goatraffik.com/tracking.php
185.32.28.169 25 B URL goatraffik.com/tracking.php
IP 185.32.28.169:0
ASN #15699 OGIC Informatica S.L.
File type ASCII text, with no line terminators
Hash bb1ca97ec761fc37101737ba0aa2e7c5
0b99cebe565822c64ac5d84aecb00fe40e59cbd3
d98ee0e5f9399db9381014c9f890f896d3fcb272c2a7a521d0a13aa23085a284
GET /tracking.php HTTP/1.1
Host: goatraffik.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 11:03:43 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Refresh: 0; url=https://1d6ceb551fc.terrifictc.net/?p=12663&media_type=mainstream&click_id=1685617423goa64787b0f85beb&pi=0
Content-Encoding: gzip
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226 1.4 kB URL ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash 70ffd5de338af34e36b45a6982e24233
290ccb6498e132add1a6fde8ac9a19c85b186a0e
66efe637f64a4a91901acdf83dbace7827fada10a60b7d0752b121935b46ef0c
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 01 Jun 2023 11:03:45 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Mon, 05 Jun 2023 08:00:49 GMT
ETag: "290ccb6498e132add1a6fde8ac9a19c85b186a0e"
Last-Modified: Thu, 01 Jun 2023 08:00:50 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d06f8ce184a0b55-OSL
romele.ru/cl/887d9c4bddf3b660?p1=lid13czpccak9w616sgkgscws,16947923,5,12663&p2=12663&source=mysite&site=trafficcompany.com
104.21.69.131302 Found 660 B URL User Request GET HTTP/2 romele.ru/cl/887d9c4bddf3b660?p1=lid13czpccak9w616sgkgscws,16947923,5,12663&p2=12663&source=mysite&site=trafficcompany.com
IP 104.21.69.131:443
Certificate IssuerGoogle Trust Services LLC
Subjectromele.ru
FingerprintA0:E3:DF:56:00:07:0C:06:BB:B1:42:75:94:EB:E2:8C:E6:5A:84:86
ValidityMon, 24 Apr 2023 01:02:39 GMT - Sun, 23 Jul 2023 01:02:38 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 5cb8c6347a08a1a0ebf9775a6670bf5b
ba976033de256c57700552c957a9fd01bb0c6f76
d29bb24026f7dcc916522d2351a9421970d00394297e227a4a95c5ee64344fa8
GET /cl/887d9c4bddf3b660?p1=lid13czpccak9w616sgkgscws,16947923,5,12663&p2=12663&source=mysite&site=trafficcompany.com HTTP/1.1
Host: romele.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Thu, 01 Jun 2023 11:03:45 GMT
content-type: text/html; charset=UTF-8
location: https://p.hungama.com/norway_mm_play/index.php/promotion/preview/3?aff_id=1641&click_id=4642842392
x-powered-by: PHP/8.1.18
cache-control: no-cache
x-frame-options: DENY
set-cookie: sbc887d9c4bddf3b660=eyJpdiI6IllNYjFlTXk5SU1yUHZQcm1UeWpoTWc9PSIsInZhbHVlIjoiaGFFYlZKL2FwM0RoOWRlaGQ1SXA4dz09IiwibWFjIjoiOTczZmI4ZDUwZGFkZTQyOWI0ZGViYWNkYzgxOThjMDZjMjQ3ZGM0ZDBmMDc4YTYxNDNjMzQ4NzA3NzU3OTI4NSIsInRhZyI6IiJ9; expires=Thu, 01 Jun 2023 12:03:45 GMT; Max-Age=3600; path=/; httponly; samesite=lax
vis=eyJpdiI6IjRMOXI2clVVN3lMUUtobmpCbjRvYlE9PSIsInZhbHVlIjoiRjFTMGZMTUxnZ1ZNNHJ4MXZpMEM2Zz09IiwibWFjIjoiOTBjNzViNjQ3MzQyZjEwOTgyMzUzZjc0MWZjYTMzMjJlYzczYmYzYjJmOWZkNWE2ZDFhMmZjODlmYjU1MzU5YiIsInRhZyI6IiJ9; expires=Wed, 30 Aug 2023 11:03:45 GMT; Max-Age=7776000; path=/; httponly; samesite=lax
expires: Thu, 01 Jan 1970 00:00:01 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cl3q5I5xPJHb8a3Jk8%2Bq4BFyni1u0GzBzQLxwQDhoqUd5Sxh4vAzKOJge99s9ZQdhGZstCfqiZJjawfYa6gp4y8lN9Pc4qRqQXd2aglVUwf1JOZoHM4fymeJY8I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d06f8ca1f0d0afe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226 1.4 kB URL ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash 70ffd5de338af34e36b45a6982e24233
290ccb6498e132add1a6fde8ac9a19c85b186a0e
66efe637f64a4a91901acdf83dbace7827fada10a60b7d0752b121935b46ef0c
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 01 Jun 2023 11:03:46 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Mon, 05 Jun 2023 08:00:49 GMT
ETag: "290ccb6498e132add1a6fde8ac9a19c85b186a0e"
Last-Modified: Thu, 01 Jun 2023 08:00:50 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d06f8d30df00b55-OSL
1d6ceb551fc.terrifictc.net/?p=12663&media_type=mainstream&click_id=1685617423goa64787b0f85beb&pi=0
94.237.99.118200 OK 754 B URL User Request GET HTTP/2 1d6ceb551fc.terrifictc.net/?p=12663&media_type=mainstream&click_id=1685617423goa64787b0f85beb&pi=0
IP 94.237.99.118:443
Certificate IssuerLet's Encrypt
Subject*.terrifictc.net
FingerprintE9:8D:07:AC:D1:68:9E:F0:1E:99:28:4E:12:0A:DE:64:2D:BD:77:1C
ValidityFri, 28 Apr 2023 13:54:57 GMT - Thu, 27 Jul 2023 13:54:56 GMT
File type gzip compressed data, from Unix\012- data
Hash 8d9abdccf8c4739d01ac1afcd9c12141
d904fc758f96816c624a719c2c7f5c804bda92e6
a5fe1d96dec455aaa5c92e6d0476fc894d5b22da18992359480e96b661d12708
GET /?p=12663&media_type=mainstream&click_id=1685617423goa64787b0f85beb&pi=0 HTTP/1.1
Host: 1d6ceb551fc.terrifictc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 01 Jun 2023 11:03:44 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: rts-trck=1; expires=Thu, 01 Jun 2023 11:13:44 GMT; Max-Age=600; path=/; domain=1d6ceb551fc.terrifictc.net
t-uuid=5z3maxlx1650ys1pr2scggw80; expires=Wed, 01 Jun 2033 11:03:44 GMT; Max-Age=315619200; path=/; domain=.terrifictc.net
rts-trck=1; expires=Thu, 01 Jun 2023 11:13:44 GMT; Max-Age=600; path=/; domain=1d6ceb551fc.terrifictc.net
traffic-back=ok; expires=Thu, 01 Jun 2023 11:04:14 GMT; Max-Age=30; path=/; domain=.terrifictc.net
last-modified: Thu, 1 Jun 2023 11:03:44 GMT
expires: Thu, 1 Jun 2023 11:03:44 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex, nofollow
content-encoding: gzip
X-Firefox-Spdy: h2
p.hungama.com/norway_mm_play/index.php/promotion/preview/3?aff_id=1641&click_id=4642842392/&mdnreturn=WDNadlpHRnRiM289
103.56.211.129 6 B URL User Request GET p.hungama.com/norway_mm_play/index.php/promotion/preview/3?aff_id=1641&click_id=4642842392/&mdnreturn=WDNadlpHRnRiM289
IP 103.56.211.129:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type ASCII text, with CRLF line terminators
Hash ed19ca99581136d44b35bbb2240a6bf6
d0ac1626cb4713dd5e6b3ff63d818efac90ab4b3
aea52d27230b89ca1b732866afbe137a98e65100049a56b3293def8d5fe7dda0
GET /norway_mm_play/index.php/promotion/preview/3?aff_id=1641&click_id=4642842392/&mdnreturn=WDNadlpHRnRiM289 HTTP/1.1
Host: p.hungama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=57473eda2bf69dbef537a2d0dd861541_545
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.19.10
Date: Thu, 01 Jun 2023 11:03:47 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 6
Connection: keep-alive
X-Powered-By: PHP/8.1.17
Set-Cookie: PHPSESSID=57473eda2bf69dbef537a2d0dd861541_545; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: https://p.hungama.com/norway_mm_play/index.php/plan/pack_purchase/164/0/22843?aff_id=1641
Access-Control-Allow-Origin: *
103.56.211.129/he_test/getHeaderForDhiragu.php?url=https%3A%2F%2Fp.hungama.com%2Fnorway_mm_play%2Findex.php%2Fpromotion%2Fpreview%2F3%3Faff_id%3D1641%26click_id%3D4642842392%2F
0.0.0.0 0 B URL User Request GET 103.56.211.129/he_test/getHeaderForDhiragu.php?url=https%3A%2F%2Fp.hungama.com%2Fnorway_mm_play%2Findex.php%2Fpromotion%2Fpreview%2F3%3Faff_id%3D1641%26click_id%3D4642842392%2F
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /he_test/getHeaderForDhiragu.php?url=https%3A%2F%2Fp.hungama.com%2Fnorway_mm_play%2Findex.php%2Fpromotion%2Fpreview%2F3%3Faff_id%3D1641%26click_id%3D4642842392%2F HTTP/1.1
Host: 103.56.211.129
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.19.10
Date: Thu, 01 Jun 2023 11:03:47 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 286
Connection: keep-alive
X-Powered-By: PHP/8.1.17
Location: https://p.hungama.com/norway_mm_play/index.php/promotion/preview/3?aff_id=1641&click_id=4642842392/&mdnreturn=WDNadlpHRnRiM289
p.hungama.com/norway_mm_play/index.php/promotion/preview/3?aff_id=1641&click_id=4642842392
103.56.211.129302 Found 0 B URL User Request GET HTTP/1.1 p.hungama.com/norway_mm_play/index.php/promotion/preview/3?aff_id=1641&click_id=4642842392
IP 103.56.211.129:443
ASN #396982 GOOGLE-CLOUD-PLATFORM
Certificate IssuerGlobalSign nv-sa
Subject*.hungama.com
FingerprintDE:C2:A1:9B:10:8C:5D:B6:7D:2D:6C:80:01:2E:D1:37:53:A8:F0:3C
ValidityTue, 07 Feb 2023 08:08:59 GMT - Sun, 10 Mar 2024 08:08:58 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /norway_mm_play/index.php/promotion/preview/3?aff_id=1641&click_id=4642842392 HTTP/1.1
Host: p.hungama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.19.10
Date: Thu, 01 Jun 2023 11:03:45 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 6
Connection: keep-alive
X-Powered-By: PHP/8.1.17
Set-Cookie: PHPSESSID=57473eda2bf69dbef537a2d0dd861541_545; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: http://103.56.211.129/he_test/getHeaderForDhiragu.php?url=https%3A%2F%2Fp.hungama.com%2Fnorway_mm_play%2Findex.php%2Fpromotion%2Fpreview%2F3%3Faff_id%3D1641%26click_id%3D4642842392%2F
Access-Control-Allow-Origin: *
103.56.211.129/he_test/getHeaderForDhiragu.php?url=https%3A%2F%2Fp.hungama.com%2Fnorway_mm_play%2Findex.php%2Fpromotion%2Fpreview%2F3%3Faff_id%3D1641%26click_id%3D4642842392%2F
0.0.0.0 0 B URL User Request GET 103.56.211.129/he_test/getHeaderForDhiragu.php?url=https%3A%2F%2Fp.hungama.com%2Fnorway_mm_play%2Findex.php%2Fpromotion%2Fpreview%2F3%3Faff_id%3D1641%26click_id%3D4642842392%2F
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /he_test/getHeaderForDhiragu.php?url=https%3A%2F%2Fp.hungama.com%2Fnorway_mm_play%2Findex.php%2Fpromotion%2Fpreview%2F3%3Faff_id%3D1641%26click_id%3D4642842392%2F HTTP/1.1
Host: 103.56.211.129
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
p.hungama.com/norway_mm_play/index.php/plan/pack_purchase/164/0/22843?aff_id=1641
0.0.0.0 0 B URL User Request GET p.hungama.com/norway_mm_play/index.php/plan/pack_purchase/164/0/22843?aff_id=1641
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /norway_mm_play/index.php/plan/pack_purchase/164/0/22843?aff_id=1641 HTTP/1.1
Host: p.hungama.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=57473eda2bf69dbef537a2d0dd861541_545
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache