Click to jump to signature section
Source: https://goo.su/V4Yfz | Avira URL Cloud: detection malicious, Label: phishing |
Source: https://enduresopens.com/tsf/69489?md=eyJ6IjozMTA1LCJhIjo2OTMxLCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4OTA3IiwiciI6IiIsInEiOiJodHRwczovL2dvby5zdS9WNFlmeiIsImgiOjQ2MzUsImwiOiJlbi1VUyIsInQiOjMwMCwiayI6MCwidSI6IiIsImYiOmZhbHNlLCJ3aCI6Im5vdCBpbiBpZnJhbWUiLCJpaCI6IjEyODB4OTg0IiwiZSI6ImoyOTF2azd5dWYzZ3BpNSIsIm8iOnRydWUsIm0iOjE3MzgzNjYyMjczMjEsInciOiIlN0IlMjJ0aXRsZSUyMiUzQSUyMlJlZGlyZWN0aW5nJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMmdvb3N1JTNBMSUyMiUyQyUyMnJlZGlyZWN0aW5nJTNBMSUyMiUyQyUyMnBsZWFzZSUzQTElMjIlMkMlMjJ3YWl0JTNBMSUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiZG0iOjgsImhjIjo0LCJibCI6MSwiYmMiOjIsInZ2IjoiR29vZ2xlIEluYy4gKEdvb2dsZSkiLCJ2ciI6IkFOR0xFIChHb29nbGUsIFZ1bGthbiAxLjMuMCAoU3dpZnRTaGFkZXIgRGV2aWNlIChTdWJ6ZXJvKSAoMHgwMDAwQzBERSkpLCBTd2lmdFNoYWRlciBkcml2ZXIpIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6IjNnIiwiY2RsbSI6LTEsImNkbCI6MS4zLCJjcnR0IjoyNTAsInRtcyI6MSwiY2UiOnRydWUsImNkIjoyNCwib3IiOiJsYW5kc2NhcGUtcHJpbWFyeSIsImZzIjpudWxsLCJmc28iOm51bGx9 | Avira URL Cloud: Label: malware |
Source: https://enduresopens.com/ttkXIvunodY/69489 | Avira URL Cloud: Label: malware |
Source: https://enduresopens.com/tsf/69489?md=eyJ6IjozMTA1LCJhIjo2OTMxLCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4OTA3IiwiciI6IiIsInEiOiJodHRwczovL2dvby5zdS9WNFlmeiIsImgiOjY0MjEsImwiOiJlbi1VUyIsInQiOjMwMCwiayI6NCwidSI6IjY3MGNmMTliNjUyM2NhYjU3MTBkZWMiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDk4NCIsImUiOiJhY3p5YnhpOTVzdDZ2ZHIiLCJvIjp0cnVlLCJtIjoxNzM4MzY2MjU3NTk1LCJ3IjoiJTdCJTIydGl0bGUlMjIlM0ElMjJSZWRpcmVjdGluZyUyMiUyQyUyMmtleXdvcmRzJTIyJTNBJTVCJTVEJTJDJTIydG9wd29yZHMlMjIlM0ElNUIlMjJnb29zdSUzQTElMjIlMkMlMjJyZWRpcmVjdGluZyUzQTElMjIlMkMlMjJwbGVhc2UlM0ExJTIyJTJDJTIyd2FpdCUzQTElMjIlMkMlMjIxMTAlM0ExJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJkbSI6OCwiaGMiOjQsImJsIjoxLCJiYyI6MiwidnYiOiJHb29nbGUgSW5jLiAoR29vZ2xlKSIsInZyIjoiQU5HTEUgKEdvb2dsZSwgVnVsa2FuIDEuMy4wIChTd2lmdFNoYWRlciBEZXZpY2UgKFN1Ynplcm8pICgweDAwMDBDMERFKSksIFN3aWZ0U2hhZGVyIGRyaXZlcikiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoiM2ciLCJjZGxtIjotMSwiY2RsIjoxLjMsImNydHQiOjI1MCwidG1zIjoxLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbH0 | Avira URL Cloud: Label: malware |
Source: https://steamcommunuty.com/id/734317454564556788 | Avira URL Cloud: Label: phishing |
Source: 0.25.id.script.csv | Joe Sandbox AI: Detected suspicious JavaScript with source url: http://23.109.170.170/tsc/jwGRfxPyIClEyfY1GXe5ozZW... This script demonstrates several high-risk behaviors, including attempting to manipulate the window opener, modifying the browser history, and redirecting the user to a suspicious URL with obfuscated parameters. These actions are indicative of potential phishing or malicious activity, posing a significant risk to the user's security and privacy. |
Source: https://richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33 | HTTP Parser: (function(_0x31c704,_0x2e099c){function _0x41606a(_0x5587de,_0x3a321d,_0x1768ac,_0x19eb3c){return _0 |
Source: https://goo.su/V4Yfz | HTTP Parser: Base64 decoded: <svg width="100" height="100" viewBox="0 0 100 100" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M50 0C46.55 0 43.75 2.8 43.75 6.25V18.75C43.75 22.2 46.55 25 50 25C53.45 25 56.25 22.2 56.25 18.75V6.25C56.25 2.8 53.45 0 50 0ZM50 75C46.55 75 43.... |
Source: https://goo.su/V4Yfz | HTTP Parser: No favicon |
Source: https://goo.su/V4Yfz | HTTP Parser: No favicon |
Source: https://goo.su/V4Yfz | HTTP Parser: No favicon |
Source: https://goo.su/V4Yfz | HTTP Parser: No favicon |
Source: unknown | HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49715 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49758 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49922 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50067 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50161 version: TLS 1.2 |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | HTTP traffic: Redirect from: mysteriumvpn.pxf.io to https://www.ojrq.net/p/?return=https%3a%2f%2fmysteriumvpn.pxf.io%2fc%2f1444835%2f1957248%2f23845%3fsubid1%3d5b7e4ac0-e02b-11ef-9ae7-f93c349d97fa%26subid2%3d209701%26level%3d1%26srcref%3dhttps%253a%252f%252fwww.internewsweb.com%252f&cid=23845&tpsync=yes&auth=586afa4003047e79 |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | HTTP traffic: Redirect from: www.ojrq.net to https://mysteriumvpn.pxf.io/c/1444835/1957248/23845?subid1=5b7e4ac0-e02b-11ef-9ae7-f93c349d97fa&subid2=209701&level=1&srcref=https%3a%2f%2fwww.internewsweb.com%2f&brwsr=6d684423-e02b-11ef-9173-5f0ab6ce68ea&brwsrsig=zzirn8vezuaguonyef0cew7r3hdwt5 |
Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: global traffic | HTTP traffic detected: GET /V4Yfz HTTP/1.1Host: goo.suConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb5 HTTP/1.1Host: goo.suConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://goo.su/V4YfzAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=H3fh5tGdw61Tf7I6OliUgvNu07XNKWsh2HyirBWr; goosu_session=CukYSMk2rgOz0cY3OQPNfMH2luIuNngGcSignt9K |
Source: global traffic | HTTP traffic detected: GET /richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33 HTTP/1.1Host: richinfo.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://goo.susec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://goo.su/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb5 HTTP/1.1Host: goo.suConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=H3fh5tGdw61Tf7I6OliUgvNu07XNKWsh2HyirBWr; goosu_session=CukYSMk2rgOz0cY3OQPNfMH2luIuNngGcSignt9K |
Source: global traffic | HTTP traffic detected: GET /ttkXIvunodY/69489 HTTP/1.1Host: enduresopens.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://goo.su/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /system/context.js HTTP/1.1Host: an.yandex.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://goo.su/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33 HTTP/1.1Host: richinfo.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /top100/top100.js HTTP/1.1Host: st.top100.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://goo.su/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /hit?t44.11;r;s1280*1024*24;uhttps%3A//goo.su/V4Yfz;hRedirecting;0.6139654133916626 HTTP/1.1Host: counter.yadro.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://goo.su/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /js/code.js HTTP/1.1Host: top-fwz1.mail.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://goo.su/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /ttkXIvunodY/69489 HTTP/1.1Host: enduresopens.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GL_UI4=eJw9jd1Og0AUhPmn1YJOwgP4CEBtiZfGh%2BglOeweKBZ2m2WF%2BPZuTPRqvky%2ByXieFxRP8Ndkj%2FCLTnip67oqBTXHrq%2Bor1nUTIKbV3o7Mx9PZ%2BzHpbXUTWwj7JaZjG3tGuEwsGIzilZoyRmenfXX3JTeVIS4M6Rkhnh2xpQh7YzeFjZFiEjRzEg%2Brka7jGf61AZhVTWOR%2BXYLxHopQjzB6SXUUk3zA8IqjLPEw%2BP94lsr83cjjLxEQ%2BGJMN%2Fx06Q5UGbb6SSl5vVd0BPsv33f3%2FDrSqRSF5H4c61vbL5AbYXTuA%3D; GL_GI10=eJwNy8EKgkAUBdB5D7IkCy75AX7BgBVha7fhRly4DB1kEN4MM1PR39fZH6UUlwXYehSNvt50fb7ourmDFvDQgyfBYRCbzFz16ZlMBAVwN4KDYNeZTzW6sIKmYw6y2LdG0it8H1ZWsETkrQvehf8E%2BUyBk9tuwHEuFeidnX4jVR19 |
Source: global traffic | HTTP traffic detected: GET /hit?q;t44.11;r;s1280*1024*24;uhttps%3A//goo.su/V4Yfz;hRedirecting;0.6139654133916626 HTTP/1.1Host: counter.yadro.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://goo.su/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FTID=1ddLqK0qPA8y1ddLqK002VJW |
Source: global traffic | HTTP traffic detected: GET /top100/top100.js HTTP/1.1Host: st.top100.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /js/code.js HTTP/1.1Host: top-fwz1.mail.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FTID=08Bdkz1yqaYU:1738366228:0::: |
Source: global traffic | HTTP traffic detected: GET /pb/st?sctp=content-locker&m=ht&pid=883146&sid=330256&dm=goo.su&c1=https&c2=1&c3=https://rtb.pushdom.co/pb/st HTTP/1.1Host: rtb.pushdom.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://goo.su/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /system/context.js HTTP/1.1Host: an.yandex.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: i=ZjDP6WxtRF/YBzRftLVaM15vA2mS5auxxDU7hFk5Uwpp0voLKXTth9mJufB3FmHePkvjNQRst4cGvYMaBl6y/fomjYo=; yandexuid=3224485451738366228; yashr=3143232101738366228; bh=EkAiR29vZ2xlIENocm9tZSI7dj0iMTE3IiwgIk5vdDtBPUJyYW5kIjt2PSI4IiwgIkNocm9taXVtIjt2PSIxMTciKgI/MDoJIldpbmRvd3MiYJS69bwGah7cyuH/CJLYobEDn8/h6gP7+vDnDev//fYPutfOhwg= |
Source: global traffic | HTTP traffic detected: GET /s3/home/fonts/ys/3/text-variable-full.woff2 HTTP/1.1Host: yastatic.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://goo.susec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://goo.su/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /tsf/69489?md=eyJ6IjozMTA1LCJhIjo2OTMxLCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4OTA3IiwiciI6IiIsInEiOiJodHRwczovL2dvby5zdS9WNFlmeiIsImgiOjQ2MzUsImwiOiJlbi1VUyIsInQiOjMwMCwiayI6MCwidSI6IiIsImYiOmZhbHNlLCJ3aCI6Im5vdCBpbiBpZnJhbWUiLCJpaCI6IjEyODB4OTg0IiwiZSI6ImoyOTF2azd5dWYzZ3BpNSIsIm8iOnRydWUsIm0iOjE3MzgzNjYyMjczMjEsInciOiIlN0IlMjJ0aXRsZSUyMiUzQSUyMlJlZGlyZWN0aW5nJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMmdvb3N1JTNBMSUyMiUyQyUyMnJlZGlyZWN0aW5nJTNBMSUyMiUyQyUyMnBsZWFzZSUzQTElMjIlMkMlMjJ3YWl0JTNBMSUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiZG0iOjgsImhjIjo0LCJibCI6MSwiYmMiOjIsInZ2IjoiR29vZ2xlIEluYy4gKEdvb2dsZSkiLCJ2ciI6IkFOR0xFIChHb29nbGUsIFZ1bGthbiAxLjMuMCAoU3dpZnRTaGFkZXIgRGV2aWNlIChTdWJ6ZXJvKSAoMHgwMDAwQzBERSkpLCBTd2lmdFNoYWRlciBkcml2ZXIpIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6IjNnIiwiY2RsbSI6LTEsImNkbCI6MS4zLCJjcnR0IjoyNTAsInRtcyI6MSwiY2UiOnRydWUsImNkIjoyNCwib3IiOiJsYW5kc2NhcGUtcHJpbWFyeSIsImZzIjpudWxsLCJmc28iOm51bGx9 HTTP/1.1Host: enduresopens.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GL_UI4=eJw9jd1Og0AUhPmn1YJOwgP4CEBtiZfGh%2BglOeweKBZ2m2WF%2BPZuTPRqvky%2ByXieFxRP8Ndkj%2FCLTnip67oqBTXHrq%2Bor1nUTIKbV3o7Mx9PZ%2BzHpbXUTWwj7JaZjG3tGuEwsGIzilZoyRmenfXX3JTeVIS4M6Rkhnh2xpQh7YzeFjZFiEjRzEg%2Brka7jGf61AZhVTWOR%2BXYLxHopQjzB6SXUUk3zA8IqjLPEw%2BP94lsr83cjjLxEQ%2BGJMN%2Fx06Q5UGbb6SSl5vVd0BPsv33f3%2FDrSqRSF5H4c61vbL5AbYXTuA%3D; GL_GI10=eJwNy8EKgkAUBdB5D7IkCy75AX7BgBVha7fhRly4DB1kEN4MM1PR39fZH6UUlwXYehSNvt50fb7ourmDFvDQgyfBYRCbzFz16ZlMBAVwN4KDYNeZTzW6sIKmYw6y2LdG0it8H1ZWsETkrQvehf8E%2BUyBk9tuwHEuFeidnX4jVR19; GL_CA_69489=eJxjYGBgEmHiYpCaqC%2FCJMiYzMYoyFjClT43VpSLQWjXQhEmPgY2Rj5GsAgAfJsGxg%3D%3D |
Source: global traffic | HTTP traffic detected: GET /hit?q;t44.11;r;s1280*1024*24;uhttps%3A//goo.su/V4Yfz;hRedirecting;0.6139654133916626 HTTP/1.1Host: counter.yadro.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FTID=1ddLqK0qPA8y1ddLqK002VJW; VID=3lp85N2_3k8y1ddLqL002VO- |
Source: global traffic | HTTP traffic detected: GET /ads/meta/13857141?target-ref=https%3A%2F%2Fgoo.su%2FV4Yfz&pcode-version=1199024&pcodever=1199024&comboblock-unencoded-vast=1&ad-session-id=5054591738366228975&target-id=47397569&pcode-test-ids=1194089%2C0%2C29%3B1195248%2C0%2C38%3B1183713%2C0%2C36%3B1169022%2C0%2C62%3B1177504%2C0%2C52%3B1190023%2C0%2C5%3B1199819%2C0%2C48%3B1194991%2C0%2C97%3B1167683%2C0%2C82%3B1194456%2C0%2C93%3B1164346%2C0%2C50%3B1197699%2C0%2C56%3B1195514%2C0%2C45%3B1194469%2C0%2C50%3B1199024%2C0%2C8%3B681841%2C0%2C27&pcode-flags-map=eJylWG1znDgS%2Fi98NlkkJED5poGGUQ1IrBATz26lVNiDd73r2HceJ7uXrfz3KwGZGJzM%2BOo%2BzSDoR61W99Mv%2F3hb3thC85UtQRZm7b399R%2FvU3f3sffeejggiXfhPfWHJ7H33npJkAQx8b68vxjE3mle21I0BiRou9pZJVOYARjdwnMAhEISUXxEaFq9hZ0VsjEaeGUrlYGWNoNGFHKGdLju7np73%2F81h6MYo%2BQI1zZgt8JoIbk1W%2FtzC3pna655NcPq%2F%2F7XAiXCjI4oIgNlhbSm4LbJBsRRNyELW0EmuM1FCc0M8Obh0XZ3dwtQlsToqJpZQwUWqtrsLE%2BNUNLWXEJpecZrI7ZgG%2FHLAval9VgUEvZdzGYjartqjVHy%2F4FsDF%2BVYLegG6HmN%2BA%2BJRFeSCc4HA%2Bpta15AbbksrBmsOGKSwn6tOkZYzgYAKq2NGIUsa0UuYDMCmlA53zhVQsQyhIcxwOGu67VZjy3zZW2x%2FtMVbVSp1CimJEg%2FnoUCe%2BsBtNqaXluQNu0FOnGmrVWbbE%2BadIYoWCyaFNxbZwbtmDhsrarkqebIWKeI%2Fzqfehu7948fvQuvP909%2Fv%2B7zePH3%2B6%2FdD91h9mS791H4aV%2Fef%2Bfvy8%2B3T79DD%2B%2FfDm2cP%2B%2FnZadchHBO%2FCe%2Bw%2B3z18%2Fn16%2Fflx%2FP342L257%2F86vPjgj%2B7hw%2B0k%2BvCn%2B30%2FOypN8GizBozNIOdtaUY%2FkG21On35MUVhPN79jjeGG5HaHCCzq1KlGysy%2B24tDHzHXtoXPiYM4YD4yLuYPePFc7h4JsMz9zFFQRDjSZ77NElIhHyEjgtRjGjsNng%2Fo0AWoWhQOm9sqVRtc3F56pgJDUMUDhLOq4ra2CbVojYnheIQs5FpM9EMMTl6YKpkLnTFzTI8FwAM0zAZd81%2BATkS2QZKMOfkUILZjFHXXGaluwa5mZRwkcUz08qTccnCGNORnBtegd1xmcGlzVTFxWkd4iCO2OzwqgapzcrWGmpbgeF21ZabkyCMkokVwPDCroFnZ8goCBIajWzGm51Mx8h9LvKPd%2BifnAc%2Be2%2BdXhk33JaKZ97F%2FB3IDJyxFuvTi8Wqy8M%2FAvjhFkIKY8cFnuXqcvG6AqPFhttUtY5MF29TpTYCbMVNunYZ7vtf1VpVooEXGw%2BB7o4%2FaTmw7eKrOQNbJQeFXUz9%2FnB4OjhjutT5%2FsvsJlASs4lDm9pueWOm5PtOmLVqjdWQCQ2psUqWu%2BGD01eL4yAZuSY39qtX8bou1VZIK1RjQWYp19kZGIYDeoyOI07TgHmecFINfMjAGni6HpR2H6clF9U5J8QsfHb0XFzaS8FVJayGn1toTHNaPMQ0pkfxtG2MqmypCityPmdRQvuuu0KRz%2FruxidxF%2FpXcbT3u5uriLC%2Bo3vqyDSmXRJFIfWv9xHzCUtufLZniY%2BC6w51e9Rd9Y4yU8A4jAjy8YoSnwQh9Vd0xXyMGaUIIIMs9y48Rvsk3CedT0lPfLIPsd%2FFiPjoquuukvgaUbZ3m0JISIgTn0Rx6BOKuL%2BKIuKvwghynKckD5h34d3ELE66IPRDxm58QknisyAIfXR9HSUd2fc3V4FLhz2LWX%2FD%2FOgmjn0SdMi%2Fuomv%2FGtK%2BusYBQjvoxnLoyAkLEm%2BZ8YadApy5m3BmyCgr5NO82LOJwzFCMUMe2%2FRhRcGAUswCZD3Fn35AaBjgK%2F12Rj2p%2F2BxNFU26aNnkriQlTVSep2FQyOooVYA3oL2m9EdkaYBnjKkcfoHRL7j%2FJ5FLKAxCFd3AENCR5VHzqNylWDheal5bJ5dy6MKKMIH3WoHcFZo3m |