Apple Inc. | Quad9 DNS | malicious | Sinkholed |
GET /L8XL HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 17 Apr 2024 03:55:21 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/8.2.13
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6IkN6dWZaZVZ1NG9VaTF1M0JpbUc0N3c9PSIsInZhbHVlIjoiQ3VMczFxMjB0S09LdU1Md1BycE9LRXhCZDltRFluNXQ2d2p1TEpRMmRiUkZ3NUFaUm15YUowNXRTWVhEOFNRVU9HMkNhbTg5UmJuL3gyMXppSEZGUEdLeUwvVEEzcEo0UnoreVNaWVdjeFRsMU1VcVBPMnZDcFhRVlVWejFOdnoiLCJtYWMiOiI3Y2ExNGZiYTVmODcxMzg4OTIwZGQ4N2I1NjBmNmYyZjhmNzZmODk2MDM4OWZlYzM4OTIyYzczNzlmZDZkM2VhIiwidGFnIjoiIn0%3D; expires=Wed, 17 Apr 2024 22:35:21 GMT; Max-Age=67200; path=/; secure; samesite=lax
goosu_session=eyJpdiI6Ik50YksyODJ5Q2tQYU9MT3RENkl0d3c9PSIsInZhbHVlIjoiVEJ6REpyMHRwYXlSWmNUUCtwdnhhcXF3L1ZIQXE5blQzVjY4cE10ajl3MWQyT2FaUHJBbkEwUkx0QlBYbXNLU2p3QmJTd0lqQWVlNXROb0h6aUhJY2ZFR29HUitoTkM1SUppbWxoZkxNNSsrTGY3RVBOWHR1bG56OTA2UWwzVHciLCJtYWMiOiI5ZTg2M2Q2M2Q3N2IzNzM3ODcwNWJkOGMzYTc1MzBhNDYwYTdiNTY4ODE1ZWMxNDJiNjk5MzMyOWU1ZTFjNWI4IiwidGFnIjoiIn0%3D; expires=Wed, 17 Apr 2024 22:35:21 GMT; Max-Age=67200; path=/; httponly; samesite=lax
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zz0VLGH5bFUSu05Gnqrpl%2FN%2FueF4Kr8%2FcHYpiD1XtYaLggYj32ze8fqwfnUQS21U3iXMWiY4cRNi0FVFd2CjWvINgLqzu66ma%2B7ihEbAlp%2FCv4J3wnrKUcc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87597aa408405691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| enduresopens.com/ttkXIvunodY/69489 | 23.109.170.73 | | 25 B |
URL enduresopens.com/ttkXIvunodY/69489 IP23.109.170.73:0
File typeASCII text, with no line terminators Hashf7a2939527fd9e68723da600e96d76bd a9e717b6364d2895ee0a716050db32ca0ef1bb42 d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ttkXIvunodY/69489 HTTP/1.1
Host: enduresopens.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 17 Apr 2024 03:55:22 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://goo.su
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Thu, 18-Apr-2024 03:55:22 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Thu, 18-Apr-2024 03:55:22 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| goo.su/cdn-cgi/challenge-platform/scripts/jsd/main.js | 104.21.38.221 | | 0 B |
URL goo.su/cdn-cgi/challenge-platform/scripts/jsd/main.js IP104.21.38.221:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkN6dWZaZVZ1NG9VaTF1M0JpbUc0N3c9PSIsInZhbHVlIjoiQ3VMczFxMjB0S09LdU1Md1BycE9LRXhCZDltRFluNXQ2d2p1TEpRMmRiUkZ3NUFaUm15YUowNXRTWVhEOFNRVU9HMkNhbTg5UmJuL3gyMXppSEZGUEdLeUwvVEEzcEo0UnoreVNaWVdjeFRsMU1VcVBPMnZDcFhRVlVWejFOdnoiLCJtYWMiOiI3Y2ExNGZiYTVmODcxMzg4OTIwZGQ4N2I1NjBmNmYyZjhmNzZmODk2MDM4OWZlYzM4OTIyYzczNzlmZDZkM2VhIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6Ik50YksyODJ5Q2tQYU9MT3RENkl0d3c9PSIsInZhbHVlIjoiVEJ6REpyMHRwYXlSWmNUUCtwdnhhcXF3L1ZIQXE5blQzVjY4cE10ajl3MWQyT2FaUHJBbkEwUkx0QlBYbXNLU2p3QmJTd0lqQWVlNXROb0h6aUhJY2ZFR29HUitoTkM1SUppbWxoZkxNNSsrTGY3RVBOWHR1bG56OTA2UWwzVHciLCJtYWMiOiI5ZTg2M2Q2M2Q3N2IzNzM3ODcwNWJkOGMzYTc1MzBhNDYwYTdiNTY4ODE1ZWMxNDJiNjk5MzMyOWU1ZTFjNWI4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
date: Wed, 17 Apr 2024 03:55:22 GMT
content-length: 0
cache-control: max-age=300, public
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/bcc5fb0a8815/main.js
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kear7RstvoH3EGxvTaQmbkEc55I8khaI1jJ13XlS%2FdZtx%2FzFQ7XzMWfG1FQoslbRd9xMxNqRXE77IegcAYn722bLSUG12%2FWCkfgbE8u%2BaIrMSY0gAftfpNo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87597aa78d627127-OSL
alt-svc: h3=":443"; ma=86400
|
|
| fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 | 216.58.207.227 | | 19 kB |
URL fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 IP216.58.207.227:0
File typeWeb Open Font Format (Version 2), TrueType, length 18668, version 1.0 Hash8655d20bbcc8cdbfab17b6be6cf55df3 90edbfa9a7dabb185487b4774076f82eb6412270 e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6
GET /s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://goo.su
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18668
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 Apr 2024 02:34:50 GMT
expires: Fri, 11 Apr 2025 02:34:50 GMT
cache-control: public, max-age=31536000
age: 523232
last-modified: Thu, 14 Dec 2023 02:00:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 | 216.58.207.227 | | 16 kB |
URL fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP216.58.207.227:0
File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0 Hash15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://goo.su
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 16:27:38 GMT
expires: Wed, 16 Apr 2025 16:27:38 GMT
cache-control: public, max-age=31536000
age: 41264
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| rtb.pushdom.co/pb/st?sctp=content-locker&m=ht&pid=883146&sid=330256&dm=goo.su&c1=https&c2=1&c3=https://rtb.pushdom.co/pb/st | 109.200.209.144 | | 0 B |
URL rtb.pushdom.co/pb/st?sctp=content-locker&m=ht&pid=883146&sid=330256&dm=goo.su&c1=https&c2=1&c3=https://rtb.pushdom.co/pb/st IP109.200.209.144:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pb/st?sctp=content-locker&m=ht&pid=883146&sid=330256&dm=goo.su&c1=https&c2=1&c3=https://rtb.pushdom.co/pb/st HTTP/1.1
Host: rtb.pushdom.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: openresty/1.21.4.1
date: Wed, 17 Apr 2024 03:55:22 GMT
content-type: text/html;charset=UTF-8
content-length: 0
X-Firefox-Spdy: h2
|
|
| goo.su/img/favicons/apple-touch-icon.png | 104.21.38.221 | | 11 kB |
URL goo.su/img/favicons/apple-touch-icon.png IP104.21.38.221:0
File typePNG image data, 180 x 180, 8-bit/color RGB, non-interlaced Hashdc1648f034a8879145ce2db071bdc305 28dfdc4f3f97f00e54528685427a83974cb04a81 7c51dc3139a5a8a07e00884f6558ed62511359803bcb4123668b8e0ccab896c7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/favicons/apple-touch-icon.png HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/L8XL
Cookie: XSRF-TOKEN=eyJpdiI6IkN6dWZaZVZ1NG9VaTF1M0JpbUc0N3c9PSIsInZhbHVlIjoiQ3VMczFxMjB0S09LdU1Md1BycE9LRXhCZDltRFluNXQ2d2p1TEpRMmRiUkZ3NUFaUm15YUowNXRTWVhEOFNRVU9HMkNhbTg5UmJuL3gyMXppSEZGUEdLeUwvVEEzcEo0UnoreVNaWVdjeFRsMU1VcVBPMnZDcFhRVlVWejFOdnoiLCJtYWMiOiI3Y2ExNGZiYTVmODcxMzg4OTIwZGQ4N2I1NjBmNmYyZjhmNzZmODk2MDM4OWZlYzM4OTIyYzczNzlmZDZkM2VhIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6Ik50YksyODJ5Q2tQYU9MT3RENkl0d3c9PSIsInZhbHVlIjoiVEJ6REpyMHRwYXlSWmNUUCtwdnhhcXF3L1ZIQXE5blQzVjY4cE10ajl3MWQyT2FaUHJBbkEwUkx0QlBYbXNLU2p3QmJTd0lqQWVlNXROb0h6aUhJY2ZFR29HUitoTkM1SUppbWxoZkxNNSsrTGY3RVBOWHR1bG56OTA2UWwzVHciLCJtYWMiOiI5ZTg2M2Q2M2Q3N2IzNzM3ODcwNWJkOGMzYTc1MzBhNDYwYTdiNTY4ODE1ZWMxNDJiNjk5MzMyOWU1ZTFjNWI4IiwidGFnIjoiIn0%3D; cf_clearance=DZcCDC4jr_GXgnu.GjLD87ElXmsWXS2BDNOJb4dyyPw-1713326122-1.0.1.1-yLZU.Jzbr.Q2bub9ugUDfnJlcxN1qreJP_yl3ZlQ_7pAdtOX6kNwcau.Lw8dU8dmBFkYorcvXEMgp0ce4Ud6jw; adtech_uid=628f064a-db53-43b4-aec3-c6145ae9bd43%3Agoo.su; top100_id=t1.6673155.984456002.1713326122442; t3_sid_6673155=s1.520442113.1713326122444.1713326122444.1.1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 03:55:22 GMT
content-type: image/png
content-length: 10926
last-modified: Sun, 24 Dec 2023 16:31:41 GMT
etag: "65885ced-2aae"
expires: Fri, 19 Apr 2024 14:06:25 GMT
cache-control: max-age=604800
cf-cache-status: HIT
age: 395337
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=en%2Bq8pRMaJcL8lhj%2FZkcaDDXQQ2M%2FSynXk3JnONk2pL4xQX9IkRgOVaNeqAHZeSykm78Sat3Rp4V2MlakGe41xbuTZVhNF%2F0mrt11ltZF%2FDGHro3FF1WYzc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87597aaa5e847127-OSL
alt-svc: h3=":443"; ma=86400
|
|
| goo.su/img/favicons/favicon-16x16.png | 104.21.38.221 | | 1.6 kB |
URL goo.su/img/favicons/favicon-16x16.png IP104.21.38.221:0
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hash2b201347b6d90e0ad2bbad3be209db73 ae5de3e7f779cf33aefd5dc738f2126633bb7824 df0a5932ec719656fd8f147bcc0c14312e53e52c2df13f5f815d72833de9c852
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/favicons/favicon-16x16.png HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/L8XL
Cookie: XSRF-TOKEN=eyJpdiI6IkN6dWZaZVZ1NG9VaTF1M0JpbUc0N3c9PSIsInZhbHVlIjoiQ3VMczFxMjB0S09LdU1Md1BycE9LRXhCZDltRFluNXQ2d2p1TEpRMmRiUkZ3NUFaUm15YUowNXRTWVhEOFNRVU9HMkNhbTg5UmJuL3gyMXppSEZGUEdLeUwvVEEzcEo0UnoreVNaWVdjeFRsMU1VcVBPMnZDcFhRVlVWejFOdnoiLCJtYWMiOiI3Y2ExNGZiYTVmODcxMzg4OTIwZGQ4N2I1NjBmNmYyZjhmNzZmODk2MDM4OWZlYzM4OTIyYzczNzlmZDZkM2VhIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6Ik50YksyODJ5Q2tQYU9MT3RENkl0d3c9PSIsInZhbHVlIjoiVEJ6REpyMHRwYXlSWmNUUCtwdnhhcXF3L1ZIQXE5blQzVjY4cE10ajl3MWQyT2FaUHJBbkEwUkx0QlBYbXNLU2p3QmJTd0lqQWVlNXROb0h6aUhJY2ZFR29HUitoTkM1SUppbWxoZkxNNSsrTGY3RVBOWHR1bG56OTA2UWwzVHciLCJtYWMiOiI5ZTg2M2Q2M2Q3N2IzNzM3ODcwNWJkOGMzYTc1MzBhNDYwYTdiNTY4ODE1ZWMxNDJiNjk5MzMyOWU1ZTFjNWI4IiwidGFnIjoiIn0%3D; cf_clearance=DZcCDC4jr_GXgnu.GjLD87ElXmsWXS2BDNOJb4dyyPw-1713326122-1.0.1.1-yLZU.Jzbr.Q2bub9ugUDfnJlcxN1qreJP_yl3ZlQ_7pAdtOX6kNwcau.Lw8dU8dmBFkYorcvXEMgp0ce4Ud6jw; adtech_uid=628f064a-db53-43b4-aec3-c6145ae9bd43%3Agoo.su; top100_id=t1.6673155.984456002.1713326122442; t3_sid_6673155=s1.520442113.1713326122444.1713326122444.1.1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 03:55:22 GMT
content-type: image/png
content-length: 1567
last-modified: Sun, 24 Dec 2023 16:31:41 GMT
etag: "65885ced-61f"
expires: Tue, 23 Apr 2024 17:48:03 GMT
cache-control: max-age=604800
cf-cache-status: HIT
age: 36439
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TTFDxl8ZQJyGNst%2BmngWFursUckZKMhQaSL2JFJ%2B1DgMBRp2wADrQeZ0cFENQ5ZtfpwcK9%2FZttSBx20SRdLt7SFC8X6J2diZfaV2eHk7rPxFXkKkW1iR1Us%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87597aaa5e867127-OSL
alt-svc: h3=":443"; ma=86400
|
|
| goo.su/cdn-cgi/challenge-platform/h/b/jsd/r/87597aa408405691 | 104.21.38.221 | | 1 B |
URL goo.su/cdn-cgi/challenge-platform/h/b/jsd/r/87597aa408405691 IP104.21.38.221:0
File typevery short file (no magic) Hasheccbc87e4b5ce2fe28308fd9f2a7baf3 77de68daecd823babbb58edb1c8e14d7106e83bb 4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/jsd/r/87597aa408405691 HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12133
Origin: https://goo.su
DNT: 1
Connection: keep-alive
Referer: https://goo.su/L8XL
Cookie: XSRF-TOKEN=eyJpdiI6IkN6dWZaZVZ1NG9VaTF1M0JpbUc0N3c9PSIsInZhbHVlIjoiQ3VMczFxMjB0S09LdU1Md1BycE9LRXhCZDltRFluNXQ2d2p1TEpRMmRiUkZ3NUFaUm15YUowNXRTWVhEOFNRVU9HMkNhbTg5UmJuL3gyMXppSEZGUEdLeUwvVEEzcEo0UnoreVNaWVdjeFRsMU1VcVBPMnZDcFhRVlVWejFOdnoiLCJtYWMiOiI3Y2ExNGZiYTVmODcxMzg4OTIwZGQ4N2I1NjBmNmYyZjhmNzZmODk2MDM4OWZlYzM4OTIyYzczNzlmZDZkM2VhIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6Ik50YksyODJ5Q2tQYU9MT3RENkl0d3c9PSIsInZhbHVlIjoiVEJ6REpyMHRwYXlSWmNUUCtwdnhhcXF3L1ZIQXE5blQzVjY4cE10ajl3MWQyT2FaUHJBbkEwUkx0QlBYbXNLU2p3QmJTd0lqQWVlNXROb0h6aUhJY2ZFR29HUitoTkM1SUppbWxoZkxNNSsrTGY3RVBOWHR1bG56OTA2UWwzVHciLCJtYWMiOiI5ZTg2M2Q2M2Q3N2IzNzM3ODcwNWJkOGMzYTc1MzBhNDYwYTdiNTY4ODE1ZWMxNDJiNjk5MzMyOWU1ZTFjNWI4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 03:55:22 GMT
content-type: text/plain; charset=UTF-8
set-cookie: cf_clearance=DZcCDC4jr_GXgnu.GjLD87ElXmsWXS2BDNOJb4dyyPw-1713326122-1.0.1.1-yLZU.Jzbr.Q2bub9ugUDfnJlcxN1qreJP_yl3ZlQ_7pAdtOX6kNwcau.Lw8dU8dmBFkYorcvXEMgp0ce4Ud6jw; path=/; expires=Thu, 17-Apr-25 03:55:22 GMT; domain=.goo.su; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BwLU2Buzy%2FYS4UHv67F7edzi88pcMb4fq%2FDIlw0S5vWF4w7dkkcUNH2n57NJ%2FZeyDIKthUsPTlp7sR7yxe%2Bavx2v3qR%2FE8ODZbxe7QDZIwDPQkaXUzmnI2k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87597aa8ddf07127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 1.azwee.click/en/ | 199.21.149.68 | | 520 B |
IP199.21.149.68:0
File typeHTML document, ASCII text Hashfb8b9d9bf56c5251a14ad8cf217df902 87852731aa55f66ce221f4d2379712c341f7bf00 3074a00c33a6892ee549ced168872d8ffb9c78fe10f47cea0921aed8ac60d6ee
Analyzer | Verdict | Alert | OpenPhish | phishing | Apple Inc. |
GET /en/ HTTP/1.1
Host: 1.azwee.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/html
Date: Wed, 17 Apr 2024 03:55:30 GMT
Server: Kestrel
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "1d9fe46cfb43625"
Last-Modified: Sat, 14 Oct 2023 02:33:27 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Rate-Limit-Limit: 24h
X-Rate-Limit-Remaining: 1806
X-Rate-Limit-Reset: 2024-04-17T04:02:49.0114664Z
|
|
| | 199.21.149.68 | | 520 B |
IP199.21.149.68:0
File typeHTML document, ASCII text Hashfb8b9d9bf56c5251a14ad8cf217df902 87852731aa55f66ce221f4d2379712c341f7bf00 3074a00c33a6892ee549ced168872d8ffb9c78fe10f47cea0921aed8ac60d6ee
Analyzer | Verdict | Alert | OpenPhish | phishing | Apple Inc. |
GET /en/main HTTP/1.1
Host: 1.azwee.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/html
Date: Wed, 17 Apr 2024 03:55:30 GMT
Server: Kestrel
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "1d9fe46cfb43625"
Last-Modified: Sat, 14 Oct 2023 02:33:27 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Rate-Limit-Limit: 24h
X-Rate-Limit-Remaining: 1805
X-Rate-Limit-Reset: 2024-04-17T04:02:49.0114664Z
|
|
| richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33 | 5.200.15.240 | | 50 kB |
URL richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33 IP5.200.15.240:0
File typegzip compressed data, from Unix Hashedfa69f4026054b6deed79581eb68045 95a9743658180a3fa822ebab89b9acb881ce2d0c fcd23f57bfe3f5cbdf9ef57ea7a9b0c2cce57ca28d6bd2fbdc86ccea1ffc05af
GET /richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33 HTTP/1.1
Host: richinfo.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: openresty/1.21.4.1
date: Wed, 17 Apr 2024 03:55:21 GMT
content-type: application/x-javascript
x-amz-id-2: 8R0pp65URcF/JnE/R568ObICK5ekIPb0UkHBSQ/zH1BnwsfnxGIa3fOkCA78pRRdYt7TTpRn/8Q=
x-amz-request-id: WTREWZHPGW816MS5
last-modified: Wed, 10 Apr 2024 13:16:50 GMT
etag: W/"48e0c66e13f063ffe401a275add23665"
x-amz-server-side-encryption: AES256
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1.azwee.click/en/assets/card.css | 199.21.149.68 | 200 OK | 5.0 kB |
URL GET HTTP/1.11.azwee.click/en/assets/card.css IP199.21.149.68:80
Requested byhttp://1.azwee.click/en/main
File typeUnicode text, UTF-8 text, with very long lines (27071) Hash8c10638062fc10e7800b5f041d66cbe1 94a8f282dc29814af277016d8741fc857b49304d 96712b90b0eb91764af520996a42c0bff93e823e5e825e2544d1ef4723d625d3
GET /en/assets/card.css HTTP/1.1
Host: 1.azwee.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.azwee.click/en/main
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Date: Wed, 17 Apr 2024 03:55:30 GMT
Server: Kestrel
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "1d7d7f36c04bfc4"
Last-Modified: Fri, 12 Nov 2021 18:30:52 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
|
|
| 1.azwee.click/en/assets/card.js | 199.21.149.68 | 200 OK | 16 kB |
URL GET HTTP/1.11.azwee.click/en/assets/card.js IP199.21.149.68:80
Requested byhttp://1.azwee.click/en/main
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (51786) Hash7aa76d18dd3e3598ac9561adf01f3882 26d9fcdd2b6bee0b3f1b96b015f3703b5fbd49e0 6d5516bbbebba2d51878f1e791b642f3b2944270b8e84770f15a16376b202213
GET /en/assets/card.js HTTP/1.1
Host: 1.azwee.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.azwee.click/en/main
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/javascript
Date: Wed, 17 Apr 2024 03:55:30 GMT
Server: Kestrel
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "1d7d7f3614aa44b"
Last-Modified: Fri, 12 Nov 2021 18:30:34 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
|
|
| 1.azwee.click/en/runtime.9b214d14fa4ea25c94c0.js | 199.21.149.68 | 200 OK | 1.2 kB |
URL GET HTTP/1.11.azwee.click/en/runtime.9b214d14fa4ea25c94c0.js IP199.21.149.68:80
Requested byhttp://1.azwee.click/en/main
File typeJavaScript source, ASCII text, with very long lines (2278), with no line terminators Hash4ac3e6290ad24ac46b8a1970a7efb266 6f792827e5974b69c7c9a87e81f33b5ef670bff3 94f516b9d49d3b5ecf42fba742d930a0224275eedb9d19b4c33644dc8c2a3c26
GET /en/runtime.9b214d14fa4ea25c94c0.js HTTP/1.1
Host: 1.azwee.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.azwee.click/en/main
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/javascript
Date: Wed, 17 Apr 2024 03:55:30 GMT
Server: Kestrel
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "1d9fe46cdea7ae6"
Last-Modified: Sat, 14 Oct 2023 02:33:24 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
|
|
| 1.azwee.click/en/styles.2b2408b28c6b13bb450e.css | 199.21.149.68 | 200 OK | 28 kB |
URL GET HTTP/1.11.azwee.click/en/styles.2b2408b28c6b13bb450e.css IP199.21.149.68:80
Requested byhttp://1.azwee.click/en/main
File typeASCII text, with very long lines (65536), with no line terminators Hashc739cee2deb86082090e380beec5b7a0 f54b118cf0b048e09c70ad1ecf661a21b1a47406 0697729b655b3fadc015ce16eecd8cbd3b48a9e34e3c2a3e8b6ad0f8053887d2
GET /en/styles.2b2408b28c6b13bb450e.css HTTP/1.1
Host: 1.azwee.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.azwee.click/en/main
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Date: Wed, 17 Apr 2024 03:55:30 GMT
Server: Kestrel
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "1d9fe46cde87d4f"
Last-Modified: Sat, 14 Oct 2023 02:33:24 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
|
|
| 1.azwee.click/en/polyfills.649ac95cc0f663eb2ea5.js | 199.21.149.68 | 200 OK | 17 kB |
URL GET HTTP/1.11.azwee.click/en/polyfills.649ac95cc0f663eb2ea5.js IP199.21.149.68:80
Requested byhttp://1.azwee.click/en/main
File typeJavaScript source, ASCII text, with very long lines (45945), with no line terminators Hash4794c42590c7158a1a334801f7068376 63e0e06b459566123ab988af6258369ba5b181dd 073c634b2120ecfe1b6b98e45f44d807088bd437e757eb3b049867a615e6a49d
GET /en/polyfills.649ac95cc0f663eb2ea5.js HTTP/1.1
Host: 1.azwee.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.azwee.click/en/main
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/javascript
Date: Wed, 17 Apr 2024 03:55:30 GMT
Server: Kestrel
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "1d9fe46cdeac179"
Last-Modified: Sat, 14 Oct 2023 02:33:24 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
|
|
| 1.azwee.click/en/main.cb307f485390a6a94066.js | 199.21.149.68 | 200 OK | 243 kB |
URL GET HTTP/1.11.azwee.click/en/main.cb307f485390a6a94066.js IP199.21.149.68:80
Requested byhttp://1.azwee.click/en/main
File typeJavaScript source, ASCII text, with very long lines (63865) Size243 kB (242917 bytes) Hashbc44d3824775061c25f8df88d786c3e2 111302049dc6c747ff1c06e4f71b4633c0dec9da 8e89674e3a2a98869f629ec69abaf2dc5f499b53a3ee1016c6e3fbd36ad6a4be
GET /en/main.cb307f485390a6a94066.js HTTP/1.1
Host: 1.azwee.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.azwee.click/en/main
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/javascript
Date: Wed, 17 Apr 2024 03:55:30 GMT
Server: Kestrel
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "1d9fe46cf17512f"
Last-Modified: Sat, 14 Oct 2023 02:33:26 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
|
|
| 1.azwee.click/en/assets/menu.png | 199.21.149.68 | 200 OK | 687 B |
URL GET HTTP/1.11.azwee.click/en/assets/menu.png IP199.21.149.68:80
Requested byhttp://1.azwee.click/en/main
File typePNG image data, 49 x 48, 8-bit/color RGBA, non-interlaced Hashda0b0fdd44746082b7f978a5f70f0e78 69a6755ecad7defee0b3de296d1352dae7cae626 00543da96852706a4d679197d06a00385869a5ce868c2687e7ab23a5f83fe4e4
GET /en/assets/menu.png HTTP/1.1
Host: 1.azwee.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.azwee.click/en/main
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 687
Content-Type: image/png
Date: Wed, 17 Apr 2024 03:55:31 GMT
Server: Kestrel
Accept-Ranges: bytes
ETag: "1d9ab7df8593f2f"
Last-Modified: Fri, 30 Jun 2023 18:09:11 GMT
|
|
| 1.azwee.click/en/assets/logo.png | 199.21.149.68 | 200 OK | 34 kB |
URL GET HTTP/1.11.azwee.click/en/assets/logo.png IP199.21.149.68:80
Requested byhttp://1.azwee.click/en/main
File typePNG image data, 720 x 721, 8-bit colormap, non-interlaced Hash4852c60ddb8653928e43fa9d24b911b3 e037ce421215511dbce720d6f6503e8fa9b8ea9d 07126b04b6559c56df43d120f4c5487f1ca9e335428b3d82c2d2d24459990561
GET /en/assets/logo.png HTTP/1.1
Host: 1.azwee.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.azwee.click/en/main
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 34355
Content-Type: image/png
Date: Wed, 17 Apr 2024 03:55:31 GMT
Server: Kestrel
Accept-Ranges: bytes
ETag: "1d9ab83779dc633"
Last-Modified: Fri, 30 Jun 2023 18:48:32 GMT
|
|
| 1.azwee.click/en/assets/jt.png | 199.21.149.68 | 200 OK | 4.1 kB |
URL GET HTTP/1.11.azwee.click/en/assets/jt.png IP199.21.149.68:80
Requested byhttp://1.azwee.click/en/main
File typePNG image data, 126 x 126, 8-bit/color RGBA, non-interlaced Hasha64f3508282fa585f502c7283cfc853a c266d5102a4fd1d5d9980799a51a345390b5d533 ff3323d9098ef10b0d36ef5c9219481d03afb2d307a5144a6ff3f509b31110f4
GET /en/assets/jt.png HTTP/1.1
Host: 1.azwee.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.azwee.click/en/main
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 4129
Content-Type: image/png
Date: Wed, 17 Apr 2024 03:55:31 GMT
Server: Kestrel
Accept-Ranges: bytes
ETag: "1d5318f817f9521"
Last-Modified: Wed, 03 Jul 2019 11:07:30 GMT
|
|
| 1.azwee.click/en/apple.f843c50675ae358ea181.svg | 199.21.149.68 | 200 OK | 1.5 kB |
URL GET HTTP/1.11.azwee.click/en/apple.f843c50675ae358ea181.svg IP199.21.149.68:80
Requested byhttp://1.azwee.click/en/main
File typeSVG Scalable Vector Graphics image Hash26cbb4bfb27dd56b0ed09a961f28145b b8e84ed32f81f41251c815e0132fed0fba3489f1 c21d714e92269a3dcf05c24db9aec96171671d0dcd59b867c2acb953d3cb551a
GET /en/apple.f843c50675ae358ea181.svg HTTP/1.1
Host: 1.azwee.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.azwee.click/en/main
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 1484
Content-Type: image/svg+xml
Date: Wed, 17 Apr 2024 03:55:31 GMT
Server: Kestrel
Accept-Ranges: bytes
ETag: "1d9fe46cdea77cc"
Last-Modified: Sat, 14 Oct 2023 02:33:24 GMT
|
|
| 1.azwee.click/en/image_small.1771014580291c90faaa.svg | 199.21.149.68 | 200 OK | 898 B |
URL GET HTTP/1.11.azwee.click/en/image_small.1771014580291c90faaa.svg IP199.21.149.68:80
Requested byhttp://1.azwee.click/en/main
File typeSVG Scalable Vector Graphics image Hash4dc220ff2f9395c2cd7c34de8776a6e7 9dfcb00873e24be99f2965c6447e393b71cd6fc1 c18d99c87523f8ef73e5dc2e86aa5917da37e5564a7f591cb43bc32049f76d88
GET /en/image_small.1771014580291c90faaa.svg HTTP/1.1
Host: 1.azwee.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.azwee.click/en/main
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 898
Content-Type: image/svg+xml
Date: Wed, 17 Apr 2024 03:55:31 GMT
Server: Kestrel
Accept-Ranges: bytes
ETag: "1d9fe46cdea7182"
Last-Modified: Sat, 14 Oct 2023 02:33:24 GMT
|
|
| 1.azwee.click/en/favicon.ico | 199.21.149.68 | 200 OK | 22 kB |
URL GET HTTP/1.11.azwee.click/en/favicon.ico IP199.21.149.68:80
Requested byhttp://1.azwee.click/en/main
File typeMS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel Hash891e510219786f543ca998282ed99f45 19fe2ff6a2418bcb44b02308b998cef84199ee08 e4bdf72e2f803f7e19907c12f407ac7f7cd5f1f94bfd730b9be24b0d49191b48
GET /en/favicon.ico HTTP/1.1
Host: 1.azwee.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.azwee.click/en/main
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 22382
Content-Type: image/x-icon
Date: Wed, 17 Apr 2024 03:55:31 GMT
Server: Kestrel
Accept-Ranges: bytes
ETag: "1d71ee1f8b7af6e"
Last-Modified: Mon, 22 Mar 2021 06:09:52 GMT
|
|
| goo.su/cdn-cgi/challenge-platform/h/b/scripts/jsd/bcc5fb0a8815/main.js | 104.21.38.221 | | 7.8 kB |
URL goo.su/cdn-cgi/challenge-platform/h/b/scripts/jsd/bcc5fb0a8815/main.js IP104.21.38.221:0
File typeJavaScript source, ASCII text, with very long lines (7954), with no line terminators Hash58c69bbaa54f4453a4a1f955cb032ef2 920b67d685a9bbe963061dcba7dc85ce5d4bd0ab b3920e2680f29aade432d4676de85fbc8ad3d730d686e30543ab9d654f3d622d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/bcc5fb0a8815/main.js HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkN6dWZaZVZ1NG9VaTF1M0JpbUc0N3c9PSIsInZhbHVlIjoiQ3VMczFxMjB0S09LdU1Md1BycE9LRXhCZDltRFluNXQ2d2p1TEpRMmRiUkZ3NUFaUm15YUowNXRTWVhEOFNRVU9HMkNhbTg5UmJuL3gyMXppSEZGUEdLeUwvVEEzcEo0UnoreVNaWVdjeFRsMU1VcVBPMnZDcFhRVlVWejFOdnoiLCJtYWMiOiI3Y2ExNGZiYTVmODcxMzg4OTIwZGQ4N2I1NjBmNmYyZjhmNzZmODk2MDM4OWZlYzM4OTIyYzczNzlmZDZkM2VhIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6Ik50YksyODJ5Q2tQYU9MT3RENkl0d3c9PSIsInZhbHVlIjoiVEJ6REpyMHRwYXlSWmNUUCtwdnhhcXF3L1ZIQXE5blQzVjY4cE10ajl3MWQyT2FaUHJBbkEwUkx0QlBYbXNLU2p3QmJTd0lqQWVlNXROb0h6aUhJY2ZFR29HUitoTkM1SUppbWxoZkxNNSsrTGY3RVBOWHR1bG56OTA2UWwzVHciLCJtYWMiOiI5ZTg2M2Q2M2Q3N2IzNzM3ODcwNWJkOGMzYTc1MzBhNDYwYTdiNTY4ODE1ZWMxNDJiNjk5MzMyOWU1ZTFjNWI4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 03:55:22 GMT
content-type: application/javascript; charset=UTF-8
content-encoding: br
vary: accept-encoding
cache-control: max-age=14400, public
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GchaGJHTk7ZXB%2FlHiov9ptcwEP2UyxT2t0L8aZByWmm44DNEwLgUiepsId0RNjDrg2lf1w2ZH6%2BIKyjo1WY9ySHoavBSY4xOPicaMk9ViVQvCAQt4mshexY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87597aa79d697127-OSL
alt-svc: h3=":443"; ma=86400
|
|