Report - walter-larence.com/54b9601c-08a1-449d-bb9f-8b82c27d7369

Report Overview

Submitted URL
walter-larence.com/54b9601c-08a1-449d-bb9f-8b82c27d7369
IP
18.193.146.82
ASN
#16509 AMAZON-02
Submitted
2022-12-08 15:57:47
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	680 B	1.9 kB	172.64.155.188
support.palmsbet.com	390324	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	613 B	2.2 kB	78.128.60.140
tgtag.io	35595	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	370 B	24 kB	34.120.230.83
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	29 kB	93.184.220.29
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	373 B	21 kB	216.239.36.178
www.facebook.com	99	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	746 B	349 B	157.240.200.35
stream-683.optimove.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	2.5 kB	107.154.132.121
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	7.1 kB	23.36.76.226
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
adservice.google.com	76	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	737 B	983 B	142.250.74.34
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	516 B	694 B	216.58.211.4
sdkuaservice.optimove.net	38822	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	455 B	615 B	34.102.240.186
click.trafficguard.ai	106951	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	787 B	1.6 kB	35.201.93.108
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	419 B	2.0 kB	142.250.74.106
region1.google-analytics.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	950 B	563 B	216.239.32.36
s2.adform.net	4693	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	388 B	452 B	37.157.2.248
walter-larence.com	208176	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	386 B	872 B	18.193.146.82
adservice.google.no	96969	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	727 B	1.1 kB	142.250.74.130
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	515 B	694 B	142.250.74.35
sdk-cdn.optimove.net	23584	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	815 B	50 kB	35.201.79.141
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	7.3 kB	71 kB	142.250.74.131
connect.facebook.net	139	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	374 B	32 kB	157.240.200.14
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	59 kB	34.120.237.76
api.trafficguard.ai	35142	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	521 B	1.1 kB	34.120.121.20
realtime-683.optimove.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	1.6 kB	107.154.132.121
www.palmsbet.com	205486	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	580 B	958 B	104.26.7.160
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.148.69.31
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	382 B	74 kB	142.250.74.168
512974245.fls.doubleclick.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	734 B	1.2 kB	142.250.74.38
stats.g.doubleclick.net	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	604 B	711 B	108.177.14.154
track.adform.net	3564	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	1.9 kB	37.157.5.142
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
assets.palms.bet	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	423 B	328 kB	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-08	medium	walter-larence.com/54b9601c-08a1-449d-bb9f-8b82c27d7369	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (26)

	URL	Size	First Seen	Last Seen
	www.palmsbet.com/scripts/init.min.js?v=13.2.5.5	12 kB	2023-03-07	2023-09-17
Pretty URL www.palmsbet.com/scripts/init.min.js?v=13.2.5.5 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-09-17 09:14:06 Times Seen182 Hash ca334ff65b6a9b901c3cced53c428859 03958d996ef9d273213c06c1426a644614afd225 10cd77a8fc1a1c097181884ec32999c90ede84ca0f659be37dbd1d60548f24c4 Loading...

	www.palmsbet.com/scripts/jquery.touchSwipe.min.js	20 kB	2023-03-07	2024-04-19
Pretty URL www.palmsbet.com/scripts/jquery.touchSwipe.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:45 Last Seen2024-04-19 11:28:16 Times Seen1349 Hash f60ff05469d1757996d85f4172d4ff4d 69c8c9f0e0fbd9bd9fd1df6c1a18067256d46c73 a10d7edb8fd307f469beaaa75a725e4bdae24a1b867f5bc7960f01e25c99d8e1 Loading...

	www.palmsbet.com/scripts/jquery.ctdata.js?v=1.635821123.1.1	16 kB	2023-03-07	2023-03-12
Pretty URL www.palmsbet.com/scripts/jquery.ctdata.js?v=1.635821123.1.1 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-03-12 18:12:42 Times Seen1 Hash 9a7efb9b7b85a762cd32d4641b6794ad 367bcc0ad038d630b95192044dbf0df5d286e250 b97c1f79875686cfe870a9a35c5e68655eb52aae26db7cee8f7176a3609250df Loading...

	www.palmsbet.com/bg/pages/wheel-lending/?marketingCode=PB-0115&tgclid=00010005-059c-4daa-a100-22d763920972	1.4 kB	2023-03-08	2023-03-11
Pretty URL www.palmsbet.com/bg/pages/wheel-lending/?marketingCode=PB-0115&tgclid=00010005-059c-4daa-a100-22d763920972 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:22:21 Last Seen2023-03-11 14:26:01 Times Seen1 Hash 01d7231f34458291d406ee2684c23cad 877ec453c6928187c56fca0dd6e3fdd71914c966 d8cf0ce8078c7d92fa874e5e4c99e6127e59799b2a37d4457a8b1d7c42f0f9b2 Loading...

	www.palmsbet.com/bg/pages/wheel-lending/?marketingCode=PB-0115&tgclid=00010005-059c-4daa-a100-22d763920972	486 B	2023-03-07	2023-09-17
Pretty URL www.palmsbet.com/bg/pages/wheel-lending/?marketingCode=PB-0115&tgclid=00010005-059c-4daa-a100-22d763920972 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-09-17 09:14:05 Times Seen102 Hash 4bf0aa2f78f73e506c9c41e11b2ed668 765f0150868fd4bf93e9dd5aa08120deea76d17f fed9a303461e7fb3eb2dcdd78d767d0e1a2b74269040d3600801a8ee48430df1 Loading...

	www.palmsbet.com/scripts/custom.min.js?ver=1670515059457	96 kB	2023-03-08	2023-03-09
Pretty URL www.palmsbet.com/scripts/custom.min.js?ver=1670515059457 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:22:21 Last Seen2023-03-09 01:46:11 Times Seen1 Hash e845db1a48b3c32c5206a72861f993df 0318a7bc21daaa37e689af625355a2d62f708b83 0b7f881b80d68947ba4f3679e77cfddaee811afe69752304260ad6fb8f7436ca Loading...

	www.palmsbet.com/bg/pages/wheel-lending/?marketingCode=PB-0115&tgclid=00010005-059c-4daa-a100-22d763920972	398 B	2023-03-07	2023-09-17
Pretty URL www.palmsbet.com/bg/pages/wheel-lending/?marketingCode=PB-0115&tgclid=00010005-059c-4daa-a100-22d763920972 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-09-17 09:14:05 Times Seen106 Hash 251a94ead46a2087e9b63b61610e48e4 f5c3b3f68055117c6be373bc58a20bc6cb11fe70 b7a2547e06d5ad19132f839bbad92fb9319dec4f287af0adedf16a996a6bbff2 Loading...

	http:blank	684 B	2023-03-08	2023-03-08
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:22:22 Last Seen2023-03-08 22:22:22 Times Seen1 Hash 7bfacef415b1a44ab3e883a7e0264161 89250dcc98179b97008edd0e9bd7c890ced0b009 0b89f8a16b837e4ebb32fffd4fb888d2da6afb5b1c66faa775c684776ca2cba2 Loading...

	www.googletagmanager.com/gtag/js?id=G-JRG87C8CG6&l=dataLayer&cx=c	221 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=G-JRG87C8CG6&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:22:22 Last Seen2023-03-08 22:22:22 Times Seen1 Hash b24721701a9162772d07eaa3d34f8bfb 713cddcb512a0f58623db8fd68c2f093daa600fc f49db8fed83e0b198f4dfa449b32908bfa1071910c222c046d43ae9ffec2a458 Loading...

	www.palmsbet.com/scripts/tab-changes.js	2.3 kB	2023-03-07	2023-09-17
Pretty URL www.palmsbet.com/scripts/tab-changes.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-09-17 09:14:05 Times Seen114 Hash ba13a046eb6675504d302089ca3da833 57c98951979844da1387df31a1a6b010fde86a3f 9db56cd2ede27233110647b8b4e459e90f00210012c4f5373fc894daf8bc9aa2 Loading...

	connect.facebook.net/en_US/fbevents.js	105 kB	2023-03-08	2023-11-28
Pretty URL connect.facebook.net/en_US/fbevents.js IP 157.240.200.14 ASN #32934 FACEBOOK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:10 Last Seen2023-11-28 17:55:58 Times Seen32 Hash a6ef7927128284961f4cadd572969f09 57e21033749687e69de710a0be6d4244edf1fe51 d5c905d7ce4679b183eb11f7c6811682ddffbf0f037590360ae2b1a84a51ef1b Loading...

	www.palmsbet.com/bg/pages/wheel-lending/?marketingCode=PB-0115&tgclid=00010005-059c-4daa-a100-22d763920972	831 B	2023-03-07	2023-09-17
Pretty URL www.palmsbet.com/bg/pages/wheel-lending/?marketingCode=PB-0115&tgclid=00010005-059c-4daa-a100-22d763920972 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-09-17 09:14:05 Times Seen106 Hash 560bac8e455828b0dc18867c6cd9da8b e2a4b0d6a4311c0e34e6233fc6b19b31e5f3172e 3ed5000e5dd3b1a4c8b0da26e131122d6cf65cf1b5ca3f0fb68f85923b512caa Loading...

	track.adform.net/serving/scripts/trackpoint/async/	80 kB	2023-03-08	2023-08-22
Pretty URL track.adform.net/serving/scripts/trackpoint/async/ IP 37.157.5.142 ASN #198622 Adform A/S Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:31:25 Last Seen2023-08-22 11:18:40 Times Seen317 Hash 83eb5fafaa212c785f7393188ff817aa b5a60e05523c4f55e93610169b2c6da627553fc6 45d4d6fe0a9cae467c6d81caef5edd008c13b70ba403979f979fb86d400378c7 Loading...

	track.adform.net/Serving/TrackPoint/?pm=2130909&ADFPageName=WebsiteName%7CSectionName%7CSubSection%7CPageName&ADFdivider=%7C&ord=131106534886&ADFtpmode=2&loc=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fwheel-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D00010005-059c-4daa-a100-22d763920972&CPref=https%3A%2F%2Fwww.palmsbet.com%2F&Set1=en-US%7Cen-US%7C1280x1024%7C24	143 B	2023-03-07	2023-04-05
Pretty URL track.adform.net/Serving/TrackPoint/?pm=2130909&ADFPageName=WebsiteName%7CSectionName%7CSubSection%7CPageName&ADFdivider=%7C&ord=131106534886&ADFtpmode=2&loc=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fwheel-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D00010005-059c-4daa-a100-22d763920972&CPref=https%3A%2F%2Fwww.palmsbet.com%2F&Set1=en-US%7Cen-US%7C1280x1024%7C24 IP 37.157.5.142 ASN #198622 Adform A/S Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-04-05 01:52:35 Times Seen29 Hash ac85d2c997b3f5e1e7ef149366314ae6 0dc97a787c9e8cc8a20fa1ceacc3cad6c1813117 2cb28c9975c6810c04af98601f68a5464fe4929be832e4ba3866e367777155eb Loading...

	www.palmsbet.com/scripts/jquery-3.6.0.min.js	90 kB	2023-03-07	2024-04-25
Pretty URL www.palmsbet.com/scripts/jquery-3.6.0.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-25 10:48:39 Times Seen261135 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	www.palmsbet.com/bg/pages/wheel-lending/?marketingCode=PB-0115&tgclid=00010005-059c-4daa-a100-22d763920972	1.5 kB	2023-03-08	2023-03-08
Pretty URL www.palmsbet.com/bg/pages/wheel-lending/?marketingCode=PB-0115&tgclid=00010005-059c-4daa-a100-22d763920972 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:22:22 Last Seen2023-03-08 22:22:22 Times Seen1 Hash 3afaf3e3c674bcb8a3ceaeba634f30e9 765cad30282ac7300667d18e41e5cca181775b1b c7062a144a7f28275cd9783d95eefb5f90160a29e76a6ea166ef2a66015b7db6 Loading...

	sdk-cdn.optimove.net/websdk/sdk-v2.0.js	49 kB	2023-03-07	2023-03-17
Pretty URL sdk-cdn.optimove.net/websdk/sdk-v2.0.js IP 35.201.79.141 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:08:10 Last Seen2023-03-17 10:40:59 Times Seen1 Hash 763bf6946756f39b98b57a6d2f63d0fc 8ff78f733c928d93aeb0ebeb0a64e8fd327cf53e ea72d65510bac7fef3b1e6751e4498724db58a44048c20418e4ab0b150b8f5ca Loading...

	www.palmsbet.com/scripts/banner-default.js?v=960.1.1?v=1670515059933	9.7 kB	2023-03-07	2023-09-17
Pretty URL www.palmsbet.com/scripts/banner-default.js?v=960.1.1?v=1670515059933 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-09-17 09:14:05 Times Seen111 Hash c2445e7c5b2725bd4a0a7bf9d4b47a42 5cb511abcefb3afb4352edb712b70c49b967bf9c 8f44a77c10b749fc6176d074eb2760aae3e945225264878bb95615cc3b7becbb Loading...

	sdk-cdn.optimove.net/webconfig/f6a9d2d8264c44578514f5b495966bf8/web-configuration.1.0.0.js	106 kB	2023-03-08	2023-03-09
Pretty URL sdk-cdn.optimove.net/webconfig/f6a9d2d8264c44578514f5b495966bf8/web-configuration.1.0.0.js IP 35.201.79.141 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:22:22 Last Seen2023-03-09 17:23:48 Times Seen1 Hash 044186cd97dfb7feaac6bdbc1d29ffee f0f03a516dd432389cd76c9d6761144c5cff4b22 74e9098d71a225bd119495adda9db59c4600412a4102f89c45e440b5a3d17c74 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-08	2024-04-24
Pretty URL www.google-analytics.com/analytics.js IP 216.239.36.178 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:22:31 Last Seen2024-04-24 18:41:20 Times Seen1526 Hash fda30e8a22c9bcd954fd8d0fadd0e77c ae47cd34cbde081a48d7f92fc80aaf06a1381193 b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Loading...

	www.palmsbet.com/affiliate/?marketingCode=PB-0115&banID=&brand=ecasino&ns=w1ako9j1bap75f1l250otob2&clickid=w1ako9j1bap75f1l250otob2&pages=wheel-lending	141 B	2023-03-07	2023-04-05
Pretty URL www.palmsbet.com/affiliate/?marketingCode=PB-0115&banID=&brand=ecasino&ns=w1ako9j1bap75f1l250otob2&clickid=w1ako9j1bap75f1l250otob2&pages=wheel-lending IP 104.26.7.160 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-04-05 01:52:35 Times Seen20 Hash 8cf0d2fe46ea3e75d1aea4708a499488 a37f980aa8b855df6489ca02e5af5dddddf81f9a a1a8f8141097ad0e2373121faf95e8fbbe5411b87c422ade042f84bc3daeac21 Loading...

	tgtag.io/tg.js?pid=tg-g-007125-001	79 kB	2023-03-08	2023-03-12
Pretty URL tgtag.io/tg.js?pid=tg-g-007125-001 IP 34.120.230.83 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:22:22 Last Seen2023-03-12 18:12:42 Times Seen1 Hash 5a7a281d7b06e759000f119a2c803061 018ed88cd45902d17c2601621f86921ea22b49c3 aab44eee17a28478192573a12cbc73eda218fddce11dc358142198eff4047764 Loading...

	http:blank	600 B	2023-03-08	2023-03-11
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:22:22 Last Seen2023-03-11 14:26:01 Times Seen1 Hash dfeb498b886d34444fea1bb696f520ab 82b53d5fd29e659c6394d3684bafc3121c54f52e 2713d9961aea3169b941e4344eeefa2a2230d9bf529baf38d3204fbe1e82d6af Loading...

	www.palmsbet.com/bg/pages/wheel-lending/?marketingCode=PB-0115&tgclid=00010005-059c-4daa-a100-22d763920972	482 B	2023-03-07	2023-09-17
Pretty URL www.palmsbet.com/bg/pages/wheel-lending/?marketingCode=PB-0115&tgclid=00010005-059c-4daa-a100-22d763920972 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-09-17 09:14:05 Times Seen102 Hash fe73caa22b8f6c03742a7ffc028a58ff e60417d12e8953b2b85256bcafa881297160fe36 17bc2ec491a3a53968625e018de6dfb9d3d96c441ce67578c843383f1aeafe6c Loading...

	connect.facebook.net/signals/config/1297212827064514?v=2.9.89&r=stable	300 kB	2023-03-08	2023-03-08
Pretty URL connect.facebook.net/signals/config/1297212827064514?v=2.9.89&r=stable IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:22:22 Last Seen2023-03-08 22:22:22 Times Seen1 Hash d71c26c04c4121225c5e760d0fa66655 cbeb1ea8c5c2836f55a3da9b7d6641c65c4f7de4 d17be8515b400ac64297c8798c62755233aada93bb9a299df5b0901660009ab4 Loading...

	www.palmsbet.com/bg/pages/wheel-lending/?marketingCode=PB-0115&tgclid=00010005-059c-4daa-a100-22d763920972	341 B	2023-03-07	2023-09-17
Pretty URL www.palmsbet.com/bg/pages/wheel-lending/?marketingCode=PB-0115&tgclid=00010005-059c-4daa-a100-22d763920972 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-09-17 09:14:05 Times Seen106 Hash 5e9ed7a18696f9b7182fb8f1c08be46b 1a24b49762f246a4a2c7e73cf1e3ccb971f25bbd 1e9823d571bcd1138a9dae0664827fcb816c423d1cb6941389c74d7e711bb516 Loading...

HTTP Transactions (80)

URL IP Response Size

walter-larence.com/54b9601c-08a1-449d-bb9f-8b82c27d7369

18.193.146.82

302

0 B

URL HTTP/1.1
walter-larence.com/54b9601c-08a1-449d-bb9f-8b82c27d7369
IP
18.193.146.82:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /54b9601c-08a1-449d-bb9f-8b82c27d7369 HTTP/1.1
Host: walter-larence.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 
Server: nginx
Date: Thu, 08 Dec 2022 15:57:36 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://www.palmsbet.com/affiliate/?marketingCode=PB-0115&banID=&brand=ecasino&ns=w1ako9j1bap75f1l250otob2&clickid=w1ako9j1bap75f1l250otob2&pages=wheel-lending
Pragma: no-cache
Set-Cookie: 54b9601c-08a1-449d-bb9f-8b82c27d7369-v4=HG2K4dEFDVDACrWrqBVwnkEBT4F17mrmmY4Som8jsAc; Max-Age=86400; Expires=Fri, 09-Dec-2022 15:57:36 GMT; Domain=walter-larence.com; Path=/; HttpOnly
cc-v4=MubKO5Dldm%2Fq7X6uITHjVIKjyGVT4GyjcR7aLWYyg%2FYbXi%2BDwi7QRp8%2BbWBBb5xGkOUILk%2FgntkJ2DlW7SLN7cztBPqUKw7ErSG99Dv1jQpG48BwAIcZETxwrV0SmfUaZcPDlcDKeR1Und6LoB7m3w%3D%3D; Max-Age=31536000; Expires=Fri, 08-Dec-2023 15:57:36 GMT; Domain=walter-larence.com; Path=/; HttpOnly

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14719
Expires: Thu, 08 Dec 2022 20:02:56 GMT
Date: Thu, 08 Dec 2022 15:57:37 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2acd891dc6eb1f09f57a2b086791781
1e2088306501a61edcca1ade62c4d54f23b3b083
51148fed95cc00d60dc3640350f135b1b2763ff0e3cfbffc40f0948317894be9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11700
Expires: Thu, 08 Dec 2022 19:12:37 GMT
Date: Thu, 08 Dec 2022 15:57:37 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 08 Dec 2022 15:08:13 GMT
content-type: application/json
age: 2964
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c3470f9f0a4df8c1496b577fa9435ff6
f83b0226bb57ed0f3e1acdad61b940414add135d
f542579e3a3577a646babde862282c2afda6ed784360a915143216100f7a3d91

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F542579E3A3577A646BABDE862282C2AFDA6ED784360A915143216100F7A3D91"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9095
Expires: Thu, 08 Dec 2022 18:29:12 GMT
Date: Thu, 08 Dec 2022 15:57:37 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: RRjfeobYjBRoydtF9/OKVnbEQW7r9I+7wt2JR1Nz4WhWgqQn4vKJURgRUn9E/o/IqL4LaQ0NBw0=
x-amz-request-id: MQWKDS6FJH2FDMCP
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 08 Dec 2022 15:49:50 GMT
age: 467
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
4ff31a88f869fadb7e94ea85a8b1c2e7
e039829e5a70b34d844eca0c79132488b14fe361
3c628e605f6bcb3d60da7f412b6a7361ee50ab5ba4f25c5a5b0eee3401a07f28

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1065
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:57:37 GMT
Last-Modified: Thu, 08 Dec 2022 15:39:52 GMT
Server: ECS (amb/6BB6)
X-Cache: HIT
Content-Length: 280

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 15:57:37 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
4ff31a88f869fadb7e94ea85a8b1c2e7
e039829e5a70b34d844eca0c79132488b14fe361
3c628e605f6bcb3d60da7f412b6a7361ee50ab5ba4f25c5a5b0eee3401a07f28

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1065
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:57:37 GMT
Last-Modified: Thu, 08 Dec 2022 15:39:52 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 280

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Cache-Control, Backoff, Content-Length, Content-Type, Last-Modified, ETag, Expires, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 08 Dec 2022 15:07:58 GMT
age: 2979
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fd55f4aaaab6ec40bc7dc10252cd819a
a72523f60be265a391fa9edc43e0a93418ad1fd0
bae354b3db14f4fd115311a0c412c9b5e436dd9e0a151afd8b9c18831dd8c2dd

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 318
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:57:37 GMT
Last-Modified: Thu, 08 Dec 2022 15:52:19 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4abee4fcbb9881c586cb84f22cb36ad8
70cf3f72fa65156ebe19a447aa810cc3ebb22577
9f4f7866f347fb90785d7de7bfd165c2f28a6d44db21cd56dc9987946bbce54b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9F4F7866F347FB90785D7DE7BFD165C2F28A6D44DB21CD56DC9987946BBCE54B"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17332
Expires: Thu, 08 Dec 2022 20:46:29 GMT
Date: Thu, 08 Dec 2022 15:57:37 GMT
Connection: keep-alive

ocsp.pki.goog/s/gts1d4/3NyyQ-iGzDY

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/3NyyQ-iGzDY
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8108b47c3f4fa73d52826e51695da4a2
120faac43f07a2afacab185b2e4bf695dac55740
2655adaf2ccb9780c3cc947a77a486614666fa96ebb4889d9a911e142a309920

HTTP Headers

POST /s/gts1d4/3NyyQ-iGzDY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:57:37 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

54.148.69.31

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.148.69.31:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Sd8Bmo1ONTAwVr1Nqb+I9A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: aonX+C8dNt/CyvGFwAz0l+qK8cQ=

click.trafficguard.ai/?organisation_id=palmsbet_affiliate&property_id=tg-007126-001&source_id=PB-0115&campaign_id=&site_id=&partner_click_id=w1ako9j1bap75f1l250otob2&keyword=w1ako9j1bap75f1l250otob2&click_time=2022-12-08%2017-57-37&destination_url=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fwheel-lending%2F%3FmarketingCode%3DPB-0115

35.201.93.108

302 Found

280 B

URL HTTP/2
click.trafficguard.ai/?organisation_id=palmsbet_affiliate&property_id=tg-007126-001&source_id=PB-0115&campaign_id=&site_id=&partner_click_id=w1ako9j1bap75f1l250otob2&keyword=w1ako9j1bap75f1l250otob2&click_time=2022-12-08%2017-57-37&destination_url=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fwheel-lending%2F%3FmarketingCode%3DPB-0115
IP
35.201.93.108:0
ASN
#15169 GOOGLE

File type
HTML document, ASCII text, with no line terminators
Size
280 B (280 bytes)
Hash
fe7fd3093a29b2164f6545359460ee21
047d091be34c639de0beb7395c98c5d11aa3e3be
2b23cfce603e8bb6e0b8e67a179bab04e8cd213b81ceaa83542ecff5acd8f414

HTTP Headers

GET /?organisation_id=palmsbet_affiliate&property_id=tg-007126-001&source_id=PB-0115&campaign_id=&site_id=&partner_click_id=w1ako9j1bap75f1l250otob2&keyword=w1ako9j1bap75f1l250otob2&click_time=2022-12-08%2017-57-37&destination_url=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fwheel-lending%2F%3FmarketingCode%3DPB-0115 HTTP/1.1
Host: click.trafficguard.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
expect-ct: max-age=0, report-uri="https://trafficguard.report-uri.com/r/d/ct/reportOnly"
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: geid=0f01002b-1113-45f2-a700-216b63920972; Domain=.trafficguard.ai; Path=/; Expires=Fri, 08 Dec 2023 15:57:38 GMT; HttpOnly; Secure; SameSite=None
geid-legacy=0f01002b-1113-45f2-a700-216b63920972; Domain=.trafficguard.ai; Path=/; Expires=Fri, 08 Dec 2023 15:57:38 GMT; HttpOnly
DC_27f0dd1cd8fd1ea7a1331b53d10294e0=ScX964GiTffdgCjkwS+BAu+c6MdHowKa9EAv0gJw/kpNfDom9zYeBBojynkd2SyHNLWEmY8KU37r2+o82IjhC4JKxsGRR3mPMi3Xy0u5gOAsB/6vFuFsFManRbUvwdSghR0XwVCC; Domain=.trafficguard.ai; Path=/; Expires=Fri, 09 Dec 2022 15:57:38 GMT; HttpOnly; Secure; SameSite=None
DC_27f0dd1cd8fd1ea7a1331b53d10294e0-legacy=ScX964GiTffdgCjkwS+BAu+c6MdHowKa9EAv0gJw/kpNfDom9zYeBBojynkd2SyHNLWEmY8KU37r2+o82IjhC4JKxsGRR3mPMi3Xy0u5gOAsB/6vFuFsFManRbUvwdSghR0XwVCC; Domain=.trafficguard.ai; Path=/; Expires=Fri, 09 Dec 2022 15:57:38 GMT; HttpOnly
location: https://www.palmsbet.com/bg/pages/wheel-lending/?marketingCode=PB-0115&tgclid=00010005-059c-4daa-a100-22d763920972
vary: Accept
content-type: text/html; charset=utf-8
content-length: 280
date: Thu, 08 Dec 2022 15:57:38 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1d4/3NyyQ-iGzDY

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/3NyyQ-iGzDY
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8108b47c3f4fa73d52826e51695da4a2
120faac43f07a2afacab185b2e4bf695dac55740
2655adaf2ccb9780c3cc947a77a486614666fa96ebb4889d9a911e142a309920

HTTP Headers

POST /s/gts1d4/3NyyQ-iGzDY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:57:38 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

support.palmsbet.com/affiliate/?marketingCode=PB-0115&banID=&brand=ecasino&ns=w1ako9j1bap75f1l250otob2&clickid=w1ako9j1bap75f1l250otob2&pages=wheel-lending&or_ref=

78.128.60.140

302 Found

1.3 kB

URL HTTP/2
support.palmsbet.com/affiliate/?marketingCode=PB-0115&banID=&brand=ecasino&ns=w1ako9j1bap75f1l250otob2&clickid=w1ako9j1bap75f1l250otob2&pages=wheel-lending&or_ref=
IP
78.128.60.140:0
ASN
#31083 Telepoint Ltd

File type
data
Size
1.3 kB (1292 bytes)
Hash
2e533b7e4e8f72e56bdbf41d48a03555
985319f3e85c436a8709df0fe562bc79e3734c72
00589d62dda7677f6467f0f0690d4dfe20cacf5709227f661eeecae3c1e1d700

HTTP Headers

GET /affiliate/?marketingCode=PB-0115&banID=&brand=ecasino&ns=w1ako9j1bap75f1l250otob2&clickid=w1ako9j1bap75f1l250otob2&pages=wheel-lending&or_ref= HTTP/1.1
Host: support.palmsbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site

HTTP/2 302 Found
content-encoding: gzip
vary: Accept-Encoding,Origin
set-cookie: affClick=%7B%22marketingCode%22%3A%22PB-0115%22%2C%22banID%22%3A%22%22%2C%22clickid%22%3A%22w1ako9j1bap75f1l250otob2%22%2C%22ns%22%3A%22w1ako9j1bap75f1l250otob2%22%7D; expires=Sat, 07-Jan-2023 15:57:37 GMT; Max-Age=2592000; path=/; domain=palmsbet.com
marketingCode=PB-0115; expires=Sat, 07-Jan-2023 15:57:37 GMT; Max-Age=2592000; path=/; domain=palmsbet.com
location: https://click.trafficguard.ai/?organisation_id=palmsbet_affiliate&property_id=tg-007126-001&source_id=PB-0115&campaign_id=&site_id=&partner_click_id=w1ako9j1bap75f1l250otob2&keyword=w1ako9j1bap75f1l250otob2&click_time=2022-12-08 17-57-37&destination_url=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fwheel-lending%2F%3FmarketingCode%3DPB-0115
content-type: text/html; charset=UTF-8
date: Thu, 08 Dec 2022 15:57:37 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

859 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
859 B (859 bytes)
Hash
6718c8a888f9f8d7fbc98a44c484608e
466df860398a9433b72ba3aaaa9117575deb4ceb
e1972c947802d3a18e27505f65187a75bad7d6acb2649350b995fe763e82bd5f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:57:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

33 kB

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
Applesoft BASIC program data, first line number 22\012- data
Size
33 kB (32865 bytes)
Hash
5254fb890f9ca12de855c19b097622d8
9a9f5fccf725f511d631b4a6cc94a9779f4c3408
c35aa91e7ea2d94e3cb3136f83c2ead1e40411caae9aa08f08584afa7ac546b4

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:57:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-W23TMFB

142.250.74.168

200 OK

73 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-W23TMFB
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
Unicode text, UTF-8 text, with very long lines (8066)
Size
73 kB (72846 bytes)
Hash
9c61ced72524e1335eb75498540e6c86
342cc2664d867d53967d872fe35a6f100b44d642
a490f2781a1c2f29998d3baa2722ac388291d5979402bb578dea87881b949abc

HTTP Headers

GET /gtm.js?id=GTM-W23TMFB HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 08 Dec 2022 15:57:38 GMT
expires: Thu, 08 Dec 2022 15:57:38 GMT
cache-control: private, max-age=900
last-modified: Thu, 08 Dec 2022 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 72846
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

6.4 kB

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
6.4 kB (6379 bytes)
Hash
f4e2c289a0a696af5c80daf75ccd5aaf
c0b955da7cefbeaf9b55b85a06949ab1fc6c9278
ecc1cb05baa76767b8e5f78a4c62bc86f9e6889ccbe37b711fffa8f5226933b0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:57:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

2.8 kB

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
2.8 kB (2831 bytes)
Hash
b4e074ffede6e0c0493ef989f5cfb88c
278f69bbdf5af2b2d3e6abc8740aded6846acd17
04e8af4f008730c84968fe8419a63f3b7fe2ad3fa81f13694488600a81fc2fdd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:57:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1d4/X8hj4uttkxY

142.250.74.131

200 OK

859 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/X8hj4uttkxY
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
859 B (859 bytes)
Hash
484f9a398315fb98f43129bbfc58b3ba
c3cb4da54cf2371139a6edf18c0708db27dc489b
69ec3d49e4bf3656806a809309c850b5659ad7fe4d9cb0a3b2346e34c3862f9a

HTTP Headers

POST /s/gts1d4/X8hj4uttkxY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:57:38 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

tgtag.io/tg.js?pid=tg-g-007125-001

34.120.230.83

200 OK

23 kB

URL HTTP/2
tgtag.io/tg.js?pid=tg-g-007125-001
IP
34.120.230.83:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65536), with no line terminators
Size
23 kB (23252 bytes)
Hash
5ae7fd84e73cc02591dc4ea376966a7b
41c775b24e5f040d331b1f985663fec9e46870ee
9e44e3d0899676a75f6ac7019813475cadf9dddfbf23c526ea1a82c426021536

HTTP Headers

GET /tg.js?pid=tg-g-007125-001 HTTP/1.1
Host: tgtag.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-guploader-uploadid: ADPycdsXEyHZofSydD9RwBxISSlxorw8eU6FUI_JG2Q5RkPPs4fQpJBzPJ-hk6k6qG2iqdJy5JU5rBmKDV9d2e-OjMDQPB2vfMS5
x-goog-generation: 1670244518023196
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 23252
content-encoding: gzip
x-goog-hash: crc32c=N/2l/w==, md5=Wuf9hOc8wCWR3E6jdpZqew==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
content-length: 23252
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Access-Control-Allow-Origin
server: UploadServer
date: Thu, 08 Dec 2022 12:51:46 GMT
expires: Fri, 09 Dec 2022 12:51:46 GMT
cache-control: public, no-transform, max-age=86400, s-maxage=86400
age: 11152
last-modified: Mon, 05 Dec 2022 12:48:38 GMT
etag: "5ae7fd84e73cc02591dc4ea376966a7b"
content-type: application/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1d4/X8hj4uttkxY

142.250.74.131

200 OK

15 kB

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/X8hj4uttkxY
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
15 kB (15081 bytes)
Hash
3f8e1fc0cfc3cff91646ce61eb0aa8f8
d18bbbc654b64962fe4401651de9b19668d5160b
a9cd3188623a823ebcc7e28a398a6f6251240c9ea046bccaecb7c868d52e5ed0

HTTP Headers

POST /s/gts1d4/X8hj4uttkxY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:57:38 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

9.7 kB

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
9.7 kB (9673 bytes)
Hash
17bfebde3cc79badde62be8ce380268d
95118b4b2bbe2145393af48f2805034cddeb6600
920a86982d291670a87d4f1bf3ad1eeee385040a7a12abda709b673d2b045cd4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:57:38 GMT
Server: ECS (amb/6BA2)
Content-Length: 279

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
1d710c2ae0ff0416ce1764fb7693d013
c1c510bda24203ddf2d803c081b623709ba55fa6
775db3bc6b40a9276261cf44642fe22183fda853674d9d16db709e0a7239b408

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:57:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

assets.palms.bet/uploads/WinterWheel_1920x600_bg.jpg

188.114.97.1

200 OK

328 kB

URL HTTP/2
assets.palms.bet/uploads/WinterWheel_1920x600_bg.jpg
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, progressive, precision 8, 1920x600, components 3\012- data
Size
328 kB (327822 bytes)
Hash
c448028bb3d94e9ded3685bc367a59e6
5815b1149b9e5583a3e074b0102a5266e9614e39
f75c90ea6b269d66441af1bae32a36514b277686625b499ace838af7a1241b24

HTTP Headers

GET /uploads/WinterWheel_1920x600_bg.jpg HTTP/1.1
Host: assets.palms.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 08 Dec 2022 15:57:39 GMT
content-type: image/jpeg
content-length: 327822
last-modified: Thu, 03 Nov 2022 08:36:36 GMT
vary: Origin, Accept-Encoding
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=erIU0wifbjGZZKWoQVFLeLLMdJCMnjJCH4Fz5%2BWqiyjb7VkDlaUuWvAwREQ%2FaX7Di2aHGzVRNANQdZExPYg5lqW9k3Wo9NPSp3rvkXgQqjOXYfZweWI86uRPlP0qD%2Fm%2F6jZx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7766b2aeafde0b31-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

512974245.fls.doubleclick.net/activityi;src=512974245;type=invmedia;cat=allvi0;ord=1;num=632925481880;gtm=2wgbu0;auiddc=1982467116.1670515058;~oref=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fwheel-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D00010005-059c-4daa-a100-22d763920972?

142.250.74.38

200 OK

306 B

URL HTTP/2
512974245.fls.doubleclick.net/activityi;src=512974245;type=invmedia;cat=allvi0;ord=1;num=632925481880;gtm=2wgbu0;auiddc=1982467116.1670515058;~oref=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fwheel-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D00010005-059c-4daa-a100-22d763920972?
IP
142.250.74.38:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (559), with no line terminators
Size
306 B (306 bytes)
Hash
85f828d8a780379a78fd75401f075420
9419657cf17d09e9badcb876b6acb4c61cfea7bc
cac8a8d02649a443e1784e4e89795e62e9ebd1e07601d8b8514eade2aa27a55d

HTTP Headers

GET /activityi;src=512974245;type=invmedia;cat=allvi0;ord=1;num=632925481880;gtm=2wgbu0;auiddc=1982467116.1670515058;~oref=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fwheel-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D00010005-059c-4daa-a100-22d763920972? HTTP/1.1
Host: 512974245.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 15:57:39 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 306
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 08-Dec-2022 16:12:39 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
0ff333bec9f1d35333c3a7f6fad8a936
af6fd1e6436aa1412ff668c46da66f51b1e7cb80
dbde184120758857ba8370e8b407aae29dd50fa7200f5515e8129ee3d9989bd3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:57:39 GMT
Last-Modified: Thu, 08 Dec 2022 15:57:38 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
7d047c6733f9c8d5998cae08d314f084
c23a8dce8a76dd01e22650fc1c19af2bae963008
d13c4f663e010387e21eece93c733faf5f2c3f9ff8ffca7aad99235aa990bea5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 651
Cache-Control: max-age=127901
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:57:39 GMT
Etag: "63915785-1d7"
Expires: Sat, 10 Dec 2022 03:29:20 GMT
Last-Modified: Thu, 08 Dec 2022 03:18:29 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c7a5f887bbc7d30b9cfe15163c3d8ddb
21d65790a1d10a06d198b54218365aa474126e1c
2a2e7930f967d947cc5293c95221913e24596773577bbf56ff402db6236bbda1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:57:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
82fe344091a7fb91113742b06e991694
8beb6c9547d3b04b341e03559bc868d9d8eb4f95
315eca86217123eed9a0817b39026b72ff82e16e68f938a2bf683999bf90cdbd

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6488
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:57:39 GMT
Last-Modified: Thu, 08 Dec 2022 14:09:31 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

www.google-analytics.com/analytics.js

216.239.36.178

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
216.239.36.178:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20039 bytes)
Hash
47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Thu, 08 Dec 2022 14:41:08 GMT
expires: Thu, 08 Dec 2022 16:41:08 GMT
cache-control: public, max-age=7200
age: 4591
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
1d710c2ae0ff0416ce1764fb7693d013
c1c510bda24203ddf2d803c081b623709ba55fa6
775db3bc6b40a9276261cf44642fe22183fda853674d9d16db709e0a7239b408

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:57:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

connect.facebook.net/en_US/fbevents.js

157.240.200.14

200 OK

30 kB

URL HTTP/2
connect.facebook.net/en_US/fbevents.js
IP
157.240.200.14:0
ASN
#32934 FACEBOOK

File type
data
Size
30 kB (30203 bytes)
Hash
dfb4355991fecaed5b5f22dc894a28d1
220ef2d85a251f55854359dc283407e4c818fc3b
7031aa56c2aade3b75bf58a2cbd82b782a17031d7c52748bfd8ec5da3ee5113c

HTTP Headers

GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: jPBLIAB2FKqWlDT4JZ682EfK8C3FKajDzHunshPLEBqkM2khIBvTMZ5MdeiBlvBrA0GI36gpcvecn4mkU0TXIQ==
priority: u=3,i
content-length: 27340
x-fb-trip-id: 1679558926
date: Thu, 08 Dec 2022 15:57:39 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a938af990a97b9856e1174d11c72cbf7
b57716fd0ea9a1e9e0a0595ff593f939560c0abf
6ab769333b231097d077edfbc1c3fc9560de5ae9bfeb5b8360dea8b7fadbcb44

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:57:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap

142.250.74.106

200 OK

1.3 kB

URL HTTP/2
fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
data
Size
1.3 kB (1268 bytes)
Hash
2e1d7470a01b2b09dad331165df32b70
24a8471c081c8ed8f557fe473d6718ebfaa05e96
dd75dc839999200f1cde02044dc8b605b09c5ca66dd8a5fc7375ea61ed7e4deb

HTTP Headers

GET /css2?family=Roboto:wght@400;500;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 08 Dec 2022 15:57:38 GMT
date: Thu, 08 Dec 2022 15:57:38 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

15 kB

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
15 kB (15188 bytes)
Hash
18848020a33d1f5dfb25e5f43286e9ae
2b869125ac881686263d9909b7f77dfdff3c324d
e06ad858a9c3db513e34952d2239a7f61ba9860cec0f681e9e850d708dc7c29f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 651
Cache-Control: max-age=127901
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:57:39 GMT
Etag: "63915785-1d7"
Expires: Sat, 10 Dec 2022 03:29:20 GMT
Last-Modified: Thu, 08 Dec 2022 03:18:29 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
6d7737802f93eeb14503d61c77c137bc
fa6861c298d00f879b9f16af4f05470cecfc80af
6b1b9763bcfaeb92a63ad6020651b3745e8279c634eb3505fc9fa875e772af42

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:57:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-99030406-1&cid=986327644.1670515058&jid=531858313&gjid=259611708&_gid=168287658.1670515059&_u=YCDAgEABAAAAAEAAI~&z=715299945

108.177.14.154

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-99030406-1&cid=986327644.1670515058&jid=531858313&gjid=259611708&_gid=168287658.1670515059&_u=YCDAgEABAAAAAEAAI~&z=715299945
IP
108.177.14.154:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-99030406-1&cid=986327644.1670515058&jid=531858313&gjid=259611708&_gid=168287658.1670515059&_u=YCDAgEABAAAAAEAAI~&z=715299945 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Content-Type: text/plain
Content-Length: 0
Origin: https://www.palmsbet.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://www.palmsbet.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 08 Dec 2022 15:57:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1d4/vKqCWYpZukg

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/vKqCWYpZukg
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
388b9656fdfed5954714ddf87e441f54
e666757132d4dbb90a236d3e45ae54d211d25726
d700aca6348134d4a90aa6451795ec4e062c9e8364093906b99271e9f57234fc

HTTP Headers

POST /s/gts1d4/vKqCWYpZukg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:57:39 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14869
Expires: Thu, 08 Dec 2022 20:05:28 GMT
Date: Thu, 08 Dec 2022 15:57:39 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14869
Expires: Thu, 08 Dec 2022 20:05:28 GMT
Date: Thu, 08 Dec 2022 15:57:39 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14869
Expires: Thu, 08 Dec 2022 20:05:28 GMT
Date: Thu, 08 Dec 2022 15:57:39 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14869
Expires: Thu, 08 Dec 2022 20:05:28 GMT
Date: Thu, 08 Dec 2022 15:57:39 GMT
Connection: keep-alive

adservice.google.com/ddm/fls/i/src=512974245;type=invmedia;cat=allvi0;ord=1;num=632925481880;gtm=2wgbu0;auiddc=1982467116.1670515058;~oref=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fwheel-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D00010005-059c-4daa-a100-22d763920972

142.250.74.34

200 OK

303 B

URL HTTP/2
adservice.google.com/ddm/fls/i/src=512974245;type=invmedia;cat=allvi0;ord=1;num=632925481880;gtm=2wgbu0;auiddc=1982467116.1670515058;~oref=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fwheel-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D00010005-059c-4daa-a100-22d763920972
IP
142.250.74.34:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (558), with no line terminators
Size
303 B (303 bytes)
Hash
0e132deb734432a66617b44494ecb32b
23cbf29233c5c3eaa02744b4bf0d027713ea13cc
ddacfcc03af6e8f10466920d22684ed59c7de10e2e391a5a9cf9674bb0531f17

HTTP Headers

GET /ddm/fls/i/src=512974245;type=invmedia;cat=allvi0;ord=1;num=632925481880;gtm=2wgbu0;auiddc=1982467116.1670515058;~oref=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fwheel-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D00010005-059c-4daa-a100-22d763920972 HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://512974245.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 15:57:39 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 303
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbba0eea-a6f1-4374-a9c7-dab84270023b.jpeg

34.120.237.76

200 OK

7.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbba0eea-a6f1-4374-a9c7-dab84270023b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.3 kB (7268 bytes)
Hash
24d89b69ba37bf23c5d576aff4063caf
3d46a21b4da571d7e4962e335c18a28ca5f81ecf
09b52cdab278805c6e7282f469a02768ee62fc9ef09a6623a337e3d3aaa446fd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbba0eea-a6f1-4374-a9c7-dab84270023b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7268
x-amzn-requestid: ae5c231c-b1be-498a-a242-e8d641f3fe8e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czFDgEzUoAMFgyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911baf-10f06dc37cac69631c823fd9;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 23:03:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wFqXeAYHSBcj85PiuqhV790clAMWg_NHMCO5Q5WARXDaohFWZdeCig==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:19:17 GMT
age: 59902
etag: "3d46a21b4da571d7e4962e335c18a28ca5f81ecf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74e98e03-fa9f-4e56-a8ba-5411568d88c8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.6 kB (9596 bytes)
Hash
c408efaa98ac2ce63bb1618368d10c15
a51bbb49ebd862d04eaee465d0a35b22dcd21391
077eb8c8739f527828c71c25a1c3aaae46afead3aac093ec11a6d5488ef2f0ec

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74e98e03-fa9f-4e56-a8ba-5411568d88c8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9596
x-amzn-requestid: e5e6ceb2-5bad-4146-a9de-92a859716029
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy3_qH63oAMFfLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639106ca-678bed1b7729b8aa2645688d;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:34:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dcHU93cetsY4-vWHpT2xXozH1T7J3_1X8n6Yjd6lOuF8HbkpTQDerg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:13:24 GMT
etag: "a51bbb49ebd862d04eaee465d0a35b22dcd21391"
content-type: image/jpeg
age: 63855
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6557 bytes)
Hash
210b27f5f6310d8fad640acce3d9ae0e
08d241e56622cb900754d95bc5d58ed8826d9f32
64410e13759cdfa24976dcba0c64aca27edc3ee56358f344e55f60793422e3ea

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: 0232ddcd-8274-431e-a55e-8298fbfd6dfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cmcuMG6bIAMFUng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c0e5a-3cc17121425f87321ce7ae7e;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 03:04:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: EeYw3qxRNMEhtLkUrHQe5b1H_f2k-5BWSZV4LEZ9U64rqm7Addv_Dw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 06:56:32 GMT
age: 32467
etag: "08d241e56622cb900754d95bc5d58ed8826d9f32"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8659 bytes)
Hash
b87d6543345f73653ed4a49b37d7c959
c4f26846b8b72293368ff16915d49297cf12bbb9
aee6aa42e4b5b83b81f74801ff8f0039fc6d38036f42ee81875813c856cf5eef

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8659
x-amzn-requestid: 6f420d07-65d5-4bb2-9f1f-e56025de497b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czFSYFArIAMF46w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911c0f-0a295e5c48228d5806b4f107;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 23:04:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: TSh1BNzzIPhWCfYEiqvQJckSPAyhHobe-HK6msEVeEJ1ruX-_rMSSA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:35:32 GMT
age: 58927
etag: "c4f26846b8b72293368ff16915d49297cf12bbb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4119e239-0c3b-4175-bfe0-f5d42729d743.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.8 kB (7801 bytes)
Hash
8c94003641bb5a7595e7004f80f95d22
3446450df60d732f9021d5bfd5f5f7c6c870d9ec
4d782dbf94b2163e9bc18028cd0c1a391fdcfcb019f23c4c26ea0b44432039ff

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4119e239-0c3b-4175-bfe0-f5d42729d743.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7801
x-amzn-requestid: cb8d5aab-409f-4b39-b498-b1ba84f34e06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czFRNHX4oAMFvoQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911c07-7c6e3bfa3f81082b48f43fa9;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 23:04:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 8QHhEAFHTHd-5UqS1S5qwJj_h4WNfix2CgS4MO4zR_psrzgMP3SZ5g==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:16:35 GMT
age: 60064
etag: "3446450df60d732f9021d5bfd5f5f7c6c870d9ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9301ee5-df75-4967-a2c7-597f869e557b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12534 bytes)
Hash
57be99ac898a37d73f2ba4a24f56248f
04e32eb45581201a6a1863200e4d139df48285e6
a20081b64fc019372843360b15aa3461ec9dd3deb50ab398bca0a5e74d5468c2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9301ee5-df75-4967-a2c7-597f869e557b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12534
x-amzn-requestid: 2a01f2ba-cf3a-4f59-8339-214c66bcc0d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czDbyGTcoAMF_TQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911918-5d3eba8d01e4175a71acc6cd;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 22:52:08 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NoZlZ8WFfOuIbkWaC2pJPJQrWtjzz2gCHJWr-u-nMNYmu8MkTf6_PA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:03:58 GMT
age: 60821
etag: "04e32eb45581201a6a1863200e4d139df48285e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
6d7737802f93eeb14503d61c77c137bc
fa6861c298d00f879b9f16af4f05470cecfc80af
6b1b9763bcfaeb92a63ad6020651b3745e8279c634eb3505fc9fa875e772af42

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:57:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a938af990a97b9856e1174d11c72cbf7
b57716fd0ea9a1e9e0a0595ff593f939560c0abf
6ab769333b231097d077edfbc1c3fc9560de5ae9bfeb5b8360dea8b7fadbcb44

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:57:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c221e4deeb8144b7fc354cce5dc563f8
578e9395e2800e2e19bde2a1d49d9501f6aa3364
258bf83c23b05e8bc9b987e849a194b9f81742ee4268f6453a1e88bfaca959f5

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:57:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

api.trafficguard.ai/tg-g-007125-001/api/v4/client-side/validate/event

34.120.121.20

200 OK

61 B

URL HTTP/2
api.trafficguard.ai/tg-g-007125-001/api/v4/client-side/validate/event
IP
34.120.121.20:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
61 B (61 bytes)
Hash
1ee7cd02b35c7097455eca23d537d40b
f95ae0ab0201aaef86698c9ac66d680fd4e046a0
18cccf9f3ae615df065ef20111e050bb202254d4cf780c150927f51d00d6bffc

HTTP Headers

POST /tg-g-007125-001/api/v4/client-side/validate/event HTTP/1.1
Host: api.trafficguard.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Content-Length: 2363
Origin: https://www.palmsbet.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
expect-ct: max-age=0, report-uri="https://trafficguard.report-uri.com/r/d/ct/reportOnly"
x-xss-protection: 0
x-content-type-options: nosniff
access-control-allow-origin: https://www.palmsbet.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-Requested-With, Access-Control-Allow-Origin, Access-Control-Allow-Credentials
set-cookie: geid=01010049-2777-4b98-9b00-0a5263920973; Domain=.trafficguard.ai; Path=/; Expires=Fri, 08 Dec 2023 15:57:39 GMT; HttpOnly; Secure; SameSite=None
geid-legacy=01010049-2777-4b98-9b00-0a5263920973; Domain=.trafficguard.ai; Path=/; Expires=Fri, 08 Dec 2023 15:57:39 GMT; HttpOnly
content-type: application/json; charset=utf-8
content-length: 61
etag: W/"3d-+VrgqwIBqu+GaYyaxm1oD9TgRqA"
date: Thu, 08 Dec 2022 15:57:39 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1d4/vKqCWYpZukg

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/vKqCWYpZukg
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
388b9656fdfed5954714ddf87e441f54
e666757132d4dbb90a236d3e45ae54d211d25726
d700aca6348134d4a90aa6451795ec4e062c9e8364093906b99271e9f57234fc

HTTP Headers

POST /s/gts1d4/vKqCWYpZukg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:57:39 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

adservice.google.no/ddm/fls/i/src=512974245;type=invmedia;cat=allvi0;ord=1;num=632925481880;gtm=2wgbu0;auiddc=1982467116.1670515058;~oref=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fwheel-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D00010005-059c-4daa-a100-22d763920972

142.250.74.130

200 OK

85 B

URL HTTP/2
adservice.google.no/ddm/fls/i/src=512974245;type=invmedia;cat=allvi0;ord=1;num=632925481880;gtm=2wgbu0;auiddc=1982467116.1670515058;~oref=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fwheel-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D00010005-059c-4daa-a100-22d763920972
IP
142.250.74.130:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
85 B (85 bytes)
Hash
4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb

HTTP Headers

GET /ddm/fls/i/src=512974245;type=invmedia;cat=allvi0;ord=1;num=632925481880;gtm=2wgbu0;auiddc=1982467116.1670515058;~oref=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fwheel-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D00010005-059c-4daa-a100-22d763920972 HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 15:57:39 GMT
expires: Thu, 08 Dec 2022 15:57:39 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8129d4d0ebab3efc528f57883dfb30ba
be557eee6cd854421ec872673041867c73369fa2
ed95fb60948c81a74657e5964798a07145fe91fee47cb270006f62294a5670b1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:57:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

track.adform.net/Serving/TrackPoint/?pm=2130909&ADFPageName=WebsiteName%7CSectionName%7CSubSection%7CPageName&ADFdivider=%7C&ord=131106534886&ADFtpmode=2&loc=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fwheel-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D00010005-059c-4daa-a100-22d763920972&CPref=https%3A%2F%2Fwww.palmsbet.com%2F&Set1=en-US%7Cen-US%7C1280x1024%7C24

37.157.5.142

302 Found

734 B

URL HTTP/2
track.adform.net/Serving/TrackPoint/?pm=2130909&ADFPageName=WebsiteName%7CSectionName%7CSubSection%7CPageName&ADFdivider=%7C&ord=131106534886&ADFtpmode=2&loc=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fwheel-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D00010005-059c-4daa-a100-22d763920972&CPref=https%3A%2F%2Fwww.palmsbet.com%2F&Set1=en-US%7Cen-US%7C1280x1024%7C24
IP
37.157.5.142:0
ASN
#198622 Adform A/S

File type
data
Size
734 B (734 bytes)
Hash
58facd1d21c64e6b1ceb2b752105c9aa
0940bc69a29e01239e65f5a5b41b0f9ebd20df3f
88f8d59c0552384f83b082a48db45022410014479a022fb702b80bdac4bfbc12

HTTP Headers

GET /Serving/TrackPoint/?pm=2130909&ADFPageName=WebsiteName%7CSectionName%7CSubSection%7CPageName&ADFdivider=%7C&ord=131106534886&ADFtpmode=2&loc=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fwheel-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D00010005-059c-4daa-a100-22d763920972&CPref=https%3A%2F%2Fwww.palmsbet.com%2F&Set1=en-US%7Cen-US%7C1280x1024%7C24 HTTP/1.1
Host: track.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
server: nginx
date: Thu, 08 Dec 2022 15:57:39 GMT
content-type: text/html; charset=utf-8
location: https://track.adform.net/Serving/TrackPoint/?CC=1&pm=2130909&ADFPageName=WebsiteName%7CSectionName%7CSubSection%7CPageName&ADFdivider=%7C&ord=131106534886&ADFtpmode=2&loc=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fwheel-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D00010005-059c-4daa-a100-22d763920972&CPref=https%3A%2F%2Fwww.palmsbet.com%2F&Set1=en-US%7Cen-US%7C1280x1024%7C24
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: C=1; domain=adform.net; expires=Sun, 08-Jan-2023 15:57:39 GMT; path=/
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8129d4d0ebab3efc528f57883dfb30ba
be557eee6cd854421ec872673041867c73369fa2
ed95fb60948c81a74657e5964798a07145fe91fee47cb270006f62294a5670b1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:57:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8274b291596906eb3779dccb82ec41cb
b2ec554df1fa55e18a4316b76ac617dc626b7598
69129be0a1c2e3d1dfc602aea4ef004ea01b3bfa6c5863bd225843472f1bb7c8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:57:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

region1.google-analytics.com/g/collect?v=2&tid=G-JRG87C8CG6&gtm=2oebu0&_p=290491794&cid=986327644.1670515058&ul=en-us&sr=1280x1024&_s=1&sid=1670515058&sct=1&seg=0&dl=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fwheel-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D00010005-059c-4daa-a100-22d763920972&dr=https%3A%2F%2Fwww.palmsbet.com%2F&dt=Palms%20Bet%20-%20%D1%81%D0%BF%D0%BE%D1%80%D1%82%D0%BD%D0%B8%20%D0%B7%D0%B0%D0%BB%D0%BE%D0%B7%D0%B8%20%D0%B8%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%D0%BA%D0%B0%D0%B7%D0%B8%D0%BD%D0%BE&en=page_view&_fv=1&_nsi=1&_ss=1

216.239.32.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-JRG87C8CG6&gtm=2oebu0&_p=290491794&cid=986327644.1670515058&ul=en-us&sr=1280x1024&_s=1&sid=1670515058&sct=1&seg=0&dl=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fwheel-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D00010005-059c-4daa-a100-22d763920972&dr=https%3A%2F%2Fwww.palmsbet.com%2F&dt=Palms%20Bet%20-%20%D1%81%D0%BF%D0%BE%D1%80%D1%82%D0%BD%D0%B8%20%D0%B7%D0%B0%D0%BB%D0%BE%D0%B7%D0%B8%20%D0%B8%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%D0%BA%D0%B0%D0%B7%D0%B8%D0%BD%D0%BE&en=page_view&_fv=1&_nsi=1&_ss=1
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-JRG87C8CG6&gtm=2oebu0&_p=290491794&cid=986327644.1670515058&ul=en-us&sr=1280x1024&_s=1&sid=1670515058&sct=1&seg=0&dl=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fwheel-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D00010005-059c-4daa-a100-22d763920972&dr=https%3A%2F%2Fwww.palmsbet.com%2F&dt=Palms%20Bet%20-%20%D1%81%D0%BF%D0%BE%D1%80%D1%82%D0%BD%D0%B8%20%D0%B7%D0%B0%D0%BB%D0%BE%D0%B7%D0%B8%20%D0%B8%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%D0%BA%D0%B0%D0%B7%D0%B8%D0%BD%D0%BE&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Origin: https://www.palmsbet.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://www.palmsbet.com
date: Thu, 08 Dec 2022 15:57:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-99030406-1&cid=986327644.1670515058&jid=531858313&_u=YCDAgEABAAAAAEAAI~&z=1766875007

216.58.211.4

200 OK

42 B

URL HTTP/2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-99030406-1&cid=986327644.1670515058&jid=531858313&_u=YCDAgEABAAAAAEAAI~&z=1766875007
IP
216.58.211.4:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-99030406-1&cid=986327644.1670515058&jid=531858313&_u=YCDAgEABAAAAAEAAI~&z=1766875007 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 15:57:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-99030406-1&cid=986327644.1670515058&jid=531858313&_u=YCDAgEABAAAAAEAAI~&z=1766875007

142.250.74.35

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-99030406-1&cid=986327644.1670515058&jid=531858313&_u=YCDAgEABAAAAAEAAI~&z=1766875007
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-99030406-1&cid=986327644.1670515058&jid=531858313&_u=YCDAgEABAAAAAEAAI~&z=1766875007 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 15:57:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.facebook.com/tr/?id=1297212827064514&ev=PageView&dl=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fwheel-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D00010005-059c-4daa-a100-22d763920972&rl=https%3A%2F%2Fwww.palmsbet.com%2F&if=false&ts=1670515059108&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1670515059108.1007466077&it=1670515058634&coo=false&rqm=GET

157.240.200.35

200 OK

0 B

URL HTTP/2
www.facebook.com/tr/?id=1297212827064514&ev=PageView&dl=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fwheel-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D00010005-059c-4daa-a100-22d763920972&rl=https%3A%2F%2Fwww.palmsbet.com%2F&if=false&ts=1670515059108&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1670515059108.1007466077&it=1670515058634&coo=false&rqm=GET
IP
157.240.200.35:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tr/?id=1297212827064514&ev=PageView&dl=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fwheel-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D00010005-059c-4daa-a100-22d763920972&rl=https%3A%2F%2Fwww.palmsbet.com%2F&if=false&ts=1670515059108&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1670515059108.1007466077&it=1670515058634&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin: 
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Thu, 08 Dec 2022 15:57:39 GMT
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
9992fab2e1385fb844342dfb4c3ce59f
b69ecde6ac3eeade253f949884d7744f8b3629f9
3ad35ceb31ebc18f51c3cac6660402e37b86151e32d378b892c0e2894cbc3713

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 15:57:40 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 08 Dec 2022 03:29:12 GMT
Expires: Thu, 15 Dec 2022 03:29:11 GMT
Etag: "b69ecde6ac3eeade253f949884d7744f8b3629f9"
Cache-Control: max-age=559290,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7766b2b91dcbb50b-OSL

sdk-cdn.optimove.net/websdk/sdk-v2.0.js

35.201.79.141

200 OK

41 kB

URL HTTP/2
sdk-cdn.optimove.net/websdk/sdk-v2.0.js
IP
35.201.79.141:0
ASN
#15169 GOOGLE

File type
data
Size
41 kB (41387 bytes)
Hash
6b8023aa57d6d377e4942b827f0e1527
b6607f0826af604bc4bab39f095e4666b63fbc61
8c427406e6d4d5faa017ed1935aed090203c31ccac20542329def74e0a0e442a

HTTP Headers

GET /websdk/sdk-v2.0.js HTTP/1.1
Host: sdk-cdn.optimove.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-guploader-uploadid: ADPycdtyzpl5wK3nwiXVk4SIuXPy2BBQmfNmMwanLVapU7M94MwTJVRVMkaUDZQSsnHXFN_TXPe7kJVosRXX7arN1rXwkw
x-goog-generation: 1659950707998011
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 16535
content-encoding: gzip
x-goog-hash: crc32c=xz9KiA==, md5=KdEyRrK6U4R6eXFdlWmWMA==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
content-length: 16535
server: UploadServer
date: Thu, 08 Dec 2022 08:12:39 GMT
age: 27901
last-modified: Mon, 08 Aug 2022 09:25:08 GMT
etag: "29d13246b2ba53847a79715d95699630"
content-type: application/javascript
cache-control: public,max-age=3600,no-transform
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
9992fab2e1385fb844342dfb4c3ce59f
b69ecde6ac3eeade253f949884d7744f8b3629f9
3ad35ceb31ebc18f51c3cac6660402e37b86151e32d378b892c0e2894cbc3713

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 15:57:40 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 08 Dec 2022 03:29:12 GMT
Expires: Thu, 15 Dec 2022 03:29:11 GMT
Etag: "b69ecde6ac3eeade253f949884d7744f8b3629f9"
Cache-Control: max-age=559290,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7766b2b99e92b50b-OSL

sdk-cdn.optimove.net/webconfig/f6a9d2d8264c44578514f5b495966bf8/web-configuration.1.0.0.js

35.201.79.141

200 OK

7.4 kB

URL HTTP/2
sdk-cdn.optimove.net/webconfig/f6a9d2d8264c44578514f5b495966bf8/web-configuration.1.0.0.js
IP
35.201.79.141:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65536), with no line terminators
Size
7.4 kB (7407 bytes)
Hash
2072214c66dc2c3f8c3f16520a05d906
ac2900743be301320f15503d2dcb28c98a5b2dba
630024db182b8e0d91fd3da454c986e0555e2f0a9cdd5354a809f6a4df9f0737

HTTP Headers

GET /webconfig/f6a9d2d8264c44578514f5b495966bf8/web-configuration.1.0.0.js HTTP/1.1
Host: sdk-cdn.optimove.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-guploader-uploadid: ADPycdtxnC1hgL-dzZxsDO0rTh6BGzFaWqDHhbHXwTW-LARI86pBzLUAy_RmXWHHPK-IGLQJGkQ_W9meSoTe5sojENN1SfOgC__6
x-goog-generation: 1670422439998726
x-goog-metageneration: 3
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 7407
content-encoding: gzip
x-goog-hash: crc32c=Cbsd0g==, md5=IHIhTGbcLD+MPxZSCgXZBg==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
content-length: 7407
server: UploadServer
date: Thu, 08 Dec 2022 15:57:40 GMT
last-modified: Wed, 07 Dec 2022 14:14:00 GMT
etag: "2072214c66dc2c3f8c3f16520a05d906"
content-type: application/json
age: 0
cache-control: public,max-age=300,no-transform
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

sdkuaservice.optimove.net/

34.102.240.186

200 OK

361 B

URL HTTP/2
sdkuaservice.optimove.net/
IP
34.102.240.186:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text
Size
361 B (361 bytes)
Hash
3083d0e97d9681d8731856bcc2d38dc0
0d962f0c4fd88ef4e6613e5ea47e5998f13ac636
eb902e82d3845ac4d70e6edd86509b810996391fce4434547483a457b34f0e1f

HTTP Headers

GET / HTTP/1.1
Host: sdkuaservice.optimove.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Content-Type: application/x-www-form-urlencoded;charset=utf-8
Origin: https://www.palmsbet.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-powered-by: Express
access-control-allow-origin: *
content-type: application/json
date: Thu, 08 Dec 2022 15:57:41 GMT
content-length: 361
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

stream-683.optimove.net/

107.154.132.121

204 No Content

0 B

URL HTTP/2
stream-683.optimove.net/
IP
107.154.132.121:0
ASN
#19551 INCAPSULA

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS / HTTP/1.1
Host: stream-683.optimove.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-request-id
Referer: https://www.palmsbet.com/
Origin: https://www.palmsbet.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
vary: Access-Control-Request-Headers
access-control-allow-headers: content-type,x-request-id
access-control-max-age: 86400
content-length: 0
date: Thu, 08 Dec 2022 15:57:41 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
set-cookie: visid_incap_2816538=xs0PMVW3Qv2m9o4attTmXnUJkmMAAAAAQUIPAAAAAADtDN8bBD1vuvjVpQ3n6aJ0; expires=Thu, 07 Dec 2023 22:33:43 GMT; HttpOnly; path=/; Domain=.optimove.net
incap_ses_721_2816538=kvgfDmNU3DcVv5Dz84EBCnUJkmMAAAAAGVO6AcB5BbUmWsE9fMWEsQ==; path=/; Domain=.optimove.net
x-cdn: Imperva
x-iinfo: 14-103828754-103828757 NNNN CT(2 5 0) RT(1670515061027 24) q(0 0 0 0) r(0 0) U6
X-Firefox-Spdy: h2

realtime-683.optimove.net/reportEvent

107.154.132.121

204 No Content

0 B

URL HTTP/2
realtime-683.optimove.net/reportEvent
IP
107.154.132.121:0
ASN
#19551 INCAPSULA

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /reportEvent HTTP/1.1
Host: realtime-683.optimove.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-request-id
Referer: https://www.palmsbet.com/
Origin: https://www.palmsbet.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
vary: Access-Control-Request-Headers
access-control-allow-headers: content-type,x-request-id
access-control-max-age: 86400
content-length: 0
date: Thu, 08 Dec 2022 15:57:41 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
set-cookie: visid_incap_2819049=tR4573weQPamJf0JwS0f3nUJkmMAAAAAQUIPAAAAAAAdGUVdOTi1w2sRTEp0/VqC; expires=Thu, 07 Dec 2023 22:33:43 GMT; HttpOnly; path=/; Domain=.optimove.net
incap_ses_721_2819049=ESnqD5iYkVEuv5Dz84EBCnUJkmMAAAAAJAyVAAhf223lUE2l9yTyDg==; path=/; Domain=.optimove.net
x-cdn: Imperva
x-iinfo: 14-103828754-103828778 NNNN CT(1 4 0) RT(1670515061027 322) q(0 0 0 0) r(0 0) U6
X-Firefox-Spdy: h2

stream-683.optimove.net/

107.154.132.121

200 OK

214 B

URL HTTP/2
stream-683.optimove.net/
IP
107.154.132.121:0
ASN
#19551 INCAPSULA

File type
data
Size
214 B (214 bytes)
Hash
80b72c1d0efadffaf0abd1a3ad28ee2e
b9869956c855f9c24f0abb44c754cb5690a728c9
c1d6726b4c937b627b54b0b49b667fa1d551904210f2124047bb617bf24769b2

HTTP Headers

POST / HTTP/1.1
Host: stream-683.optimove.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Content-Type: application/json
X-Request-ID: 7ae2e645-a026-4a2f-9b04-5b56ac940f4d
Origin: https://www.palmsbet.com
Content-Length: 672
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-powered-by: Express
access-control-allow-origin: *
content-type: application/json; charset=utf-8
etag: W/"31-VBJUIz7Kde79U+OfFQjiVzm+KH0"
date: Thu, 08 Dec 2022 15:57:41 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
set-cookie: visid_incap_2816538=xs0PMVW3Qv2m9o4attTmXnUJkmMAAAAAQUIPAAAAAADtDN8bBD1vuvjVpQ3n6aJ0; expires=Thu, 07 Dec 2023 22:33:43 GMT; HttpOnly; path=/; Domain=.optimove.net
incap_ses_721_2816538=Uoftc0EFFEAVv5Dz84EBCnUJkmMAAAAAlwyRT5Pu6kPN883fksRPlA==; path=/; Domain=.optimove.net
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 14-103828754-103828757 PNYN RT(1670515061027 73) q(0 0 0 1) r(0 0) U6
X-Firefox-Spdy: h2

stream-683.optimove.net/

107.154.132.121

200 OK

66 B

URL HTTP/2
stream-683.optimove.net/
IP
107.154.132.121:0
ASN
#19551 INCAPSULA

File type
JSON data\012- , ASCII text, with no line terminators
Size
66 B (66 bytes)
Hash
8adb60ddcbac5945ce1c214abcbbae9f
5953424a11acf6d9a26fcac44a721275f3c94ee8
2afb58bc9e130c67950578a9f9c4d8e86527ca17f8e851264e64736b4cb61886

HTTP Headers

POST / HTTP/1.1
Host: stream-683.optimove.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Content-Type: application/json
X-Request-ID: e6634b93-9358-4ff5-8109-7bf927aba1e8
Origin: https://www.palmsbet.com
Content-Length: 656
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-powered-by: Express
access-control-allow-origin: *
content-type: application/json; charset=utf-8
etag: W/"31-oSnBXkG0c/UHMrnxC+1XWW+VQ2Y"
date: Thu, 08 Dec 2022 15:57:44 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
set-cookie: visid_incap_2816538=xs0PMVW3Qv2m9o4attTmXnUJkmMAAAAAQUIPAAAAAADtDN8bBD1vuvjVpQ3n6aJ0; expires=Thu, 07 Dec 2023 22:33:43 GMT; HttpOnly; path=/; Domain=.optimove.net
incap_ses_721_2816538=wS+yURvGxFEVv5Dz84EBCncJkmMAAAAAl1dqOkDAcD68YGfmiJPG4w==; path=/; Domain=.optimove.net
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 14-103828754-103828757 PNYN RT(1670515061027 2466) q(0 0 0 0) r(1 1) U6
X-Firefox-Spdy: h2

s2.adform.net/banners/scripts/st/trackpoint-async.js

37.157.2.248

200 OK

0 B

URL HTTP/2
s2.adform.net/banners/scripts/st/trackpoint-async.js
IP
37.157.2.248:0
ASN
#198622 Adform A/S

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /banners/scripts/st/trackpoint-async.js HTTP/1.1
Host: s2.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 15:57:39 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 29 Nov 2022 10:23:25 GMT
x-rgw-object-type: Normal
etag: W/"83eb5fafaa212c785f7393188ff817aa"
x-amz-request-id: tx0000062cf0e7d8446165f-006385e0d3-329354d9-default
access-control-allow-origin: *
cache-control: public, max-age=604800
x-cache-status: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

track.adform.net/serving/scripts/trackpoint/async/

37.157.5.142

301 Moved Permanently

0 B

URL HTTP/2
track.adform.net/serving/scripts/trackpoint/async/
IP
37.157.5.142:0
ASN
#198622 Adform A/S

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /serving/scripts/trackpoint/async/ HTTP/1.1
Host: track.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
server: nginx
date: Thu, 08 Dec 2022 15:57:39 GMT
content-type: text/html
location: https://s2.adform.net/banners/scripts/st/trackpoint-async.js
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

realtime-683.optimove.net/reportEvent

107.154.132.121

200 OK

0 B

URL HTTP/2
realtime-683.optimove.net/reportEvent
IP
107.154.132.121:0
ASN
#19551 INCAPSULA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /reportEvent HTTP/1.1
Host: realtime-683.optimove.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Content-Type: application/json
X-Request-ID: 12590eb6-a211-42cc-ae36-22ae373d3172
Origin: https://www.palmsbet.com
Content-Length: 656
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,Content-Type
content-type: application/json
date: Thu, 08 Dec 2022 15:57:44 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
set-cookie: visid_incap_2819049=tR4573weQPamJf0JwS0f3nUJkmMAAAAAQUIPAAAAAAAdGUVdOTi1w2sRTEp0/VqC; expires=Thu, 07 Dec 2023 22:33:43 GMT; HttpOnly; path=/; Domain=.optimove.net
incap_ses_721_2819049=Gj8bDMmi0D4uv5Dz84EBCncJkmMAAAAAGl0pPsyre8BHluLs0mzRpA==; path=/; Domain=.optimove.net
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 14-103828754-103828778 PNYN RT(1670515061027 2535) q(0 0 0 3) r(1 1) U6
X-Firefox-Spdy: h2

www.palmsbet.com/affiliate/?marketingCode=PB-0115&banID=&brand=ecasino&ns=w1ako9j1bap75f1l250otob2&clickid=w1ako9j1bap75f1l250otob2&pages=wheel-lending

104.26.7.160

200 OK

0 B

URL HTTP/2
www.palmsbet.com/affiliate/?marketingCode=PB-0115&banID=&brand=ecasino&ns=w1ako9j1bap75f1l250otob2&clickid=w1ako9j1bap75f1l250otob2&pages=wheel-lending
IP
104.26.7.160:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /affiliate/?marketingCode=PB-0115&banID=&brand=ecasino&ns=w1ako9j1bap75f1l250otob2&clickid=w1ako9j1bap75f1l250otob2&pages=wheel-lending HTTP/1.1
Host: www.palmsbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Thu, 08 Dec 2022 15:57:37 GMT
content-type: text/html
last-modified: Tue, 23 Nov 2021 13:23:59 GMT
cache-control: no-store
access-control-allow-credentials: true
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'none'
x-xss-protection: 1
x-frame-options: DENY
strict-transport-security: max-age=63072000; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H37H3j8TFZF6afwotf8AQQ2rCUW%2FitYDNz3eXSSG%2FnvcWXpAX4uSoWP64GlxfuRig%2FZrkB7zJ1YuyFF5ePLSBz6Ncooug55oTIW5donudPymHWpkBm0%2BaakRq1V2G8bO2O0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7766b2a3ae2eb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (26)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations