Report - goo.su/L8XL

Report Overview

Submitted URL
goo.su/L8XL
IP
104.21.38.221
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-17 03:55:47
Access
public
Website Title
Manage your Apple ID - Apple
Final URL
1.azwee.click/en/main
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
goo.su	377451	2019-06-14	2017-05-12	2024-04-14	7.0 kB	67 kB	104.21.38.221
enduresopens.com	unknown	2023-08-31	2023-08-31	2024-03-26	399 B	1.5 kB	23.109.170.73
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-16	1.1 kB	36 kB	216.58.207.227
rtb.pushdom.co	244282	2018-12-28	2019-01-08	2024-04-17	509 B	158 B	109.200.209.144
1.azwee.click	unknown	2024-01-09	2024-04-14	2024-04-16	4.9 kB	379 kB	199.21.149.68
richinfo.co	285236	2019-06-20	2019-06-26	2024-04-14	445 B	50 kB	5.200.15.240

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-16	medium	goo.su/L8XL	Apple Inc.
2024-04-15	medium	1.azwee.click/en/	Apple Inc.
2024-04-15	medium	1.azwee.click/en/main	Apple Inc.

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-17	medium	goo.su	Sinkholed
2024-04-17	medium	enduresopens.com	Sinkholed
2024-04-17	medium	goo.su	Sinkholed
2024-04-17	medium	goo.su	Sinkholed
2024-04-17	medium	goo.su	Sinkholed
2024-04-17	medium	goo.su	Sinkholed
2024-04-17	medium	goo.su	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	1.azwee.click/en/runtime.9b214d14fa4ea25c94c0.js	2.3 kB	2024-03-27	2024-04-29
Pretty URL 1.azwee.click/en/runtime.9b214d14fa4ea25c94c0.js IP 199.21.149.68 ASN #7040 NETMINDERS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-27 17:58:11 Last Seen2024-04-29 07:13:35 Times Seen306 Hash 4ac3e6290ad24ac46b8a1970a7efb266 6f792827e5974b69c7c9a87e81f33b5ef670bff3 94f516b9d49d3b5ecf42fba742d930a0224275eedb9d19b4c33644dc8c2a3c26 Loading...

	1.azwee.click/en/polyfills.649ac95cc0f663eb2ea5.js	46 kB	2024-03-27	2024-04-29
Pretty URL 1.azwee.click/en/polyfills.649ac95cc0f663eb2ea5.js IP 199.21.149.68 ASN #7040 NETMINDERS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-27 17:58:12 Last Seen2024-04-29 08:04:23 Times Seen426 Hash 4794c42590c7158a1a334801f7068376 63e0e06b459566123ab988af6258369ba5b181dd 073c634b2120ecfe1b6b98e45f44d807088bd437e757eb3b049867a615e6a49d Loading...

	1.azwee.click/en/main.cb307f485390a6a94066.js	839 kB	2024-03-27	2024-04-29
Pretty URL 1.azwee.click/en/main.cb307f485390a6a94066.js IP 199.21.149.68 ASN #7040 NETMINDERS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-27 17:58:12 Last Seen2024-04-29 07:13:35 Times Seen306 Hash bc44d3824775061c25f8df88d786c3e2 111302049dc6c747ff1c06e4f71b4633c0dec9da 8e89674e3a2a98869f629ec69abaf2dc5f499b53a3ee1016c6e3fbd36ad6a4be Loading...

	1.azwee.click/en/assets/card.js	59 kB	2024-03-27	2024-04-29
Pretty URL 1.azwee.click/en/assets/card.js IP 199.21.149.68 ASN #7040 NETMINDERS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-27 17:58:11 Last Seen2024-04-29 08:04:23 Times Seen426 Hash 7aa76d18dd3e3598ac9561adf01f3882 26d9fcdd2b6bee0b3f1b96b015f3703b5fbd49e0 6d5516bbbebba2d51878f1e791b642f3b2944270b8e84770f15a16376b202213 Loading...

		Size	First Seen	Last Seen
	#1 Write - 186f4618d45d74b6f18bf83bb0a4edff	232 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 05:55:48 Last Seen2024-04-17 05:55:48 Times Seen1 Hash 186f4618d45d74b6f18bf83bb0a4edff bcde1aaeab7376f794e2c9ec17039742e2aacff5 de7b2e334c2edf049952a76121dd030d4a172237fa81aed88eacf8c19e557bfc Loading...

HTTP Transactions (25)

URL IP Response Size

goo.su/L8XL

104.21.38.221

42 kB

URL
goo.su/L8XL
IP
104.21.38.221:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, Unicode text, UTF-8 text, with very long lines (7391)
Size
42 kB (41941 bytes)
Hash
fd84fb13efcf7d76c3cf92bd959f884b
ff16c61609bd0d590e577a7ba2e4e086d9f1884d
53b2410c317385907f27401f59b96a4d6759a5f7779098337fad9e61c61175ea

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Apple Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /L8XL HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 17 Apr 2024 03:55:21 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/8.2.13
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6IkN6dWZaZVZ1NG9VaTF1M0JpbUc0N3c9PSIsInZhbHVlIjoiQ3VMczFxMjB0S09LdU1Md1BycE9LRXhCZDltRFluNXQ2d2p1TEpRMmRiUkZ3NUFaUm15YUowNXRTWVhEOFNRVU9HMkNhbTg5UmJuL3gyMXppSEZGUEdLeUwvVEEzcEo0UnoreVNaWVdjeFRsMU1VcVBPMnZDcFhRVlVWejFOdnoiLCJtYWMiOiI3Y2ExNGZiYTVmODcxMzg4OTIwZGQ4N2I1NjBmNmYyZjhmNzZmODk2MDM4OWZlYzM4OTIyYzczNzlmZDZkM2VhIiwidGFnIjoiIn0%3D; expires=Wed, 17 Apr 2024 22:35:21 GMT; Max-Age=67200; path=/; secure; samesite=lax
goosu_session=eyJpdiI6Ik50YksyODJ5Q2tQYU9MT3RENkl0d3c9PSIsInZhbHVlIjoiVEJ6REpyMHRwYXlSWmNUUCtwdnhhcXF3L1ZIQXE5blQzVjY4cE10ajl3MWQyT2FaUHJBbkEwUkx0QlBYbXNLU2p3QmJTd0lqQWVlNXROb0h6aUhJY2ZFR29HUitoTkM1SUppbWxoZkxNNSsrTGY3RVBOWHR1bG56OTA2UWwzVHciLCJtYWMiOiI5ZTg2M2Q2M2Q3N2IzNzM3ODcwNWJkOGMzYTc1MzBhNDYwYTdiNTY4ODE1ZWMxNDJiNjk5MzMyOWU1ZTFjNWI4IiwidGFnIjoiIn0%3D; expires=Wed, 17 Apr 2024 22:35:21 GMT; Max-Age=67200; path=/; httponly; samesite=lax
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zz0VLGH5bFUSu05Gnqrpl%2FN%2FueF4Kr8%2FcHYpiD1XtYaLggYj32ze8fqwfnUQS21U3iXMWiY4cRNi0FVFd2CjWvINgLqzu66ma%2B7ihEbAlp%2FCv4J3wnrKUcc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87597aa408405691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

enduresopens.com/ttkXIvunodY/69489

23.109.170.73

25 B

URL
enduresopens.com/ttkXIvunodY/69489
IP
23.109.170.73:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with no line terminators
Size
25 B (25 bytes)
Hash
f7a2939527fd9e68723da600e96d76bd
a9e717b6364d2895ee0a716050db32ca0ef1bb42
d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ttkXIvunodY/69489 HTTP/1.1
Host: enduresopens.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 17 Apr 2024 03:55:22 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://goo.su
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Thu, 18-Apr-2024 03:55:22 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Thu, 18-Apr-2024 03:55:22 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

goo.su/cdn-cgi/challenge-platform/scripts/jsd/main.js

104.21.38.221

0 B

URL
goo.su/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
104.21.38.221:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkN6dWZaZVZ1NG9VaTF1M0JpbUc0N3c9PSIsInZhbHVlIjoiQ3VMczFxMjB0S09LdU1Md1BycE9LRXhCZDltRFluNXQ2d2p1TEpRMmRiUkZ3NUFaUm15YUowNXRTWVhEOFNRVU9HMkNhbTg5UmJuL3gyMXppSEZGUEdLeUwvVEEzcEo0UnoreVNaWVdjeFRsMU1VcVBPMnZDcFhRVlVWejFOdnoiLCJtYWMiOiI3Y2ExNGZiYTVmODcxMzg4OTIwZGQ4N2I1NjBmNmYyZjhmNzZmODk2MDM4OWZlYzM4OTIyYzczNzlmZDZkM2VhIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6Ik50YksyODJ5Q2tQYU9MT3RENkl0d3c9PSIsInZhbHVlIjoiVEJ6REpyMHRwYXlSWmNUUCtwdnhhcXF3L1ZIQXE5blQzVjY4cE10ajl3MWQyT2FaUHJBbkEwUkx0QlBYbXNLU2p3QmJTd0lqQWVlNXROb0h6aUhJY2ZFR29HUitoTkM1SUppbWxoZkxNNSsrTGY3RVBOWHR1bG56OTA2UWwzVHciLCJtYWMiOiI5ZTg2M2Q2M2Q3N2IzNzM3ODcwNWJkOGMzYTc1MzBhNDYwYTdiNTY4ODE1ZWMxNDJiNjk5MzMyOWU1ZTFjNWI4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Wed, 17 Apr 2024 03:55:22 GMT
content-length: 0
cache-control: max-age=300, public
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/bcc5fb0a8815/main.js
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kear7RstvoH3EGxvTaQmbkEc55I8khaI1jJ13XlS%2FdZtx%2FzFQ7XzMWfG1FQoslbRd9xMxNqRXE77IegcAYn722bLSUG12%2FWCkfgbE8u%2BaIrMSY0gAftfpNo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87597aa78d627127-OSL
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

216.58.207.227

19 kB

URL
fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 18668, version 1.0
Size
19 kB (18668 bytes)
Hash
8655d20bbcc8cdbfab17b6be6cf55df3
90edbfa9a7dabb185487b4774076f82eb6412270
e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6

HTTP Headers

GET /s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://goo.su
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18668
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 Apr 2024 02:34:50 GMT
expires: Fri, 11 Apr 2025 02:34:50 GMT
cache-control: public, max-age=31536000
age: 523232
last-modified: Thu, 14 Dec 2023 02:00:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://goo.su
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 16:27:38 GMT
expires: Wed, 16 Apr 2025 16:27:38 GMT
cache-control: public, max-age=31536000
age: 41264
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

rtb.pushdom.co/pb/st?sctp=content-locker&m=ht&pid=883146&sid=330256&dm=goo.su&c1=https&c2=1&c3=https://rtb.pushdom.co/pb/st

109.200.209.144

0 B

URL
rtb.pushdom.co/pb/st?sctp=content-locker&m=ht&pid=883146&sid=330256&dm=goo.su&c1=https&c2=1&c3=https://rtb.pushdom.co/pb/st
IP
109.200.209.144:0
ASN
#49544 i3D.net B.V

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pb/st?sctp=content-locker&m=ht&pid=883146&sid=330256&dm=goo.su&c1=https&c2=1&c3=https://rtb.pushdom.co/pb/st HTTP/1.1
Host: rtb.pushdom.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty/1.21.4.1
date: Wed, 17 Apr 2024 03:55:22 GMT
content-type: text/html;charset=UTF-8
content-length: 0
X-Firefox-Spdy: h2

goo.su/img/favicons/apple-touch-icon.png

104.21.38.221

11 kB

URL
goo.su/img/favicons/apple-touch-icon.png
IP
104.21.38.221:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 180 x 180, 8-bit/color RGB, non-interlaced
Size
11 kB (10926 bytes)
Hash
dc1648f034a8879145ce2db071bdc305
28dfdc4f3f97f00e54528685427a83974cb04a81
7c51dc3139a5a8a07e00884f6558ed62511359803bcb4123668b8e0ccab896c7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/favicons/apple-touch-icon.png HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/L8XL
Cookie: XSRF-TOKEN=eyJpdiI6IkN6dWZaZVZ1NG9VaTF1M0JpbUc0N3c9PSIsInZhbHVlIjoiQ3VMczFxMjB0S09LdU1Md1BycE9LRXhCZDltRFluNXQ2d2p1TEpRMmRiUkZ3NUFaUm15YUowNXRTWVhEOFNRVU9HMkNhbTg5UmJuL3gyMXppSEZGUEdLeUwvVEEzcEo0UnoreVNaWVdjeFRsMU1VcVBPMnZDcFhRVlVWejFOdnoiLCJtYWMiOiI3Y2ExNGZiYTVmODcxMzg4OTIwZGQ4N2I1NjBmNmYyZjhmNzZmODk2MDM4OWZlYzM4OTIyYzczNzlmZDZkM2VhIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6Ik50YksyODJ5Q2tQYU9MT3RENkl0d3c9PSIsInZhbHVlIjoiVEJ6REpyMHRwYXlSWmNUUCtwdnhhcXF3L1ZIQXE5blQzVjY4cE10ajl3MWQyT2FaUHJBbkEwUkx0QlBYbXNLU2p3QmJTd0lqQWVlNXROb0h6aUhJY2ZFR29HUitoTkM1SUppbWxoZkxNNSsrTGY3RVBOWHR1bG56OTA2UWwzVHciLCJtYWMiOiI5ZTg2M2Q2M2Q3N2IzNzM3ODcwNWJkOGMzYTc1MzBhNDYwYTdiNTY4ODE1ZWMxNDJiNjk5MzMyOWU1ZTFjNWI4IiwidGFnIjoiIn0%3D; cf_clearance=DZcCDC4jr_GXgnu.GjLD87ElXmsWXS2BDNOJb4dyyPw-1713326122-1.0.1.1-yLZU.Jzbr.Q2bub9ugUDfnJlcxN1qreJP_yl3ZlQ_7pAdtOX6kNwcau.Lw8dU8dmBFkYorcvXEMgp0ce4Ud6jw; adtech_uid=628f064a-db53-43b4-aec3-c6145ae9bd43%3Agoo.su; top100_id=t1.6673155.984456002.1713326122442; t3_sid_6673155=s1.520442113.1713326122444.1713326122444.1.1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 03:55:22 GMT
content-type: image/png
content-length: 10926
last-modified: Sun, 24 Dec 2023 16:31:41 GMT
etag: "65885ced-2aae"
expires: Fri, 19 Apr 2024 14:06:25 GMT
cache-control: max-age=604800
cf-cache-status: HIT
age: 395337
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=en%2Bq8pRMaJcL8lhj%2FZkcaDDXQQ2M%2FSynXk3JnONk2pL4xQX9IkRgOVaNeqAHZeSykm78Sat3Rp4V2MlakGe41xbuTZVhNF%2F0mrt11ltZF%2FDGHro3FF1WYzc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87597aaa5e847127-OSL
alt-svc: h3=":443"; ma=86400

goo.su/img/favicons/favicon-16x16.png

104.21.38.221

1.6 kB

URL
goo.su/img/favicons/favicon-16x16.png
IP
104.21.38.221:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
1.6 kB (1567 bytes)
Hash
2b201347b6d90e0ad2bbad3be209db73
ae5de3e7f779cf33aefd5dc738f2126633bb7824
df0a5932ec719656fd8f147bcc0c14312e53e52c2df13f5f815d72833de9c852

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/favicons/favicon-16x16.png HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/L8XL
Cookie: XSRF-TOKEN=eyJpdiI6IkN6dWZaZVZ1NG9VaTF1M0JpbUc0N3c9PSIsInZhbHVlIjoiQ3VMczFxMjB0S09LdU1Md1BycE9LRXhCZDltRFluNXQ2d2p1TEpRMmRiUkZ3NUFaUm15YUowNXRTWVhEOFNRVU9HMkNhbTg5UmJuL3gyMXppSEZGUEdLeUwvVEEzcEo0UnoreVNaWVdjeFRsMU1VcVBPMnZDcFhRVlVWejFOdnoiLCJtYWMiOiI3Y2ExNGZiYTVmODcxMzg4OTIwZGQ4N2I1NjBmNmYyZjhmNzZmODk2MDM4OWZlYzM4OTIyYzczNzlmZDZkM2VhIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6Ik50YksyODJ5Q2tQYU9MT3RENkl0d3c9PSIsInZhbHVlIjoiVEJ6REpyMHRwYXlSWmNUUCtwdnhhcXF3L1ZIQXE5blQzVjY4cE10ajl3MWQyT2FaUHJBbkEwUkx0QlBYbXNLU2p3QmJTd0lqQWVlNXROb0h6aUhJY2ZFR29HUitoTkM1SUppbWxoZkxNNSsrTGY3RVBOWHR1bG56OTA2UWwzVHciLCJtYWMiOiI5ZTg2M2Q2M2Q3N2IzNzM3ODcwNWJkOGMzYTc1MzBhNDYwYTdiNTY4ODE1ZWMxNDJiNjk5MzMyOWU1ZTFjNWI4IiwidGFnIjoiIn0%3D; cf_clearance=DZcCDC4jr_GXgnu.GjLD87ElXmsWXS2BDNOJb4dyyPw-1713326122-1.0.1.1-yLZU.Jzbr.Q2bub9ugUDfnJlcxN1qreJP_yl3ZlQ_7pAdtOX6kNwcau.Lw8dU8dmBFkYorcvXEMgp0ce4Ud6jw; adtech_uid=628f064a-db53-43b4-aec3-c6145ae9bd43%3Agoo.su; top100_id=t1.6673155.984456002.1713326122442; t3_sid_6673155=s1.520442113.1713326122444.1713326122444.1.1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 03:55:22 GMT
content-type: image/png
content-length: 1567
last-modified: Sun, 24 Dec 2023 16:31:41 GMT
etag: "65885ced-61f"
expires: Tue, 23 Apr 2024 17:48:03 GMT
cache-control: max-age=604800
cf-cache-status: HIT
age: 36439
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TTFDxl8ZQJyGNst%2BmngWFursUckZKMhQaSL2JFJ%2B1DgMBRp2wADrQeZ0cFENQ5ZtfpwcK9%2FZttSBx20SRdLt7SFC8X6J2diZfaV2eHk7rPxFXkKkW1iR1Us%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87597aaa5e867127-OSL
alt-svc: h3=":443"; ma=86400

goo.su/cdn-cgi/challenge-platform/h/b/jsd/r/87597aa408405691

104.21.38.221

1 B

URL
goo.su/cdn-cgi/challenge-platform/h/b/jsd/r/87597aa408405691
IP
104.21.38.221:0
ASN
#13335 CLOUDFLARENET

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/87597aa408405691 HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12133
Origin: https://goo.su
DNT: 1
Connection: keep-alive
Referer: https://goo.su/L8XL
Cookie: XSRF-TOKEN=eyJpdiI6IkN6dWZaZVZ1NG9VaTF1M0JpbUc0N3c9PSIsInZhbHVlIjoiQ3VMczFxMjB0S09LdU1Md1BycE9LRXhCZDltRFluNXQ2d2p1TEpRMmRiUkZ3NUFaUm15YUowNXRTWVhEOFNRVU9HMkNhbTg5UmJuL3gyMXppSEZGUEdLeUwvVEEzcEo0UnoreVNaWVdjeFRsMU1VcVBPMnZDcFhRVlVWejFOdnoiLCJtYWMiOiI3Y2ExNGZiYTVmODcxMzg4OTIwZGQ4N2I1NjBmNmYyZjhmNzZmODk2MDM4OWZlYzM4OTIyYzczNzlmZDZkM2VhIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6Ik50YksyODJ5Q2tQYU9MT3RENkl0d3c9PSIsInZhbHVlIjoiVEJ6REpyMHRwYXlSWmNUUCtwdnhhcXF3L1ZIQXE5blQzVjY4cE10ajl3MWQyT2FaUHJBbkEwUkx0QlBYbXNLU2p3QmJTd0lqQWVlNXROb0h6aUhJY2ZFR29HUitoTkM1SUppbWxoZkxNNSsrTGY3RVBOWHR1bG56OTA2UWwzVHciLCJtYWMiOiI5ZTg2M2Q2M2Q3N2IzNzM3ODcwNWJkOGMzYTc1MzBhNDYwYTdiNTY4ODE1ZWMxNDJiNjk5MzMyOWU1ZTFjNWI4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 03:55:22 GMT
content-type: text/plain; charset=UTF-8
set-cookie: cf_clearance=DZcCDC4jr_GXgnu.GjLD87ElXmsWXS2BDNOJb4dyyPw-1713326122-1.0.1.1-yLZU.Jzbr.Q2bub9ugUDfnJlcxN1qreJP_yl3ZlQ_7pAdtOX6kNwcau.Lw8dU8dmBFkYorcvXEMgp0ce4Ud6jw; path=/; expires=Thu, 17-Apr-25 03:55:22 GMT; domain=.goo.su; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BwLU2Buzy%2FYS4UHv67F7edzi88pcMb4fq%2FDIlw0S5vWF4w7dkkcUNH2n57NJ%2FZeyDIKthUsPTlp7sR7yxe%2Bavx2v3qR%2FE8ODZbxe7QDZIwDPQkaXUzmnI2k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87597aa8ddf07127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

1.azwee.click/en/

199.21.149.68

520 B

URL
1.azwee.click/en/
IP
199.21.149.68:0
ASN
#7040 NETMINDERS

File type
HTML document, ASCII text
Size
520 B (520 bytes)
Hash
fb8b9d9bf56c5251a14ad8cf217df902
87852731aa55f66ce221f4d2379712c341f7bf00
3074a00c33a6892ee549ced168872d8ffb9c78fe10f47cea0921aed8ac60d6ee

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Apple Inc.

HTTP Headers

GET /en/ HTTP/1.1
Host: 1.azwee.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/html
Date: Wed, 17 Apr 2024 03:55:30 GMT
Server: Kestrel
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "1d9fe46cfb43625"
Last-Modified: Sat, 14 Oct 2023 02:33:27 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Rate-Limit-Limit: 24h
X-Rate-Limit-Remaining: 1806
X-Rate-Limit-Reset: 2024-04-17T04:02:49.0114664Z

1.azwee.click/en/main

199.21.149.68

520 B

URL User Request GET
1.azwee.click/en/main
IP
199.21.149.68:0
ASN
#7040 NETMINDERS

File type
HTML document, ASCII text
Size
520 B (520 bytes)
Hash
fb8b9d9bf56c5251a14ad8cf217df902
87852731aa55f66ce221f4d2379712c341f7bf00
3074a00c33a6892ee549ced168872d8ffb9c78fe10f47cea0921aed8ac60d6ee

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Apple Inc.

HTTP Headers

GET /en/main HTTP/1.1
Host: 1.azwee.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/html
Date: Wed, 17 Apr 2024 03:55:30 GMT
Server: Kestrel
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "1d9fe46cfb43625"
Last-Modified: Sat, 14 Oct 2023 02:33:27 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Rate-Limit-Limit: 24h
X-Rate-Limit-Remaining: 1805
X-Rate-Limit-Reset: 2024-04-17T04:02:49.0114664Z

richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33

5.200.15.240

50 kB

URL
richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33
IP
5.200.15.240:0
ASN
#49544 i3D.net B.V

File type
gzip compressed data, from Unix
Size
50 kB (49579 bytes)
Hash
edfa69f4026054b6deed79581eb68045
95a9743658180a3fa822ebab89b9acb881ce2d0c
fcd23f57bfe3f5cbdf9ef57ea7a9b0c2cce57ca28d6bd2fbdc86ccea1ffc05af

HTTP Headers

GET /richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33 HTTP/1.1
Host: richinfo.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goo.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty/1.21.4.1
date: Wed, 17 Apr 2024 03:55:21 GMT
content-type: application/x-javascript
x-amz-id-2: 8R0pp65URcF/JnE/R568ObICK5ekIPb0UkHBSQ/zH1BnwsfnxGIa3fOkCA78pRRdYt7TTpRn/8Q=
x-amz-request-id: WTREWZHPGW816MS5
last-modified: Wed, 10 Apr 2024 13:16:50 GMT
etag: W/"48e0c66e13f063ffe401a275add23665"
x-amz-server-side-encryption: AES256
content-encoding: gzip
X-Firefox-Spdy: h2

1.azwee.click/en/assets/card.css

199.21.149.68

200 OK

5.0 kB

URL GET HTTP/1.1
1.azwee.click/en/assets/card.css
IP
199.21.149.68:80
ASN
#7040 NETMINDERS

Requested by
http://1.azwee.click/en/main

File type
Unicode text, UTF-8 text, with very long lines (27071)
Size
5.0 kB (4977 bytes)
Hash
8c10638062fc10e7800b5f041d66cbe1
94a8f282dc29814af277016d8741fc857b49304d
96712b90b0eb91764af520996a42c0bff93e823e5e825e2544d1ef4723d625d3

HTTP Headers

GET /en/assets/card.css HTTP/1.1
Host: 1.azwee.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.azwee.click/en/main
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Date: Wed, 17 Apr 2024 03:55:30 GMT
Server: Kestrel
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "1d7d7f36c04bfc4"
Last-Modified: Fri, 12 Nov 2021 18:30:52 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding

1.azwee.click/en/assets/card.js

199.21.149.68

200 OK

16 kB

URL GET HTTP/1.1
1.azwee.click/en/assets/card.js
IP
199.21.149.68:80
ASN
#7040 NETMINDERS

Requested by
http://1.azwee.click/en/main

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (51786)
Size
16 kB (16275 bytes)
Hash
7aa76d18dd3e3598ac9561adf01f3882
26d9fcdd2b6bee0b3f1b96b015f3703b5fbd49e0
6d5516bbbebba2d51878f1e791b642f3b2944270b8e84770f15a16376b202213

HTTP Headers

GET /en/assets/card.js HTTP/1.1
Host: 1.azwee.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.azwee.click/en/main
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/javascript
Date: Wed, 17 Apr 2024 03:55:30 GMT
Server: Kestrel
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "1d7d7f3614aa44b"
Last-Modified: Fri, 12 Nov 2021 18:30:34 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding

1.azwee.click/en/runtime.9b214d14fa4ea25c94c0.js

199.21.149.68

200 OK

1.2 kB

URL GET HTTP/1.1
1.azwee.click/en/runtime.9b214d14fa4ea25c94c0.js
IP
199.21.149.68:80
ASN
#7040 NETMINDERS

Requested by
http://1.azwee.click/en/main

File type
JavaScript source, ASCII text, with very long lines (2278), with no line terminators
Size
1.2 kB (1160 bytes)
Hash
4ac3e6290ad24ac46b8a1970a7efb266
6f792827e5974b69c7c9a87e81f33b5ef670bff3
94f516b9d49d3b5ecf42fba742d930a0224275eedb9d19b4c33644dc8c2a3c26

HTTP Headers

GET /en/runtime.9b214d14fa4ea25c94c0.js HTTP/1.1
Host: 1.azwee.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.azwee.click/en/main
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/javascript
Date: Wed, 17 Apr 2024 03:55:30 GMT
Server: Kestrel
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "1d9fe46cdea7ae6"
Last-Modified: Sat, 14 Oct 2023 02:33:24 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding

1.azwee.click/en/styles.2b2408b28c6b13bb450e.css

199.21.149.68

200 OK

28 kB

URL GET HTTP/1.1
1.azwee.click/en/styles.2b2408b28c6b13bb450e.css
IP
199.21.149.68:80
ASN
#7040 NETMINDERS

Requested by
http://1.azwee.click/en/main

File type
ASCII text, with very long lines (65536), with no line terminators
Size
28 kB (27832 bytes)
Hash
c739cee2deb86082090e380beec5b7a0
f54b118cf0b048e09c70ad1ecf661a21b1a47406
0697729b655b3fadc015ce16eecd8cbd3b48a9e34e3c2a3e8b6ad0f8053887d2

HTTP Headers

GET /en/styles.2b2408b28c6b13bb450e.css HTTP/1.1
Host: 1.azwee.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.azwee.click/en/main
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Date: Wed, 17 Apr 2024 03:55:30 GMT
Server: Kestrel
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "1d9fe46cde87d4f"
Last-Modified: Sat, 14 Oct 2023 02:33:24 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding

1.azwee.click/en/polyfills.649ac95cc0f663eb2ea5.js

199.21.149.68

200 OK

17 kB

URL GET HTTP/1.1
1.azwee.click/en/polyfills.649ac95cc0f663eb2ea5.js
IP
199.21.149.68:80
ASN
#7040 NETMINDERS

Requested by
http://1.azwee.click/en/main

File type
JavaScript source, ASCII text, with very long lines (45945), with no line terminators
Size
17 kB (16801 bytes)
Hash
4794c42590c7158a1a334801f7068376
63e0e06b459566123ab988af6258369ba5b181dd
073c634b2120ecfe1b6b98e45f44d807088bd437e757eb3b049867a615e6a49d

HTTP Headers

GET /en/polyfills.649ac95cc0f663eb2ea5.js HTTP/1.1
Host: 1.azwee.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.azwee.click/en/main
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/javascript
Date: Wed, 17 Apr 2024 03:55:30 GMT
Server: Kestrel
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "1d9fe46cdeac179"
Last-Modified: Sat, 14 Oct 2023 02:33:24 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding

1.azwee.click/en/main.cb307f485390a6a94066.js

199.21.149.68

200 OK

243 kB

URL GET HTTP/1.1
1.azwee.click/en/main.cb307f485390a6a94066.js
IP
199.21.149.68:80
ASN
#7040 NETMINDERS

Requested by
http://1.azwee.click/en/main

File type
JavaScript source, ASCII text, with very long lines (63865)
Size
243 kB (242917 bytes)
Hash
bc44d3824775061c25f8df88d786c3e2
111302049dc6c747ff1c06e4f71b4633c0dec9da
8e89674e3a2a98869f629ec69abaf2dc5f499b53a3ee1016c6e3fbd36ad6a4be

HTTP Headers

GET /en/main.cb307f485390a6a94066.js HTTP/1.1
Host: 1.azwee.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.azwee.click/en/main
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/javascript
Date: Wed, 17 Apr 2024 03:55:30 GMT
Server: Kestrel
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "1d9fe46cf17512f"
Last-Modified: Sat, 14 Oct 2023 02:33:26 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding

1.azwee.click/en/assets/menu.png

199.21.149.68

200 OK

687 B

URL GET HTTP/1.1
1.azwee.click/en/assets/menu.png
IP
199.21.149.68:80
ASN
#7040 NETMINDERS

Requested by
http://1.azwee.click/en/main

File type
PNG image data, 49 x 48, 8-bit/color RGBA, non-interlaced
Size
687 B (687 bytes)
Hash
da0b0fdd44746082b7f978a5f70f0e78
69a6755ecad7defee0b3de296d1352dae7cae626
00543da96852706a4d679197d06a00385869a5ce868c2687e7ab23a5f83fe4e4

HTTP Headers

GET /en/assets/menu.png HTTP/1.1
Host: 1.azwee.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.azwee.click/en/main
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 687
Content-Type: image/png
Date: Wed, 17 Apr 2024 03:55:31 GMT
Server: Kestrel
Accept-Ranges: bytes
ETag: "1d9ab7df8593f2f"
Last-Modified: Fri, 30 Jun 2023 18:09:11 GMT

1.azwee.click/en/assets/logo.png

199.21.149.68

200 OK

34 kB

URL GET HTTP/1.1
1.azwee.click/en/assets/logo.png
IP
199.21.149.68:80
ASN
#7040 NETMINDERS

Requested by
http://1.azwee.click/en/main

File type
PNG image data, 720 x 721, 8-bit colormap, non-interlaced
Size
34 kB (34355 bytes)
Hash
4852c60ddb8653928e43fa9d24b911b3
e037ce421215511dbce720d6f6503e8fa9b8ea9d
07126b04b6559c56df43d120f4c5487f1ca9e335428b3d82c2d2d24459990561

HTTP Headers

GET /en/assets/logo.png HTTP/1.1
Host: 1.azwee.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.azwee.click/en/main
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 34355
Content-Type: image/png
Date: Wed, 17 Apr 2024 03:55:31 GMT
Server: Kestrel
Accept-Ranges: bytes
ETag: "1d9ab83779dc633"
Last-Modified: Fri, 30 Jun 2023 18:48:32 GMT

1.azwee.click/en/assets/jt.png

199.21.149.68

200 OK

4.1 kB

URL GET HTTP/1.1
1.azwee.click/en/assets/jt.png
IP
199.21.149.68:80
ASN
#7040 NETMINDERS

Requested by
http://1.azwee.click/en/main

File type
PNG image data, 126 x 126, 8-bit/color RGBA, non-interlaced
Size
4.1 kB (4129 bytes)
Hash
a64f3508282fa585f502c7283cfc853a
c266d5102a4fd1d5d9980799a51a345390b5d533
ff3323d9098ef10b0d36ef5c9219481d03afb2d307a5144a6ff3f509b31110f4

HTTP Headers

GET /en/assets/jt.png HTTP/1.1
Host: 1.azwee.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.azwee.click/en/main
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 4129
Content-Type: image/png
Date: Wed, 17 Apr 2024 03:55:31 GMT
Server: Kestrel
Accept-Ranges: bytes
ETag: "1d5318f817f9521"
Last-Modified: Wed, 03 Jul 2019 11:07:30 GMT

1.azwee.click/en/apple.f843c50675ae358ea181.svg

199.21.149.68

200 OK

1.5 kB

URL GET HTTP/1.1
1.azwee.click/en/apple.f843c50675ae358ea181.svg
IP
199.21.149.68:80
ASN
#7040 NETMINDERS

Requested by
http://1.azwee.click/en/main

File type
SVG Scalable Vector Graphics image
Size
1.5 kB (1484 bytes)
Hash
26cbb4bfb27dd56b0ed09a961f28145b
b8e84ed32f81f41251c815e0132fed0fba3489f1
c21d714e92269a3dcf05c24db9aec96171671d0dcd59b867c2acb953d3cb551a

HTTP Headers

GET /en/apple.f843c50675ae358ea181.svg HTTP/1.1
Host: 1.azwee.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.azwee.click/en/main
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 1484
Content-Type: image/svg+xml
Date: Wed, 17 Apr 2024 03:55:31 GMT
Server: Kestrel
Accept-Ranges: bytes
ETag: "1d9fe46cdea77cc"
Last-Modified: Sat, 14 Oct 2023 02:33:24 GMT

1.azwee.click/en/image_small.1771014580291c90faaa.svg

199.21.149.68

200 OK

898 B

URL GET HTTP/1.1
1.azwee.click/en/image_small.1771014580291c90faaa.svg
IP
199.21.149.68:80
ASN
#7040 NETMINDERS

Requested by
http://1.azwee.click/en/main

File type
SVG Scalable Vector Graphics image
Size
898 B (898 bytes)
Hash
4dc220ff2f9395c2cd7c34de8776a6e7
9dfcb00873e24be99f2965c6447e393b71cd6fc1
c18d99c87523f8ef73e5dc2e86aa5917da37e5564a7f591cb43bc32049f76d88

HTTP Headers

GET /en/image_small.1771014580291c90faaa.svg HTTP/1.1
Host: 1.azwee.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.azwee.click/en/main
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 898
Content-Type: image/svg+xml
Date: Wed, 17 Apr 2024 03:55:31 GMT
Server: Kestrel
Accept-Ranges: bytes
ETag: "1d9fe46cdea7182"
Last-Modified: Sat, 14 Oct 2023 02:33:24 GMT

1.azwee.click/en/favicon.ico

199.21.149.68

200 OK

22 kB

URL GET HTTP/1.1
1.azwee.click/en/favicon.ico
IP
199.21.149.68:80
ASN
#7040 NETMINDERS

Requested by
http://1.azwee.click/en/main

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Size
22 kB (22382 bytes)
Hash
891e510219786f543ca998282ed99f45
19fe2ff6a2418bcb44b02308b998cef84199ee08
e4bdf72e2f803f7e19907c12f407ac7f7cd5f1f94bfd730b9be24b0d49191b48

HTTP Headers

GET /en/favicon.ico HTTP/1.1
Host: 1.azwee.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.azwee.click/en/main
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 22382
Content-Type: image/x-icon
Date: Wed, 17 Apr 2024 03:55:31 GMT
Server: Kestrel
Accept-Ranges: bytes
ETag: "1d71ee1f8b7af6e"
Last-Modified: Mon, 22 Mar 2021 06:09:52 GMT

goo.su/cdn-cgi/challenge-platform/h/b/scripts/jsd/bcc5fb0a8815/main.js

104.21.38.221

7.8 kB

URL
goo.su/cdn-cgi/challenge-platform/h/b/scripts/jsd/bcc5fb0a8815/main.js
IP
104.21.38.221:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (7954), with no line terminators
Size
7.8 kB (7750 bytes)
Hash
58c69bbaa54f4453a4a1f955cb032ef2
920b67d685a9bbe963061dcba7dc85ce5d4bd0ab
b3920e2680f29aade432d4676de85fbc8ad3d730d686e30543ab9d654f3d622d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/bcc5fb0a8815/main.js HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkN6dWZaZVZ1NG9VaTF1M0JpbUc0N3c9PSIsInZhbHVlIjoiQ3VMczFxMjB0S09LdU1Md1BycE9LRXhCZDltRFluNXQ2d2p1TEpRMmRiUkZ3NUFaUm15YUowNXRTWVhEOFNRVU9HMkNhbTg5UmJuL3gyMXppSEZGUEdLeUwvVEEzcEo0UnoreVNaWVdjeFRsMU1VcVBPMnZDcFhRVlVWejFOdnoiLCJtYWMiOiI3Y2ExNGZiYTVmODcxMzg4OTIwZGQ4N2I1NjBmNmYyZjhmNzZmODk2MDM4OWZlYzM4OTIyYzczNzlmZDZkM2VhIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6Ik50YksyODJ5Q2tQYU9MT3RENkl0d3c9PSIsInZhbHVlIjoiVEJ6REpyMHRwYXlSWmNUUCtwdnhhcXF3L1ZIQXE5blQzVjY4cE10ajl3MWQyT2FaUHJBbkEwUkx0QlBYbXNLU2p3QmJTd0lqQWVlNXROb0h6aUhJY2ZFR29HUitoTkM1SUppbWxoZkxNNSsrTGY3RVBOWHR1bG56OTA2UWwzVHciLCJtYWMiOiI5ZTg2M2Q2M2Q3N2IzNzM3ODcwNWJkOGMzYTc1MzBhNDYwYTdiNTY4ODE1ZWMxNDJiNjk5MzMyOWU1ZTFjNWI4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 03:55:22 GMT
content-type: application/javascript; charset=UTF-8
content-encoding: br
vary: accept-encoding
cache-control: max-age=14400, public
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GchaGJHTk7ZXB%2FlHiov9ptcwEP2UyxT2t0L8aZByWmm44DNEwLgUiepsId0RNjDrg2lf1w2ZH6%2BIKyjo1WY9ySHoavBSY4xOPicaMk9ViVQvCAQt4mshexY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87597aa79d697127-OSL
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (25)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections