| trk.myperfect2give.com/f8686198-b0d4-49e7-b252-628961eb4475?zoneid=3287336&campaignid=8102131&bannerid=20780813&zone_type={zone_type}&user_activity=high&subzone_id=5118358&cost=0.009600&visitor_id=806575204414267392 |  18.193.209.105 | 302 Found | 0 B |
URL User Request GET HTTP/2trk.myperfect2give.com/f8686198-b0d4-49e7-b252-628961eb4475?zoneid=3287336&campaignid=8102131&bannerid=20780813&zone_type={zone_type}&user_activity=high&subzone_id=5118358&cost=0.009600&visitor_id=806575204414267392 IP18.193.209.105:443
CertificateIssuerSectigo Limited Subjecttrk.myperfect2give.com FingerprintF3:DD:33:D7:91:CB:5C:91:F3:0F:8B:13:4E:FC:E6:41:41:C7:E4:FE ValidityTue, 12 Sep 2023 00:00:00 GMT - Sat, 12 Oct 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /f8686198-b0d4-49e7-b252-628961eb4475?zoneid=3287336&campaignid=8102131&bannerid=20780813&zone_type={zone_type}&user_activity=high&subzone_id=5118358&cost=0.009600&visitor_id=806575204414267392 HTTP/1.1
Host: trk.myperfect2give.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Tue, 23 Apr 2024 20:41:40 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://track.africabetpartners.com/visit/?bta=36489&nci=5983&afp0=wi93nhbuqt5454q0314jdmke&utm_campaign=28
pragma: no-cache
set-cookie: f8686198-b0d4-49e7-b252-628961eb4475-v4=EbfVrchl1b7h6eaeraK7JtnKBlpz3wLURYLfdV28Zpg; Max-Age=86400; Expires=Wed, 24-Apr-2024 20:41:40 GMT; Domain=trk.myperfect2give.com; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=UdhRlImO%2Fwj%2BMLz0%2FgaNJEaUKO7iSkk4UB%2Bqybl4psLukdV2dZl1lHo47lGRDkZyTAGgI%2BRq9rgprSQOyveXsmDpq8kYbS5AH3%2BM3ZsictIBVMq76A4Pj2Y38C6wg5GEBOMTN7GaZzktmFgus46Wxw%3D%3D; Max-Age=31536000; Expires=Wed, 23-Apr-2025 20:41:40 GMT; Domain=trk.myperfect2give.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
|
|
| track.africabetpartners.com/visit/?bta=36489&nci=5983&afp0=wi93nhbuqt5454q0314jdmke&utm_campaign=28 | 35.234.86.61 | 302 Moved Temporarily | 3 B |
URL User Request GET HTTP/1.1track.africabetpartners.com/visit/?bta=36489&nci=5983&afp0=wi93nhbuqt5454q0314jdmke&utm_campaign=28 IP35.234.86.61:443 ASN#396982 GOOGLE-CLOUD-PLATFORM
CertificateIssuerLet's Encrypt Subjectafricabetpartners-tracking.cxaff.com FingerprintEF:A8:22:58:6D:D3:AB:4C:3F:0A:3E:E2:A4:4E:29:81:88:39:8E:5E ValiditySat, 13 Apr 2024 03:00:38 GMT - Fri, 12 Jul 2024 03:00:37 GMT
File typeASCII text, with no line terminators Hash43e819cfbef2c8fc69c227513504087b 3ea645da8b9c23cfcf4e75e45b2ea79c5ec89c4a 82985617ce795510ad965737efe6b5a76411b26a6d7453ff4ba680e856377bc8
GET /visit/?bta=36489&nci=5983&afp0=wi93nhbuqt5454q0314jdmke&utm_campaign=28 HTTP/1.1
Host: track.africabetpartners.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: rhino-core-shield
Date: Tue, 23 Apr 2024 20:41:41 GMT
Content-Type: application/octet-stream
Content-Length: 3
Connection: keep-alive
Set-cookie: winner-v=435860; Max-Age=2678400; Path=/; Expires=Fri, 24 May 2024 20:41:41 GMT; HttpOnly
expires: 0
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
surrogate-control: no-store
location: https://lp.winner.rw/?cxd=cxd_36489_435860_|afp0:wi93nhbuqt5454q0314jdmke
referer:
X-Cache-Status: MISS
access-control-allow-origin: *, *
|
|
| lp.winner.rw/?cxd=cxd_36489_435860_|afp0:wi93nhbuqt5454q0314jdmke |  104.18.40.150 | 403 Forbidden | 1.7 kB |
URL User Request GET HTTP/1.1lp.winner.rw/?cxd=cxd_36489_435860_|afp0:wi93nhbuqt5454q0314jdmke IP104.18.40.150:80
File typeHTML document, ASCII text, with very long lines (394) Hash2f9390a191f162680630d8949f75541b 48928907345664e1cf7230e0a68e9a7fefff9826 e199aa987fc715f65a8f8b99031932e51614816ed7602575a9a63fffc7f4b087
GET /?cxd=cxd_36489_435860_|afp0:wi93nhbuqt5454q0314jdmke HTTP/1.1
Host: lp.winner.rw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Tue, 23 Apr 2024 20:41:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: max-age=15
Expires: Tue, 23 Apr 2024 20:41:56 GMT
Set-Cookie: __cf_bm=Ma.6Yhgx0_418HsRDNOaZic9V_7R8FjMtI26Z_ED1qI-1713904901-1.0.1.1-C7EdLTkq_qmhAuh5Hx3wEPSZHqzilQZCkbTFF37jy0rI3Le09y5tpXCkRgSFJqUo.vvhkYiK3i.FEdPnJenBJA; path=/; expires=Tue, 23-Apr-24 21:11:41 GMT; domain=.winner.rw; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8790ad03cdc056bf-OSL
Content-Encoding: gzip
|
|
| lp.winner.rw/cdn-cgi/styles/cf.errors.css | 104.18.40.150 | 200 OK | 4.5 kB |
URL GET HTTP/1.1lp.winner.rw/cdn-cgi/styles/cf.errors.css IP104.18.40.150:80
Requested byhttp://lp.winner.rw/?cxd=cxd_36489_435860_|afp0:wi93nhbuqt5454q0314jdmke
File typeASCII text, with very long lines (24050) Hash5e8c69a459a691b5d1b9be442332c87d f24dd1ad7c9080575d92a9a9a2c42620725ef836 84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
GET /cdn-cgi/styles/cf.errors.css HTTP/1.1
Host: lp.winner.rw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://lp.winner.rw/?cxd=cxd_36489_435860_|afp0:wi93nhbuqt5454q0314jdmke
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 20:41:41 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 19 Apr 2024 20:54:07 GMT
ETag: W/"6622d9ef-5df3"
Server: cloudflare
CF-RAY: 8790ad049e9f56bf-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Tue, 23 Apr 2024 22:41:41 GMT
Cache-Control: max-age=7200, public
Content-Encoding: gzip
|
|
| lp.winner.rw/cdn-cgi/images/browser-bar.png?1376755637 | 104.18.40.150 | 200 OK | 715 B |
URL GET HTTP/1.1lp.winner.rw/cdn-cgi/images/browser-bar.png?1376755637 IP104.18.40.150:80
Requested byhttp://lp.winner.rw/?cxd=cxd_36489_435860_|afp0:wi93nhbuqt5454q0314jdmke
File typePNG image data, 960 x 53, 8-bit colormap, non-interlaced Hash226dcb8f6144bdaafdfbd8f2f354be64 3785cc5b3bf52f8e398177b0ff1020b24aa86b8c 8c873472f4925d5d47521db4d52532d2983e9cb1bde8b43143a6cc6db56c35db
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - Sinkholed / Blocked |
GET /cdn-cgi/images/browser-bar.png?1376755637 HTTP/1.1
Host: lp.winner.rw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://lp.winner.rw/cdn-cgi/styles/cf.errors.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 20:41:41 GMT
Content-Type: image/png
Content-Length: 715
Connection: keep-alive
Last-Modified: Fri, 19 Apr 2024 20:54:07 GMT
ETag: "6622d9ef-2cb"
Server: cloudflare
CF-RAY: 8790ad04cecd56bf-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Tue, 23 Apr 2024 22:41:41 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes
|
|
| lp.winner.rw/cdn-cgi/images/cf-no-screenshot-error.png | 104.18.40.150 | 200 OK | 3.2 kB |
URL GET HTTP/1.1lp.winner.rw/cdn-cgi/images/cf-no-screenshot-error.png IP104.18.40.150:80
Requested byhttp://lp.winner.rw/?cxd=cxd_36489_435860_|afp0:wi93nhbuqt5454q0314jdmke
File typePNG image data, 178 x 175, 8-bit colormap, non-interlaced Hash0d768cbc261841d3affc933b9ac3130e aff136a4c761e1df1ada7e5d9a6ed0ebea74a4b7 1c53772285052e52bb7c12ad46a85a55747ed7bf66963fe1993fcef91ff5b0d0
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - Sinkholed / Blocked |
GET /cdn-cgi/images/cf-no-screenshot-error.png HTTP/1.1
Host: lp.winner.rw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://lp.winner.rw/cdn-cgi/styles/cf.errors.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 20:41:41 GMT
Content-Type: image/png
Content-Length: 3213
Connection: keep-alive
Last-Modified: Fri, 19 Apr 2024 20:54:07 GMT
ETag: "6622d9ef-c8d"
Server: cloudflare
CF-RAY: 8790ad04cac7b4fa-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Tue, 23 Apr 2024 22:41:41 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes
|
|
| lp.winner.rw/favicon.ico | 104.18.40.150 | 403 Forbidden | 1.7 kB |
IP104.18.40.150:80
Requested byhttp://lp.winner.rw/?cxd=cxd_36489_435860_|afp0:wi93nhbuqt5454q0314jdmke
File typeHTML document, ASCII text, with very long lines (394) Hasha8f3609e94dc81e198d4a884fcd0c58c 2764473c85983961672bceb30073b51529370b5d 4c8a3f979c0be63a264e5b875ed25ff1f40f550d780b1561f6174bcffbfdc93f
GET /favicon.ico HTTP/1.1
Host: lp.winner.rw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://lp.winner.rw/?cxd=cxd_36489_435860_|afp0:wi93nhbuqt5454q0314jdmke
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Tue, 23 Apr 2024 20:41:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: max-age=15
Expires: Tue, 23 Apr 2024 20:41:56 GMT
Set-Cookie: __cf_bm=hwUObItKcpV0vcvU5QZbtue6FdJIYBr3CUJf6sfJ3eI-1713904901-1.0.1.1-jr0fbBTKyh27QXJZ1t96b77vVbATcLk6hJId7N_xUBuSE03nW8Wfham_FMjxzRfNu_jiYFbxIUvHzgDAph9oog; path=/; expires=Tue, 23-Apr-24 21:11:41 GMT; domain=.winner.rw; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8790ad050b08b4fa-OSL
Content-Encoding: gzip
|
|
| aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml |  35.244.181.201 | | 444 B |
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP35.244.181.201:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typeXML 1.0 document, ASCII text, with very long lines (332) Hash3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463
GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=Jney8F1kRDOXbgFNXnTnpqs0VTmK1d_krzffla0Ms69_7TporIhQ1re7oayQl6lXwitQkRxIzvXBneDnLn9wJsdY4h6oY4UECRO1FSUIopJ_6J9zSj6aA8AoejGmo0UP
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Tue, 23 Apr 2024 20:39:51 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 128
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
|
|