Report - walter-larence.com/b2259fef-7bfd-4cd4-bb9c-bd2ceb049cf9

Report Overview

Submitted URL
walter-larence.com/b2259fef-7bfd-4cd4-bb9c-bd2ceb049cf9
IP
18.193.146.82
ASN
#16509 AMAZON-02
Submitted
2022-09-05 20:56:31
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	52.42.74.230
512974245.fls.doubleclick.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	728 B	1.3 kB	142.250.74.70
adservice.google.com	76	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	731 B	1.1 kB	142.250.74.162
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.36
tgtag.io	35595	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	358 B	22 kB	34.120.230.83
api.trafficguard.ai	35142	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	509 B	4.6 kB	34.120.121.20
www.palmsbet.top	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	382 B	1.0 MB	78.128.8.67
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	21 kB	142.250.74.174
adservice.google.no	96969	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	721 B	1.2 kB	142.250.74.34
stats.g.doubleclick.net	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	592 B	711 B	142.251.1.156
region1.google-analytics.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	955 B	563 B	216.239.34.36
sdkuaservice.optimove.net	38822	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	443 B	602 B	34.102.240.186
bg.search.etargetnet.com	312870	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	370 B	87 kB	195.168.10.173
sdk-cdn.optimove.net	23584	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	791 B	48 kB	35.201.79.141
click.trafficguard.ai	106951	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	959 B	1.7 kB	35.201.93.108
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	656 B	1.9 kB	172.64.155.188
www.palmsbet.com	205486	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	573 B	952 B	104.26.7.160
walter-larence.com	208176	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	374 B	873 B	18.193.146.82
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.110
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.4 kB	24 kB	142.250.74.3
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	501 B	694 B	142.250.74.3
stream-683.optimove.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	3.0 kB	107.154.132.121
realtime-683.optimove.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	2.4 kB	107.154.132.121
s2.adform.net	4693	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	376 B	425 B	37.157.2.247
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	48 kB	34.120.237.76
track.adform.net	3564	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.8 kB	1.8 kB	37.157.4.25
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	502 B	694 B	142.250.74.164
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	6.8 kB	23.36.77.32
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	3.3 kB	93.184.220.29
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	370 B	72 kB	142.250.74.72
support.palmsbet.com	390324	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	4.8 kB	78.128.60.140
connect.facebook.net	139	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	362 B	28 kB	31.13.72.12

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-05	medium	walter-larence.com/b2259fef-7bfd-4cd4-bb9c-bd2ceb049cf9	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (29)

	URL	Size	First Seen	Last Seen
	www.palmsbet.com/scripts/jquery.ctdata.js?v=1.635821123.1.1	16 kB	2023-03-07	2023-03-12
Pretty URL www.palmsbet.com/scripts/jquery.ctdata.js?v=1.635821123.1.1 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-03-12 18:12:42 Times Seen1 Hash 9a7efb9b7b85a762cd32d4641b6794ad 367bcc0ad038d630b95192044dbf0df5d286e250 b97c1f79875686cfe870a9a35c5e68655eb52aae26db7cee8f7176a3609250df Loading...

	www.palmsbet.com/bg/pages/dice-rules-lending/?marketingCode=PB-0115&tgclid=0b01000f-0810-46ec-9900-0d9263166275	1.5 kB	2023-03-07	2023-03-07
Pretty URL www.palmsbet.com/bg/pages/dice-rules-lending/?marketingCode=PB-0115&tgclid=0b01000f-0810-46ec-9900-0d9263166275 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-03-07 12:59:42 Times Seen1 Hash fb3440540821a3cdaf9fb16090d18a55 15bb77eb4413c287a44877b7e66394dbb9aa9ca7 78ba7fb2a867904833b8ab0911d7c023cbf0a2ee9d65fa2c88c66f06bf54715f Loading...

	tgtag.io/tg.js?pid=tg-g-007125-001	70 kB	2023-03-07	2023-03-17
Pretty URL tgtag.io/tg.js?pid=tg-g-007125-001 IP 34.120.230.83 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:54 Last Seen2023-03-17 10:27:41 Times Seen1 Hash 072552913b5a9426519a0ee5e703f7e9 e72e7b9446a635e4f0e2d96ea76833e2d50ffc2c 612d1b0f62863d524dd2a5075b56db004911caf6783aae042004902c0d05d68c Loading...

	track.adform.net/serving/scripts/trackpoint/async/	83 kB	2023-03-07	2024-04-11
Pretty URL track.adform.net/serving/scripts/trackpoint/async/ IP 37.157.4.25 ASN #198622 Adform A/S Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:51 Last Seen2024-04-11 07:25:49 Times Seen5 Hash 552eeb5f0620fb6f56733d625b5e719e 4b82da5898c97f3db9b9311ab0109231f90cd6d8 ee94251fea8b03da5d0dc6f8489a529c1a2d2a031d874b0ec61866784e3c73c3 Loading...

	www.palmsbet.com/scripts/banner-default.js?v=960.1.1?v=1662411378863	9.7 kB	2023-03-07	2023-09-17
Pretty URL www.palmsbet.com/scripts/banner-default.js?v=960.1.1?v=1662411378863 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-09-17 09:14:05 Times Seen111 Hash c2445e7c5b2725bd4a0a7bf9d4b47a42 5cb511abcefb3afb4352edb712b70c49b967bf9c 8f44a77c10b749fc6176d074eb2760aae3e945225264878bb95615cc3b7becbb Loading...

	sdk-cdn.optimove.net/webconfig/f6a9d2d8264c44578514f5b495966bf8/web-configuration.1.0.0.js	102 kB	2023-03-07	2023-03-08
Pretty URL sdk-cdn.optimove.net/webconfig/f6a9d2d8264c44578514f5b495966bf8/web-configuration.1.0.0.js IP 35.201.79.141 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-03-08 09:40:37 Times Seen1 Hash a8a743f226b75acb68c9da581a537825 a9156ae127054b36efbc94fe9bfce965f5e4580c 78b457e9cae89f8419ff0c240c6c43040ebc3d02759f3be10f26a6855374520d Loading...

	www.palmsbet.com/bg/pages/dice-rules-lending/?marketingCode=PB-0115&tgclid=0b01000f-0810-46ec-9900-0d9263166275	398 B	2023-03-07	2023-09-17
Pretty URL www.palmsbet.com/bg/pages/dice-rules-lending/?marketingCode=PB-0115&tgclid=0b01000f-0810-46ec-9900-0d9263166275 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-09-17 09:14:05 Times Seen106 Hash 251a94ead46a2087e9b63b61610e48e4 f5c3b3f68055117c6be373bc58a20bc6cb11fe70 b7a2547e06d5ad19132f839bbad92fb9319dec4f287af0adedf16a996a6bbff2 Loading...

	sdk-cdn.optimove.net/websdk/sdk-v2.0.js	49 kB	2023-03-07	2023-03-17
Pretty URL sdk-cdn.optimove.net/websdk/sdk-v2.0.js IP 35.201.79.141 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:08:10 Last Seen2023-03-17 10:40:59 Times Seen1 Hash 763bf6946756f39b98b57a6d2f63d0fc 8ff78f733c928d93aeb0ebeb0a64e8fd327cf53e ea72d65510bac7fef3b1e6751e4498724db58a44048c20418e4ab0b150b8f5ca Loading...

	www.palmsbet.com/bg/pages/dice-rules-lending/?marketingCode=PB-0115&tgclid=0b01000f-0810-46ec-9900-0d9263166275	831 B	2023-03-07	2023-09-17
Pretty URL www.palmsbet.com/bg/pages/dice-rules-lending/?marketingCode=PB-0115&tgclid=0b01000f-0810-46ec-9900-0d9263166275 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-09-17 09:14:05 Times Seen106 Hash 560bac8e455828b0dc18867c6cd9da8b e2a4b0d6a4311c0e34e6233fc6b19b31e5f3172e 3ed5000e5dd3b1a4c8b0da26e131122d6cf65cf1b5ca3f0fb68f85923b512caa Loading...

	www.palmsbet.com/scripts/custom.min.js?ver=1662411378490	94 kB	2023-03-07	2023-03-07
Pretty URL www.palmsbet.com/scripts/custom.min.js?ver=1662411378490 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-03-07 12:59:42 Times Seen1 Hash 8f8a5705d4f32d9a63f04f15457f9ad3 4debb3516d0c44b4f24e731804798757fe7074c5 1b0f05387febb249a69afdaa26e4690c2921193df89afe8bc77a4a82d7a04482 Loading...

	www.palmsbet.com/scripts/tab-changes.js?v=1662411378864	2.3 kB	2023-03-07	2023-09-17
Pretty URL www.palmsbet.com/scripts/tab-changes.js?v=1662411378864 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-09-17 09:14:05 Times Seen114 Hash ba13a046eb6675504d302089ca3da833 57c98951979844da1387df31a1a6b010fde86a3f 9db56cd2ede27233110647b8b4e459e90f00210012c4f5373fc894daf8bc9aa2 Loading...

	track.adform.net/Serving/TrackPoint/?pm=2130909&ADFPageName=WebsiteName%7CSectionName%7CSubSection%7CPageName&ADFdivider=%7C&ord=310381909168&Set1=en-US%7Cen-US%7C1280x1024%7C24&CPref=https%3A%2F%2Fwww.palmsbet.com%2F&ADFtpmode=2&loc=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fdice-rules-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D0b01000f-0810-46	143 B	2023-03-07	2023-04-05
Pretty URL track.adform.net/Serving/TrackPoint/?pm=2130909&ADFPageName=WebsiteName%7CSectionName%7CSubSection%7CPageName&ADFdivider=%7C&ord=310381909168&Set1=en-US%7Cen-US%7C1280x1024%7C24&CPref=https%3A%2F%2Fwww.palmsbet.com%2F&ADFtpmode=2&loc=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fdice-rules-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D0b01000f-0810-46 IP 37.157.4.25 ASN #198622 Adform A/S Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-04-05 01:52:35 Times Seen29 Hash ac85d2c997b3f5e1e7ef149366314ae6 0dc97a787c9e8cc8a20fa1ceacc3cad6c1813117 2cb28c9975c6810c04af98601f68a5464fe4929be832e4ba3866e367777155eb Loading...

	http:blank	684 B	2023-03-07	2023-03-07
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-03-07 12:59:42 Times Seen1 Hash d888bd5b7609a877eee309b001bbfe2c 4de3ac0a1b2bfa69856c987670314f7a12694620 84741c59664e7a5d26412e2c280cbd8a47b4e1c9efca36a7970deb31c91fff91 Loading...

	www.palmsbet.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1662408000	37 kB	2023-03-07	2023-03-07
Pretty URL www.palmsbet.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1662408000 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-03-07 12:59:42 Times Seen1 Hash f390cb8db84c647a44c7695a6c45dc71 66102b8ab31c7204cc4730455f34581c2fb507de e43a68077d0ea765e783b23814e1a1becf8f1095d88800b39023d71dfb548ad9 Loading...

	www.palmsbet.com/bg/pages/dice-rules-lending/?marketingCode=PB-0115&tgclid=0b01000f-0810-46ec-9900-0d9263166275	1.4 kB	2023-03-07	2023-03-07
Pretty URL www.palmsbet.com/bg/pages/dice-rules-lending/?marketingCode=PB-0115&tgclid=0b01000f-0810-46ec-9900-0d9263166275 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-03-07 12:59:42 Times Seen1 Hash 655d31dd83304f405045e269c1843ac1 72a8e61bb6d3875446f80e65385b02bed780495a c26f868c4c929e30cd5bd6377ee1734c9248836eab19d2b21a3fbe23efa2f6a8 Loading...

	www.palmsbet.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1662408000	41 kB	2023-03-07	2023-03-07
Pretty URL www.palmsbet.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1662408000 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-03-07 12:59:42 Times Seen1 Hash 5a5bad1756ae5b5c43d31bb03d151263 50606057bde85fc70b5b924276f11f02dc4b3071 587306384836aa886c155e754419baf7f3b2076ef0ac301aa0144e7bd76c6c3b Loading...

	connect.facebook.net/signals/config/1297212827064514?v=2.9.79&r=stable	300 kB	2023-03-07	2023-03-07
Pretty URL connect.facebook.net/signals/config/1297212827064514?v=2.9.79&r=stable IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-03-07 12:59:42 Times Seen1 Hash 614b5b1ec5807703caaaec89c7c27015 1c930243d0f6d75746d6d1b9543ea72cb77ebd32 6058d58f10259618400b7f0ac2e2cf57cf946de6f9d172714d4c877253e65a21 Loading...

	www.palmsbet.com/affiliate/?marketingCode=PB-0115&banID=&brand=ecasino&ns=w300a1muganqm4riitfvslao&clickid=w300a1muganqm4riitfvslao&pages=dice-rules-lending	141 B	2023-03-07	2023-04-05
Pretty URL www.palmsbet.com/affiliate/?marketingCode=PB-0115&banID=&brand=ecasino&ns=w300a1muganqm4riitfvslao&clickid=w300a1muganqm4riitfvslao&pages=dice-rules-lending IP 104.26.7.160 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-04-05 01:52:35 Times Seen20 Hash 8cf0d2fe46ea3e75d1aea4708a499488 a37f980aa8b855df6489ca02e5af5dddddf81f9a a1a8f8141097ad0e2373121faf95e8fbbe5411b87c422ade042f84bc3daeac21 Loading...

	http:blank	600 B	2023-03-07	2023-03-07
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-03-07 12:59:42 Times Seen1 Hash 8d6a621914173d37d7e5a6e28bab167c 1c21608cbfe9829bdba842f8f08c20d7908ecaba eb952a8b3a170f1ac27bc21f4a1f84056b194b1a3a2bd1c91a60cf87db5d0357 Loading...

	www.palmsbet.com/bg/pages/dice-rules-lending/?marketingCode=PB-0115&tgclid=0b01000f-0810-46ec-9900-0d9263166275	486 B	2023-03-07	2023-09-17
Pretty URL www.palmsbet.com/bg/pages/dice-rules-lending/?marketingCode=PB-0115&tgclid=0b01000f-0810-46ec-9900-0d9263166275 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-09-17 09:14:05 Times Seen102 Hash 4bf0aa2f78f73e506c9c41e11b2ed668 765f0150868fd4bf93e9dd5aa08120deea76d17f fed9a303461e7fb3eb2dcdd78d767d0e1a2b74269040d3600801a8ee48430df1 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-07	2024-04-25
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-25 19:24:16 Times Seen842 Hash d40531c5e99a6f84e42535859476fe35 a901817d77b2fe5259c298c91bc65c54d7f8a1a9 a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Loading...

	www.palmsbet.com/scripts/init.min.js?v=13.2.5.5	12 kB	2023-03-07	2023-09-17
Pretty URL www.palmsbet.com/scripts/init.min.js?v=13.2.5.5 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-09-17 09:14:06 Times Seen182 Hash ca334ff65b6a9b901c3cced53c428859 03958d996ef9d273213c06c1426a644614afd225 10cd77a8fc1a1c097181884ec32999c90ede84ca0f659be37dbd1d60548f24c4 Loading...

	www.palmsbet.com/scripts/jquery.touchSwipe.min.js	20 kB	2023-03-07	2024-04-19
Pretty URL www.palmsbet.com/scripts/jquery.touchSwipe.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:45 Last Seen2024-04-19 11:28:16 Times Seen1349 Hash f60ff05469d1757996d85f4172d4ff4d 69c8c9f0e0fbd9bd9fd1df6c1a18067256d46c73 a10d7edb8fd307f469beaaa75a725e4bdae24a1b867f5bc7960f01e25c99d8e1 Loading...

	www.palmsbet.com/bg/pages/dice-rules-lending/?marketingCode=PB-0115&tgclid=0b01000f-0810-46ec-9900-0d9263166275	482 B	2023-03-07	2023-09-17
Pretty URL www.palmsbet.com/bg/pages/dice-rules-lending/?marketingCode=PB-0115&tgclid=0b01000f-0810-46ec-9900-0d9263166275 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-09-17 09:14:05 Times Seen102 Hash fe73caa22b8f6c03742a7ffc028a58ff e60417d12e8953b2b85256bcafa881297160fe36 17bc2ec491a3a53968625e018de6dfb9d3d96c441ce67578c843383f1aeafe6c Loading...

	www.googletagmanager.com/gtag/js?id=G-JRG87C8CG6&l=dataLayer&cx=c	211 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=G-JRG87C8CG6&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-03-07 12:59:42 Times Seen1 Hash 00229fcf04ecc680c2e36222c9352f06 efd7163875de4cb625a05e9c762e97e5e6a7cfc9 332efcbfd121d50398a0d08213dc24bccf125aa3e222948f6e4a7bfa61c8edd0 Loading...

	connect.facebook.net/en_US/fbevents.js	103 kB	2023-03-07	2023-03-17
Pretty URL connect.facebook.net/en_US/fbevents.js IP 31.13.72.12 ASN #32934 FACEBOOK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:05:42 Last Seen2023-03-17 10:42:01 Times Seen1 Hash e61c2ad4afdaf056d9fcbbef6171d5d4 cd5f9eb9f949d9df3ccc612aef7488323d47453d 6a0f07fac6fc58958b0e670e2d2927901e052938b2162c1553817aa4cbf5de2f Loading...

	bg.search.etargetnet.com/j/?h=a10d7cc080adb592	24 B	2023-03-07	2023-04-05
Pretty URL bg.search.etargetnet.com/j/?h=a10d7cc080adb592 IP 195.168.10.173 ASN #5578 SWAN, a.s. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31:15 Last Seen2023-04-05 02:02:51 Times Seen38 Hash 1e3bd14d71f3caf020f1c1b6f17af5c0 6b2cbc5e57a49c3d549a2157110c55f4494766c1 228fd0ed6f7661bc06d1e5474fdc18de96880b002491b53a52ff12bf8ac50945 Loading...

	www.palmsbet.com/scripts/jquery-3.6.0.min.js	90 kB	2023-03-07	2024-04-26
Pretty URL www.palmsbet.com/scripts/jquery-3.6.0.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-26 10:51:24 Times Seen261616 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	www.palmsbet.com/bg/pages/dice-rules-lending/?marketingCode=PB-0115&tgclid=0b01000f-0810-46ec-9900-0d9263166275	341 B	2023-03-07	2023-09-17
Pretty URL www.palmsbet.com/bg/pages/dice-rules-lending/?marketingCode=PB-0115&tgclid=0b01000f-0810-46ec-9900-0d9263166275 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:42 Last Seen2023-09-17 09:14:05 Times Seen106 Hash 5e9ed7a18696f9b7182fb8f1c08be46b 1a24b49762f246a4a2c7e73cf1e3ccb971f25bbd 1e9823d571bcd1138a9dae0664827fcb816c423d1cb6941389c74d7e711bb516 Loading...

HTTP Transactions (71)

URL IP Response Size

walter-larence.com/b2259fef-7bfd-4cd4-bb9c-bd2ceb049cf9

18.193.146.82

302

0 B

URL HTTP/1.1
walter-larence.com/b2259fef-7bfd-4cd4-bb9c-bd2ceb049cf9
IP
18.193.146.82:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /b2259fef-7bfd-4cd4-bb9c-bd2ceb049cf9 HTTP/1.1
Host: walter-larence.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 
Server: nginx
Date: Mon, 05 Sep 2022 20:56:20 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://www.palmsbet.com/affiliate/?marketingCode=PB-0115&banID=&brand=ecasino&ns=w300a1muganqm4riitfvslao&clickid=w300a1muganqm4riitfvslao&pages=dice-rules-lending
Pragma: no-cache
Set-Cookie: b2259fef-7bfd-4cd4-bb9c-bd2ceb049cf9-v4=rUz8dp5FeGY-Bt9oe-myH6lfVe2m6dbNUt4Y2ilrh_I; Max-Age=86400; Expires=Tue, 06-Sep-2022 20:56:20 GMT; Domain=walter-larence.com; Path=/; HttpOnly
cc-v4=owNOQdnxqSeSv71x996VQNY1rPjJOf0ETal2RbQqY5lXtV2H6eHBQU%2Fw%2FBU%2B8BioqmbsQEBhVlXSOLHBMw0HK5W0ZnWeQ79ZWVRk4hzv46TNI126IUxehRcl9idplwOXao9e6YySKR8anjftpWskDQ%3D%3D; Max-Age=31536000; Expires=Tue, 05-Sep-2023 20:56:20 GMT; Domain=walter-larence.com; Path=/; HttpOnly

firefox.settings.services.mozilla.com/v1/

143.204.55.36

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 05 Sep 2022 20:42:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: T6froizL3RN-Ncb2nTwi6A94sn_B-QOcW01t0Syftagbepk8QeEzHQ==
Age: 814

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d931e0142ef5ffe9cdb4c4c6bfcb9bc9
d9c4caf525e8926b042a14f38d374cc4033ed768
f610984fb0a75b3a31424faa860cbc8172c7f21804df1dc14fbb685b7c456f29

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F610984FB0A75B3A31424FAA860CBC8172C7F21804DF1DC14FBB685B7C456F29"
Last-Modified: Sat, 03 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7243
Expires: Mon, 05 Sep 2022 22:57:03 GMT
Date: Mon, 05 Sep 2022 20:56:20 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.110

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.110:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 05 Sep 2022 01:15:19 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: sx6gxJY4BuSXgNO6UrKQteDDhTQkj9Tj4NykUyeF-jNiyIodTuApuQ==
age: 70863
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 20:56:20 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.36

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Mon, 05 Sep 2022 20:38:16 GMT
Expires: Mon, 05 Sep 2022 21:30:00 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: guHsxKZpU-VHwRFTxkee59cCSOKMrHfCwpt2A8O1b_dmPmiswY_vhQ==
Age: 1084

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7cf61663e45d1276b400c76c41b524b9
2caa1282f9db63e54bcdefc51118a0d7f03f2199
88cb1b34358559671c9cc0b017fffd4c7795efb263bbad11e73a9e00d7482d60

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "88CB1B34358559671C9CC0B017FFFD4C7795EFB263BBAD11E73A9E00D7482D60"
Last-Modified: Sat, 03 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21595
Expires: Tue, 06 Sep 2022 02:56:16 GMT
Date: Mon, 05 Sep 2022 20:56:21 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
b57a9dd04797bf34612c80361f1dffb3
56573166d8b9cd9b8dae19fd905e4f3293af306b
b03552109f1e7d1e482aa14614ffb1e38fb53ae4951152aab307b927674dad98

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5424
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 20:56:21 GMT
Last-Modified: Mon, 05 Sep 2022 19:25:57 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/s/gts1d4/KcbZ3cTErXU

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/KcbZ3cTErXU
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3b38f5e89c1dbe43d3db49aef5905c3f
8183b348a70a3b76912ea3704b981819b5b5721b
20cef9650de2ae32b5bdacc675a4c2e77d2c55f2c70e4c1e803a24b5aa7bab18

HTTP Headers

POST /s/gts1d4/KcbZ3cTErXU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 20:56:21 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

52.42.74.230

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.42.74.230:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GCd1FvmxT5Um2B0j3Zih5A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: iuuwN5dcSHO3LlO4s9IqW6TbDoM=

click.trafficguard.ai/?organisation_id=palmsbet_affiliate&property_id=tg-007126-001&source_id=PB-0115&campaign_id=&sub_partner_id=&site_id=&placement_id=&creative_type=&creative_set_id=&creative_id=&section_id=&creative_size=&is_retargeting=&click_lookback=&partner_click_id=w300a1muganqm4riitfvslao&keyword=w300a1muganqm4riitfvslao&click_time=2022-09-05%2023-56-20&cost_model=&cost_value_usd=&cost_event_name=&destination_url=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fdice-rules-lending%2F%3FmarketingCode%3DPB-0115

35.201.93.108

302 Found

290 B

URL HTTP/2
click.trafficguard.ai/?organisation_id=palmsbet_affiliate&property_id=tg-007126-001&source_id=PB-0115&campaign_id=&sub_partner_id=&site_id=&placement_id=&creative_type=&creative_set_id=&creative_id=&section_id=&creative_size=&is_retargeting=&click_lookback=&partner_click_id=w300a1muganqm4riitfvslao&keyword=w300a1muganqm4riitfvslao&click_time=2022-09-05%2023-56-20&cost_model=&cost_value_usd=&cost_event_name=&destination_url=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fdice-rules-lending%2F%3FmarketingCode%3DPB-0115
IP
35.201.93.108:0
ASN
#15169 GOOGLE

File type
HTML document, ASCII text, with no line terminators
Size
290 B (290 bytes)
Hash
dda7cc9d9d2794bf6417fe7f57d3e5cd
3878d2bc9f0ede1d58a286e87b0d934e907465b9
14d37da54ced228b3b583301fd23f79216847385db287067f19c894d13424de3

HTTP Headers

GET /?organisation_id=palmsbet_affiliate&property_id=tg-007126-001&source_id=PB-0115&campaign_id=&sub_partner_id=&site_id=&placement_id=&creative_type=&creative_set_id=&creative_id=&section_id=&creative_size=&is_retargeting=&click_lookback=&partner_click_id=w300a1muganqm4riitfvslao&keyword=w300a1muganqm4riitfvslao&click_time=2022-09-05%2023-56-20&cost_model=&cost_value_usd=&cost_event_name=&destination_url=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fdice-rules-lending%2F%3FmarketingCode%3DPB-0115 HTTP/1.1
Host: click.trafficguard.ai
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
x-cloud-trace-context: 788cbd25980a04f8943626a40d96ead0/9270031421255830585
expect-ct: max-age=0, report-uri="https://trafficguard.report-uri.com/r/d/ct/reportOnly"
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: geid=0f010006-8a83-4e29-9b00-063363166275; Domain=.trafficguard.ai; Path=/; Expires=Tue, 05 Sep 2023 20:56:21 GMT; HttpOnly; Secure; SameSite=None
geid-legacy=0f010006-8a83-4e29-9b00-063363166275; Domain=.trafficguard.ai; Path=/; Expires=Tue, 05 Sep 2023 20:56:21 GMT; HttpOnly
DC_27f0dd1cd8fd1ea7a1331b53d10294e0=5yaX0FsQ2SnkElyixtI7mZjUNS0ocpk3zP/XeaLblxnVm0tDCIfJgV8VNwladE31lQhuLiv5on7MSQVGdluABJhROBSjIFMVJ0n6kh7XdOHim9LImpux4RRMuAw9A1i21Dt7NaMx; Domain=.trafficguard.ai; Path=/; Expires=Tue, 06 Sep 2022 20:56:21 GMT; HttpOnly; Secure; SameSite=None
DC_27f0dd1cd8fd1ea7a1331b53d10294e0-legacy=5yaX0FsQ2SnkElyixtI7mZjUNS0ocpk3zP/XeaLblxnVm0tDCIfJgV8VNwladE31lQhuLiv5on7MSQVGdluABJhROBSjIFMVJ0n6kh7XdOHim9LImpux4RRMuAw9A1i21Dt7NaMx; Domain=.trafficguard.ai; Path=/; Expires=Tue, 06 Sep 2022 20:56:21 GMT; HttpOnly
location: https://www.palmsbet.com/bg/pages/dice-rules-lending/?marketingCode=PB-0115&tgclid=0b01000f-0810-46ec-9900-0d9263166275
vary: Accept
content-type: text/html; charset=utf-8
content-length: 290
date: Mon, 05 Sep 2022 20:56:21 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1d4/KcbZ3cTErXU

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/KcbZ3cTErXU
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3b38f5e89c1dbe43d3db49aef5905c3f
8183b348a70a3b76912ea3704b981819b5b5721b
20cef9650de2ae32b5bdacc675a4c2e77d2c55f2c70e4c1e803a24b5aa7bab18

HTTP Headers

POST /s/gts1d4/KcbZ3cTErXU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 20:56:21 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
bcbb9bf29f1e0acaa7ac6d6566381370
dec1bea642dffbc11ebd6d65c94f87d6db95703a
b2bf22379151923244cbb9bd62499ded7b6f313a7db77914383bc1e704dd65de

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 20:56:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1d4/QlICLrcmjDo

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/QlICLrcmjDo
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f44856c1b0ffb0cba142242425584070
d0ea4bbeff9da7d5a6e06d8f46aab148c41cf493
1eeb76fb63cd00e5e325dd7cf0443d4f2e9938b416839c0c5344e820a9c27ad8

HTTP Headers

POST /s/gts1d4/QlICLrcmjDo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 20:56:22 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

tgtag.io/tg.js?pid=tg-g-007125-001

34.120.230.83

200 OK

21 kB

URL HTTP/2
tgtag.io/tg.js?pid=tg-g-007125-001
IP
34.120.230.83:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65536), with no line terminators
Size
21 kB (21170 bytes)
Hash
1b93a34ce42933473e9e497a24c555a5
f778cd8c037b8ea4e4f30a893d564113a9300e97
885624e59ba53f181be1ca268b07bdf3cbbfcdb052e6d1ff4258cd139944716d

HTTP Headers

GET /tg.js?pid=tg-g-007125-001 HTTP/1.1
Host: tgtag.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-guploader-uploadid: ADPycdtDc-UbBqrTJciOvw5Cqv2URuZZQtqN4ajJl_y8oZ07D_kfSC_LOjYBJHvSNRaxswyV_nu8BZSv-ncx_08CekWTq-QCplmT
x-goog-generation: 1657792382676899
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 21170
content-encoding: gzip
x-goog-hash: crc32c=fhvZEQ==, md5=G5OjTOQpM0c+nkl6JMVVpQ==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
content-length: 21170
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Access-Control-Allow-Origin
server: UploadServer
date: Mon, 05 Sep 2022 09:46:02 GMT
expires: Tue, 06 Sep 2022 09:46:02 GMT
cache-control: public, no-transform, max-age=86400, s-maxage=86400
age: 40220
last-modified: Thu, 14 Jul 2022 09:53:02 GMT
etag: "1b93a34ce42933473e9e497a24c555a5"
content-type: application/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-W23TMFB

142.250.74.72

200 OK

71 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-W23TMFB
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
Unicode text, UTF-8 text, with very long lines (8066)
Size
71 kB (71103 bytes)
Hash
dd276f7f3d29881d096f4480f8bcee42
98201839f94a8aa62236e2ece4730e7d74678932
c3f9daffc3db7e6ef4a3754c0e8194816ba4e701a4fba81ce96d2dd515336f3f

HTTP Headers

GET /gtm.js?id=GTM-W23TMFB HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 05 Sep 2022 20:56:22 GMT
expires: Mon, 05 Sep 2022 20:56:22 GMT
cache-control: private, max-age=900
last-modified: Mon, 05 Sep 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 71103
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

9.9 kB

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
9.9 kB (9865 bytes)
Hash
000c214c33af0ef9d42bb061ee052371
d9ef84f1e781171a4c381277458283d49a7b3b4c
2d7c89b133457ca584ac2bf151005b90caf0b199cad9a91ace322eca628508ac

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 20:56:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1d4/QlICLrcmjDo

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/QlICLrcmjDo
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f44856c1b0ffb0cba142242425584070
d0ea4bbeff9da7d5a6e06d8f46aab148c41cf493
1eeb76fb63cd00e5e325dd7cf0443d4f2e9938b416839c0c5344e820a9c27ad8

HTTP Headers

POST /s/gts1d4/QlICLrcmjDo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 20:56:22 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1d4/8ecfQuerjtQ

142.250.74.3

200 OK

681 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/8ecfQuerjtQ
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
681 B (681 bytes)
Hash
325ca552cd4ef759de492aaf3ffce63d
fd183c0b56ebfbe1fac59b4a442d70147fc49e78
1cbb7fed9682794a5c80122f91c0155bb16c10dc6053f49702ceebea9d1db464

HTTP Headers

POST /s/gts1d4/8ecfQuerjtQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 20:56:22 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
31abc7fe976dbf9a68d45fb57e0c86c5
a1f6f5404850df3149a769dc685f5c795bc08435
0859eece0557d6b1b48ed8f04c2eb55bdc2ca3fb4633e52a193b206fdefbb5d3

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 20:56:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

512974245.fls.doubleclick.net/activityi;src=512974245;type=invmedia;cat=allvi0;ord=1;num=7094041095831;gtm=2wg8v0;auiddc=1948660541.1662411378;~oref=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fdice-rules-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D0b01000f-0810-46ec-9900-0d9263166275?

142.250.74.70

200 OK

434 B

URL HTTP/2
512974245.fls.doubleclick.net/activityi;src=512974245;type=invmedia;cat=allvi0;ord=1;num=7094041095831;gtm=2wg8v0;auiddc=1948660541.1662411378;~oref=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fdice-rules-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D0b01000f-0810-46ec-9900-0d9263166275?
IP
142.250.74.70:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (565), with no line terminators
Size
434 B (434 bytes)
Hash
27221990828f2554376e06f68f40a124
e42e65310bafc903f14f0be82fdb1f1634e581e6
f522aa4b1b7653f2434ee3ad5b472afbd0a7924fc7f82988c1bb7e80bf2a13d8

HTTP Headers

GET /activityi;src=512974245;type=invmedia;cat=allvi0;ord=1;num=7094041095831;gtm=2wg8v0;auiddc=1948660541.1662411378;~oref=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fdice-rules-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D0b01000f-0810-46ec-9900-0d9263166275? HTTP/1.1
Host: 512974245.fls.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 05 Sep 2022 20:56:22 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 434
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 05-Sep-2022 21:11:22 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

support.palmsbet.com/affiliate/?marketingCode=PB-0115&banID=&brand=ecasino&ns=w300a1muganqm4riitfvslao&clickid=w300a1muganqm4riitfvslao&pages=dice-rules-lending&or_ref=

78.128.60.140

302 Found

3.7 kB

URL HTTP/2
support.palmsbet.com/affiliate/?marketingCode=PB-0115&banID=&brand=ecasino&ns=w300a1muganqm4riitfvslao&clickid=w300a1muganqm4riitfvslao&pages=dice-rules-lending&or_ref=
IP
78.128.60.140:0
ASN
#31083 Telepoint Ltd

File type
data
Size
3.7 kB (3705 bytes)
Hash
a09336bed20db662764ae35ec9c6e07b
803640d97e0fb14b1b48f30a901eba64adf5e6d0
d3fafae9f7c08ace294cd0e1547aefa7499128d5f5fb08dc556bd811fdaea1fa

HTTP Headers

GET /affiliate/?marketingCode=PB-0115&banID=&brand=ecasino&ns=w300a1muganqm4riitfvslao&clickid=w300a1muganqm4riitfvslao&pages=dice-rules-lending&or_ref= HTTP/1.1
Host: support.palmsbet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site

HTTP/2 302 Found
content-encoding: gzip
vary: Accept-Encoding,Origin
set-cookie: affClick=%7B%22marketingCode%22%3A%22PB-0115%22%2C%22banID%22%3A%22%22%2C%22clickid%22%3A%22w300a1muganqm4riitfvslao%22%2C%22ns%22%3A%22w300a1muganqm4riitfvslao%22%7D; expires=Wed, 05-Oct-2022 20:56:20 GMT; Max-Age=2592000; path=/; domain=palmsbet.com
marketingCode=PB-0115; expires=Wed, 05-Oct-2022 20:56:20 GMT; Max-Age=2592000; path=/; domain=palmsbet.com
location: https://click.trafficguard.ai/?organisation_id=palmsbet_affiliate&property_id=tg-007126-001&source_id=PB-0115&campaign_id=&sub_partner_id=&site_id=&placement_id=&creative_type=&creative_set_id=&creative_id=&section_id=&creative_size=&is_retargeting=&click_lookback=&partner_click_id=w300a1muganqm4riitfvslao&keyword=w300a1muganqm4riitfvslao&click_time=2022-09-05 23-56-20&cost_model=&cost_value_usd=&cost_event_name=&destination_url=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fdice-rules-lending%2F%3FmarketingCode%3DPB-0115
content-type: text/html; charset=UTF-8
date: Mon, 05 Sep 2022 20:56:20 GMT
server: Apache
X-Firefox-Spdy: h2

api.trafficguard.ai/tg-g-007125-001/api/v4/client-side/validate/event

34.120.121.20

200 OK

3.5 kB

URL HTTP/2
api.trafficguard.ai/tg-g-007125-001/api/v4/client-side/validate/event
IP
34.120.121.20:0
ASN
#15169 GOOGLE

File type
data
Size
3.5 kB (3497 bytes)
Hash
7f5ec5e3c2b5a9f527e1a9ebb2d8abe5
785dd6dfce534140f23801bc25c2f45e57892b66
925564714ef7ff4fd737d3d31dda73e6eb951261715ca623070874f473096837

HTTP Headers

POST /tg-g-007125-001/api/v4/client-side/validate/event HTTP/1.1
Host: api.trafficguard.ai
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Content-Length: 1722
Origin: https://www.palmsbet.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-cloud-trace-context: 8e55c5b5c511348eda2a4c67d8391f04/9126501646049191943
expect-ct: max-age=0, report-uri="https://trafficguard.report-uri.com/r/d/ct/reportOnly"
x-xss-protection: 0
x-content-type-options: nosniff
access-control-allow-origin: https://www.palmsbet.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-Requested-With, Access-Control-Allow-Origin, Access-Control-Allow-Credentials
set-cookie: geid=0f010023-3124-40b6-bb00-094763166276; Domain=.trafficguard.ai; Path=/; Expires=Tue, 05 Sep 2023 20:56:22 GMT; HttpOnly; Secure; SameSite=None
geid-legacy=0f010023-3124-40b6-bb00-094763166276; Domain=.trafficguard.ai; Path=/; Expires=Tue, 05 Sep 2023 20:56:22 GMT; HttpOnly
content-type: application/json; charset=utf-8
content-length: 61
etag: W/"3d-+VrgqwIBqu+GaYyaxm1oD9TgRqA"
date: Mon, 05 Sep 2022 20:56:22 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

2.4 kB

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
2.4 kB (2354 bytes)
Hash
6a5d456cc4e2917d1543bd4ce975cf50
a10375785a1886644c456a7853c655f06df9c047
c2408ed5e691455e1f7e6e7108ed53463fee2578beb7a5c6db27e2022868ef13

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 20:56:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1d4/8ecfQuerjtQ

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/8ecfQuerjtQ
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
6ceda79e1b4e41de21bfd7491a2a5884
a37d266de105a82f7a1244f7ad149790562b40a4
4a497d7f305e9da4b81137e95f5accd0979bdd12c3186ff5e3aef97e5e919d67

HTTP Headers

POST /s/gts1d4/8ecfQuerjtQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 20:56:22 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

adservice.google.com/ddm/fls/i/src=512974245;type=invmedia;cat=allvi0;ord=1;num=7094041095831;gtm=2wg8v0;auiddc=1948660541.1662411378;~oref=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fdice-rules-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D0b01000f-0810-46ec-9900-0d9263166275

142.250.74.162

200 OK

433 B

URL HTTP/2
adservice.google.com/ddm/fls/i/src=512974245;type=invmedia;cat=allvi0;ord=1;num=7094041095831;gtm=2wg8v0;auiddc=1948660541.1662411378;~oref=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fdice-rules-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D0b01000f-0810-46ec-9900-0d9263166275
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (564), with no line terminators
Size
433 B (433 bytes)
Hash
83e3b2b65eaa8c20248faabb49fa1cff
0cd5662ecec75b96f214ee44d079b6afa38af111
2e6e09482442056a563250b0fbae419abe0ed651955fbfab3cb973b8bbe75c08

HTTP Headers

GET /ddm/fls/i/src=512974245;type=invmedia;cat=allvi0;ord=1;num=7094041095831;gtm=2wg8v0;auiddc=1948660541.1662411378;~oref=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fdice-rules-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D0b01000f-0810-46ec-9900-0d9263166275 HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://512974245.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 05 Sep 2022 20:56:22 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 433
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.palmsbet.top/uploads/1920X600.png

78.128.8.67

200 OK

1.0 MB

URL HTTP/2
www.palmsbet.top/uploads/1920X600.png
IP
78.128.8.67:0
ASN
#31083 Telepoint Ltd

File type
PNG image data, 1920 x 600, 8-bit/color RGB, non-interlaced\012- data
Size
1.0 MB (1044233 bytes)
Hash
cc43fafc7b4618b2560b42f38afdf7c0
4367314c0eedfe67cae7524efba7a3b9d300eee9
295065323b692744ad1e90face14fd14d27282b141875e67924257017f14d578

HTTP Headers

GET /uploads/1920X600.png HTTP/1.1
Host: www.palmsbet.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Mon, 12 Sep 2022 20:56:22 GMT
content-type: image/png
last-modified: Mon, 22 Aug 2022 13:51:52 GMT
accept-ranges: bytes
content-length: 1044233
date: Mon, 05 Sep 2022 20:56:22 GMT
server: LiteSpeed
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-23=":443"; ma=2592000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

2.0 kB

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
2.0 kB (1976 bytes)
Hash
9b1315ddc84299bb48b6da92bfbaed47
704d874e7fe978bfabfa555013702be530fe40f0
2a8517fe2c58ec72bee461e53277499a65e2e91aefcd6242f3f280d1c91ee457

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9753
Expires: Mon, 05 Sep 2022 23:38:55 GMT
Date: Mon, 05 Sep 2022 20:56:22 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9753
Expires: Mon, 05 Sep 2022 23:38:55 GMT
Date: Mon, 05 Sep 2022 20:56:22 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

1.6 kB

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
1.6 kB (1579 bytes)
Hash
3c2acbf3a03bf64d06b5defa81d210ec
fc3a437e301591d580e0399eca8dee60c962fc72
0bdc18c9b783d770a24f533d589f07c72a277689a3a7426ff83a193c13752ed9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 20:56:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69b1e092-41e6-4f1e-b330-193f7dd11afc.jpeg

34.120.237.76

200 OK

7.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69b1e092-41e6-4f1e-b330-193f7dd11afc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.8 kB (7830 bytes)
Hash
290f6551c5ac539ea60810b135750f17
3633391a8dd87ef10fcb0d04d7b309738affc4a7
d94d133faaf232cf15b5c3f38f5b45d87d70bce0668d607b5c66a8d3f836540f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69b1e092-41e6-4f1e-b330-193f7dd11afc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7830
x-amzn-requestid: c56af3b5-2c48-4243-b220-d56a9be47990
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X9Ey3H4JoAMFiMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63151b45-23ec24d867e3e5906fffa1a6;Sampled=0
x-amzn-remapped-date: Sun, 04 Sep 2022 21:40:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: fpKQlxOtyRwaZk2FUf11J62jlqcAvXgOQT-ipFQm6qW-dMHyXaEnNg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 21:49:31 GMT
age: 83211
etag: "3633391a8dd87ef10fcb0d04d7b309738affc4a7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9753
Expires: Mon, 05 Sep 2022 23:38:55 GMT
Date: Mon, 05 Sep 2022 20:56:22 GMT
Connection: keep-alive

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa7142280-0dbd-4c8e-a960-d357c9143af6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5652 bytes)
Hash
10318189f33f071dda64249ab9c8c5bb
e5b5b649a243e5c004d9923d19d4421d1ea96d23
3e775a1990e4d185024faf2fdff7a5eb9063f7ee19784f32fb4f7f10643c8102

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa7142280-0dbd-4c8e-a960-d357c9143af6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5652
x-amzn-requestid: 05fffcb2-43c0-4acf-81b2-1b914459e1e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wwHErUIAMFmNw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c800-47fe166763992ab271a87aa4;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:32:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nJTKTh88iyFXAiPJ-tCCEbqBo3A1cuTj2gCbfHkaVZ1WcgMOTyFfVg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 23:06:26 GMT
age: 78596
etag: "e5b5b649a243e5c004d9923d19d4421d1ea96d23"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ad09c5e-a115-4ff7-9742-809e93046365.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.4 kB (4426 bytes)
Hash
c81f3df885bdee8cac46ea9495e6b63b
fc766bca874a352a4acb569577d4cf6527f4f074
e21473f88c613ca33ba6bbe1e0cab338274a06744cdcb088f14873c972445b36

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ad09c5e-a115-4ff7-9742-809e93046365.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4426
x-amzn-requestid: b5b68557-e46d-41cd-9b11-d996aabc0de7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzfYTHHFIAMFjFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631145ce-1d3504367cf6ef724a345564;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 23:52:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: GSRJIWisH465dPqbKyPj1iZk1jAu3RGrgwj1CX3X8A397zv9Nt0cHA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 21:47:54 GMT
age: 83308
etag: "fc766bca874a352a4acb569577d4cf6527f4f074"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13d7f0db-89d6-4166-b182-85e35e518df9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8469 bytes)
Hash
30bf854fd3e27e2313a3d26fc43b9990
032acf1bfb0c8e2cbce8f2ff4d2964424b044951
7641be64dd25487edf4f845d1fbb0b07daa80fa8fb58863dd09081d9d169bd13

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13d7f0db-89d6-4166-b182-85e35e518df9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8469
x-amzn-requestid: de0e8998-4a52-4651-bcd6-3068c50193b6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X9Ey2Eq4oAMFZlQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63151b45-15da44d87bf486cb1738fe18;Sampled=0
x-amzn-remapped-date: Sun, 04 Sep 2022 21:40:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: nqxzicnkQPrjStpPaMIZAukyjtUBQaXfuxWzIs77YGDyJmnirlMsxw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 21:54:51 GMT
age: 82891
etag: "032acf1bfb0c8e2cbce8f2ff4d2964424b044951"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdb23e94d-8ec7-469f-94d2-e08f8feef5d5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.4 kB (9428 bytes)
Hash
e571197d8c99877f806a60c79368d657
3578b5c8eba646e94f574a996703d6b7b4911ab7
290a444ba0f434f25313d9ce96f93bcb749cb5c7d8bad51a63c2775539b594fb

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdb23e94d-8ec7-469f-94d2-e08f8feef5d5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9428
x-amzn-requestid: 050a7e34-6ee3-4562-bd9d-8122b0432cc5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wjaFXEoAMFjnQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c7af-4915a10726ffab79380d6a52;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:31:27 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: M_WqsKzaeYjV_bY_1ZYgElrRKbQGetGVvkO8wf1kMXNxPyuFOnmwsA==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 22:34:47 GMT
age: 80495
etag: "3578b5c8eba646e94f574a996703d6b7b4911ab7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F326e03cd-e1aa-45a4-8a6b-bdd21f21012c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.4 kB (5377 bytes)
Hash
c4b2d6a516e93799b54fe2bbd6630f86
b5a7380f294876dd308c7fde294f36a425c1be01
7463878d8967ff31d7ce20d5a4408c23ad59123032a990c21a47df0881edcb86

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F326e03cd-e1aa-45a4-8a6b-bdd21f21012c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5377
x-amzn-requestid: 2adc68e8-1889-4233-8ac4-e2a8d44ccbdd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X_4XzF1FoAMF3AA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63163a98-5918897d7de556f75bbfab34;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 18:06:16 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: DpNb6dBygeDbRbFWIkeXYVddcgxlSVuq4y73JvG315Xp-wkwiDhZyQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 18:06:16 GMT
age: 10206
etag: "b5a7380f294876dd308c7fde294f36a425c1be01"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
da4692f1529a23a6cfb04391e382c936
7befa8be966f1128ff3c25be47986e7fa7087de9
d8460cc7719813509b4e38be06b8d184306f9451695c3e1974c1d06e5c29039c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 20:56:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

adservice.google.no/ddm/fls/i/src=512974245;type=invmedia;cat=allvi0;ord=1;num=7094041095831;gtm=2wg8v0;auiddc=1948660541.1662411378;~oref=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fdice-rules-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D0b01000f-0810-46ec-9900-0d9263166275

142.250.74.34

200 OK

177 B

URL HTTP/2
adservice.google.no/ddm/fls/i/src=512974245;type=invmedia;cat=allvi0;ord=1;num=7094041095831;gtm=2wg8v0;auiddc=1948660541.1662411378;~oref=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fdice-rules-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D0b01000f-0810-46ec-9900-0d9263166275
IP
142.250.74.34:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
177 B (177 bytes)
Hash
9393b28661a65a763699c108887882eb
c237ba6491e6fb9ca57da33dd9d048ca8e86cfda
2bdce28c6fb3cb210861d4aba734ab7aedfc979a8fa273512a61d8cf8afc78b0

HTTP Headers

GET /ddm/fls/i/src=512974245;type=invmedia;cat=allvi0;ord=1;num=7094041095831;gtm=2wg8v0;auiddc=1948660541.1662411378;~oref=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fdice-rules-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D0b01000f-0810-46ec-9900-0d9263166275 HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 05 Sep 2022 20:56:22 GMT
expires: Mon, 05 Sep 2022 20:56:22 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 177
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
07869ddc8aa688fe8a93876ef1264055
636614db9c01c03fcc2d10f5f949b513e1a338c9
ab8f4fcf2e21b2e44d69d6e4a6478a7eb6cf8e451202c7dc2854ef68b8e91b2b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5382
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 20:56:22 GMT
Last-Modified: Mon, 05 Sep 2022 19:26:40 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

www.google-analytics.com/analytics.js

142.250.74.174

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20006 bytes)
Hash
56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Mon, 05 Sep 2022 20:41:12 GMT
expires: Mon, 05 Sep 2022 22:41:12 GMT
cache-control: public, max-age=7200
age: 910
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

858 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
858 B (858 bytes)
Hash
a49251dab76f94bccfe62c7a8c6ccaed
2fb631506e64a5516f50eb656ad14af61b9f2b25
81f7733bc899d48b8ec09e0d272511d349ab114411116fe0be0177d46512c0d9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5995
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 20:56:22 GMT
Last-Modified: Mon, 05 Sep 2022 19:16:27 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

connect.facebook.net/en_US/fbevents.js

31.13.72.12

200 OK

27 kB

URL HTTP/2
connect.facebook.net/en_US/fbevents.js
IP
31.13.72.12:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (64348)
Size
27 kB (26752 bytes)
Hash
53e4933126779cbf269a5819d467ad4b
1c3c6b27a0660a44717be304d90834cf2f9cf3ce
ed5ad968f7d95b37c817e86b54062702bef60b1ffd3977248aad23072af06b87

HTTP Headers

GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: Xf+FCmdEwJe60jtAEUj1y1jlwJPhRFcOznV3IbZDKU47ZfuLyZIyV9KqXXm5oPCg0jmGmVa1wXwT5gJaxtEhGg==
priority: u=3,i
content-length: 26752
x-fb-trip-id: 1904183273
date: Mon, 05 Sep 2022 20:56:22 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
da4692f1529a23a6cfb04391e382c936
7befa8be966f1128ff3c25be47986e7fa7087de9
d8460cc7719813509b4e38be06b8d184306f9451695c3e1974c1d06e5c29039c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 20:56:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/collect?v=1&_v=j96&a=1779612415&t=pageview&_s=1&dl=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fdice-rules-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D0b01000f-0810-46ec-9900-0d9263166275&ul=en-us&de=UTF-8&dt=Palms%20Bet%20-%20%D1%81%D0%BF%D0%BE%D1%80%D1%82%D0%BD%D0%B8%20%D0%B7%D0%B0%D0%BB%D0%BE%D0%B7%D0%B8%20%D0%B8%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%D0%BA%D0%B0%D0%B7%D0%B8%D0%BD%D0%BE&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YCDAgEAB~&jid=1609433571&gjid=2067492723&cid=716508425.1662411378&tid=UA-99030406-1&_gid=1077423787.1662411378&gtm=2wg8v0W23TMFB&z=1474570696

142.250.74.174

200 OK

35 B

URL HTTP/2
www.google-analytics.com/collect?v=1&_v=j96&a=1779612415&t=pageview&_s=1&dl=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fdice-rules-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D0b01000f-0810-46ec-9900-0d9263166275&ul=en-us&de=UTF-8&dt=Palms%20Bet%20-%20%D1%81%D0%BF%D0%BE%D1%80%D1%82%D0%BD%D0%B8%20%D0%B7%D0%B0%D0%BB%D0%BE%D0%B7%D0%B8%20%D0%B8%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%D0%BA%D0%B0%D0%B7%D0%B8%D0%BD%D0%BE&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YCDAgEAB~&jid=1609433571&gjid=2067492723&cid=716508425.1662411378&tid=UA-99030406-1&_gid=1077423787.1662411378&gtm=2wg8v0W23TMFB&z=1474570696
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /collect?v=1&_v=j96&a=1779612415&t=pageview&_s=1&dl=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fdice-rules-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D0b01000f-0810-46ec-9900-0d9263166275&ul=en-us&de=UTF-8&dt=Palms%20Bet%20-%20%D1%81%D0%BF%D0%BE%D1%80%D1%82%D0%BD%D0%B8%20%D0%B7%D0%B0%D0%BB%D0%BE%D0%B7%D0%B8%20%D0%B8%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%D0%BA%D0%B0%D0%B7%D0%B8%D0%BD%D0%BE&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YCDAgEAB~&jid=1609433571&gjid=2067492723&cid=716508425.1662411378&tid=UA-99030406-1&_gid=1077423787.1662411378&gtm=2wg8v0W23TMFB&z=1474570696 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Mon, 05 Sep 2022 03:29:06 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 62836
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
07869ddc8aa688fe8a93876ef1264055
636614db9c01c03fcc2d10f5f949b513e1a338c9
ab8f4fcf2e21b2e44d69d6e4a6478a7eb6cf8e451202c7dc2854ef68b8e91b2b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5382
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 20:56:22 GMT
Last-Modified: Mon, 05 Sep 2022 19:26:40 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
76c6ad39ad355f829170427e9076311a
26a82c7dd26986900a4964464e43d9837dfef1f8
40c6ca74d92e002befb684bce24ba4714c260ba30918cc4e9a4bb02ed4f809dd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 20:56:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-99030406-1&cid=716508425.1662411378&jid=1609433571&gjid=2067492723&_gid=1077423787.1662411378&_u=YCDAgEABAAAAAE~&z=846489265

142.251.1.156

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-99030406-1&cid=716508425.1662411378&jid=1609433571&gjid=2067492723&_gid=1077423787.1662411378&_u=YCDAgEABAAAAAE~&z=846489265
IP
142.251.1.156:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-99030406-1&cid=716508425.1662411378&jid=1609433571&gjid=2067492723&_gid=1077423787.1662411378&_u=YCDAgEABAAAAAE~&z=846489265 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Content-Type: text/plain
Content-Length: 0
Origin: https://www.palmsbet.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://www.palmsbet.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 05 Sep 2022 20:56:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
76c6ad39ad355f829170427e9076311a
26a82c7dd26986900a4964464e43d9837dfef1f8
40c6ca74d92e002befb684bce24ba4714c260ba30918cc4e9a4bb02ed4f809dd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 20:56:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

region1.google-analytics.com/g/collect?v=2&tid=G-JRG87C8CG6&gtm=2oe8v0&_p=1779612415&cid=716508425.1662411378&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662411377&sct=1&seg=0&dl=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fdice-rules-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D0b01000f-0810-46ec-9900-0d9263166275&dr=https%3A%2F%2Fwww.palmsbet.com%2F&dt=Palms%20Bet%20-%20%D1%81%D0%BF%D0%BE%D1%80%D1%82%D0%BD%D0%B8%20%D0%B7%D0%B0%D0%BB%D0%BE%D0%B7%D0%B8%20%D0%B8%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%D0%BA%D0%B0%D0%B7%D0%B8%D0%BD%D0%BE&en=page_view&_fv=1&_nsi=1&_ss=1

216.239.34.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-JRG87C8CG6&gtm=2oe8v0&_p=1779612415&cid=716508425.1662411378&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662411377&sct=1&seg=0&dl=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fdice-rules-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D0b01000f-0810-46ec-9900-0d9263166275&dr=https%3A%2F%2Fwww.palmsbet.com%2F&dt=Palms%20Bet%20-%20%D1%81%D0%BF%D0%BE%D1%80%D1%82%D0%BD%D0%B8%20%D0%B7%D0%B0%D0%BB%D0%BE%D0%B7%D0%B8%20%D0%B8%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%D0%BA%D0%B0%D0%B7%D0%B8%D0%BD%D0%BE&en=page_view&_fv=1&_nsi=1&_ss=1
IP
216.239.34.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-JRG87C8CG6&gtm=2oe8v0&_p=1779612415&cid=716508425.1662411378&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662411377&sct=1&seg=0&dl=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fdice-rules-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D0b01000f-0810-46ec-9900-0d9263166275&dr=https%3A%2F%2Fwww.palmsbet.com%2F&dt=Palms%20Bet%20-%20%D1%81%D0%BF%D0%BE%D1%80%D1%82%D0%BD%D0%B8%20%D0%B7%D0%B0%D0%BB%D0%BE%D0%B7%D0%B8%20%D0%B8%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%D0%BA%D0%B0%D0%B7%D0%B8%D0%BD%D0%BE&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Origin: https://www.palmsbet.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://www.palmsbet.com
date: Mon, 05 Sep 2022 20:56:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

track.adform.net/Serving/TrackPoint/?CC=1&pm=2130909&ADFPageName=WebsiteName%7CSectionName%7CSubSection%7CPageName&ADFdivider=%7C&ord=310381909168&Set1=en-US%7Cen-US%7C1280x1024%7C24&CPref=https%3A%2F%2Fwww.palmsbet.com%2F&ADFtpmode=2&loc=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fdice-rules-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D0b01000f-0810-46

37.157.4.25

200 OK

202 B

URL HTTP/2
track.adform.net/Serving/TrackPoint/?CC=1&pm=2130909&ADFPageName=WebsiteName%7CSectionName%7CSubSection%7CPageName&ADFdivider=%7C&ord=310381909168&Set1=en-US%7Cen-US%7C1280x1024%7C24&CPref=https%3A%2F%2Fwww.palmsbet.com%2F&ADFtpmode=2&loc=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fdice-rules-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D0b01000f-0810-46
IP
37.157.4.25:0
ASN
#198622 Adform A/S

File type
ASCII text, with CRLF line terminators
Size
202 B (202 bytes)
Hash
0910f1abc8fcd706ba1278cad9a23fe3
38de7284014fd13ae7fdbd53646123d38cc7be1f
768de2d43497a5871d7097af63cb3fb25a18923887e5303a2d3d092bc750b911

HTTP Headers

GET /Serving/TrackPoint/?CC=1&pm=2130909&ADFPageName=WebsiteName%7CSectionName%7CSubSection%7CPageName&ADFdivider=%7C&ord=310381909168&Set1=en-US%7Cen-US%7C1280x1024%7C24&CPref=https%3A%2F%2Fwww.palmsbet.com%2F&ADFtpmode=2&loc=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fdice-rules-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D0b01000f-0810-46 HTTP/1.1
Host: track.adform.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 20:56:23 GMT
content-type: text/javascript; charset=utf-8
content-length: 202
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
content-encoding: gzip
expires: -1
vary: Accept-Encoding
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3df811ac19fde08f49ef246c29cef161
e1c8d54b357adaf32e80427028cc884fa35959e0
e2749178e0bf0c4045a96388a58029ddd92d13a866021737864cd68e11317292

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 20:56:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-99030406-1&cid=716508425.1662411378&jid=1609433571&_u=YCDAgEABAAAAAE~&z=1486646661

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-99030406-1&cid=716508425.1662411378&jid=1609433571&_u=YCDAgEABAAAAAE~&z=1486646661
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-99030406-1&cid=716508425.1662411378&jid=1609433571&_u=YCDAgEABAAAAAE~&z=1486646661 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 05 Sep 2022 20:56:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-99030406-1&cid=716508425.1662411378&jid=1609433571&_u=YCDAgEABAAAAAE~&z=1486646661

142.250.74.164

200 OK

42 B

URL HTTP/2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-99030406-1&cid=716508425.1662411378&jid=1609433571&_u=YCDAgEABAAAAAE~&z=1486646661
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-99030406-1&cid=716508425.1662411378&jid=1609433571&_u=YCDAgEABAAAAAE~&z=1486646661 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 05 Sep 2022 20:56:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
af26cf75144577c115d800f75cca09db
21f3c27d38fb6ac1ac29e008ca6bb7d539caa00b
9d168c44763c1c7b31c7b6cb78be91132ce76b213fa3d563a40951008927d19d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 05 Sep 2022 20:56:23 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 04 Sep 2022 15:29:12 GMT
Expires: Sun, 11 Sep 2022 15:29:11 GMT
Etag: "21f3c27d38fb6ac1ac29e008ca6bb7d539caa00b"
Cache-Control: max-age=498167,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7461df0c2a32b4eb-OSL

sdk-cdn.optimove.net/websdk/sdk-v2.0.js

35.201.79.141

200 OK

36 kB

URL HTTP/2
sdk-cdn.optimove.net/websdk/sdk-v2.0.js
IP
35.201.79.141:0
ASN
#15169 GOOGLE

File type
data
Size
36 kB (36020 bytes)
Hash
41bec40fd0d08d67ecc8020f4ef4879d
cf703325d28682e07748afa2609d0b36789da2bd
e51e4ba7f55607866a3bba191de5c7f9f706f24cdf39315091553cf241e21abc

HTTP Headers

GET /websdk/sdk-v2.0.js HTTP/1.1
Host: sdk-cdn.optimove.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-guploader-uploadid: ADPycdswQtGstCNfsCWvm9h0GQUBCH42J-q-0zUxVlaAuO6tH4BLsnAuf60ofeoh9wVkxPtFP7VNhG8m0r8_ZC40OxknAw
x-goog-generation: 1659950707998011
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 16535
content-encoding: gzip
x-goog-hash: crc32c=xz9KiA==, md5=KdEyRrK6U4R6eXFdlWmWMA==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
content-length: 16535
server: UploadServer
date: Mon, 05 Sep 2022 09:38:09 GMT
age: 40694
last-modified: Mon, 08 Aug 2022 09:25:08 GMT
etag: "29d13246b2ba53847a79715d95699630"
content-type: application/javascript
cache-control: public,max-age=3600,no-transform
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

sdk-cdn.optimove.net/webconfig/f6a9d2d8264c44578514f5b495966bf8/web-configuration.1.0.0.js

35.201.79.141

200 OK

10 kB

URL HTTP/2
sdk-cdn.optimove.net/webconfig/f6a9d2d8264c44578514f5b495966bf8/web-configuration.1.0.0.js
IP
35.201.79.141:0
ASN
#15169 GOOGLE

File type
data
Size
10 kB (10084 bytes)
Hash
01c8d85d8a83c300a2bebfae2ae3d491
aa9efdbce5071b4d6ab643889b98de1ac48c6144
9567a6eef323bbfcd501b495a89054ca3d0cbb05d50c1f2b6059e49ec7b48fb8

HTTP Headers

GET /webconfig/f6a9d2d8264c44578514f5b495966bf8/web-configuration.1.0.0.js HTTP/1.1
Host: sdk-cdn.optimove.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-guploader-uploadid: ADPycdtgSKkl6r-vu6QjE71lMIlAIvZYMCzGsGq1d6ql5ojw2roRIT2jTgS_lIwX7FVCPQjMQ2_1VXE8eEkJ-EPiEzTtKg
x-goog-generation: 1660907321346077
x-goog-metageneration: 3
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 7287
content-encoding: gzip
x-goog-hash: crc32c=mTgpdA==, md5=kiGXrd4ZRVf6SeVGp6/kMA==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
content-length: 7287
server: UploadServer
date: Mon, 05 Sep 2022 20:53:40 GMT
age: 163
last-modified: Fri, 19 Aug 2022 11:08:41 GMT
etag: "922197adde194557fa49e546a7afe430"
content-type: application/json
cache-control: public,max-age=300,no-transform
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
af26cf75144577c115d800f75cca09db
21f3c27d38fb6ac1ac29e008ca6bb7d539caa00b
9d168c44763c1c7b31c7b6cb78be91132ce76b213fa3d563a40951008927d19d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 05 Sep 2022 20:56:24 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 04 Sep 2022 15:29:12 GMT
Expires: Sun, 11 Sep 2022 15:29:11 GMT
Etag: "21f3c27d38fb6ac1ac29e008ca6bb7d539caa00b"
Cache-Control: max-age=498166,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7461df0ddcc5b4eb-OSL

stream-683.optimove.net/

107.154.132.121

204 No Content

0 B

URL HTTP/2
stream-683.optimove.net/
IP
107.154.132.121:0
ASN
#19551 INCAPSULA

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS / HTTP/1.1
Host: stream-683.optimove.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-request-id
Referer: https://www.palmsbet.com/
Origin: https://www.palmsbet.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
vary: Access-Control-Request-Headers
access-control-allow-headers: content-type,x-request-id
access-control-max-age: 86400
content-length: 0
date: Mon, 05 Sep 2022 20:56:24 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
set-cookie: visid_incap_2816538=fldfRpZ9R/6t0lAuu8ST8HhiFmMAAAAAQUIPAAAAAACeAG7yFWPZth09AnMbJ3pC; expires=Mon, 04 Sep 2023 22:14:30 GMT; HttpOnly; path=/; Domain=.optimove.net
incap_ses_275_2816538=1DohMWpO81pQtXoVhP/QA3hiFmMAAAAAhzldSanMVgmDcAKP/+O+sQ==; path=/; Domain=.optimove.net
x-cdn: Imperva
x-iinfo: 4-4961519-4961521 NNNN CT(2 3 0) RT(1662411383992 28) q(0 0 0 0) r(0 0) U6
X-Firefox-Spdy: h2

sdkuaservice.optimove.net/

34.102.240.186

200 OK

348 B

URL HTTP/2
sdkuaservice.optimove.net/
IP
34.102.240.186:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text
Size
348 B (348 bytes)
Hash
73353b441b4f27ee202d8e554ee76f4f
f3f8b3037c988a233a83b8c2eb29abe3792803ba
b6bbd24d679c3a509efafb7b48de5f8eb53eb1ddce723ebb0dc836206067caad

HTTP Headers

GET / HTTP/1.1
Host: sdkuaservice.optimove.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Content-Type: application/x-www-form-urlencoded;charset=utf-8
Origin: https://www.palmsbet.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-powered-by: Express
access-control-allow-origin: *
content-type: application/json
date: Mon, 05 Sep 2022 20:56:24 GMT
content-length: 348
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

stream-683.optimove.net/

107.154.132.121

200 OK

833 B

URL HTTP/2
stream-683.optimove.net/
IP
107.154.132.121:0
ASN
#19551 INCAPSULA

File type
data
Size
833 B (833 bytes)
Hash
3c99e000fad422d26b8d71b6aadc70f9
f037febc765e77b52d24f1a4568a128b157c8d9a
64ef24e61958da1ca423ec2f29f2508852a05bcbea6660414d4ad734c181c8e1

HTTP Headers

POST / HTTP/1.1
Host: stream-683.optimove.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Content-Type: application/json
X-Request-ID: 727ac451-8129-4a87-ba36-615e44525855
Origin: https://www.palmsbet.com
Content-Length: 672
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-powered-by: Express
access-control-allow-origin: *
content-type: application/json; charset=utf-8
etag: W/"31-PysLpAJJMWne1GFmTpVFlr73+Ac"
date: Mon, 05 Sep 2022 20:56:24 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
set-cookie: visid_incap_2816538=fldfRpZ9R/6t0lAuu8ST8HhiFmMAAAAAQUIPAAAAAACeAG7yFWPZth09AnMbJ3pC; expires=Mon, 04 Sep 2023 22:14:30 GMT; HttpOnly; path=/; Domain=.optimove.net
incap_ses_275_2816538=rJp6NRZIrw5QtXoVhP/QA3hiFmMAAAAAAsBTeU0Q4W9uWuRaVryfbQ==; path=/; Domain=.optimove.net
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 4-4961519-4961521 PNYN RT(1662411383992 76) q(0 0 0 0) r(1 1) U6
X-Firefox-Spdy: h2

realtime-683.optimove.net/reportEvent

107.154.132.121

204 No Content

0 B

URL HTTP/2
realtime-683.optimove.net/reportEvent
IP
107.154.132.121:0
ASN
#19551 INCAPSULA

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /reportEvent HTTP/1.1
Host: realtime-683.optimove.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-request-id
Referer: https://www.palmsbet.com/
Origin: https://www.palmsbet.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
vary: Access-Control-Request-Headers
access-control-allow-headers: content-type,x-request-id
access-control-max-age: 86400
content-length: 0
date: Mon, 05 Sep 2022 20:56:24 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
set-cookie: visid_incap_2819049=DDup6TCDRnSon4+ZDmrdCnhiFmMAAAAAQUIPAAAAAADKUI2IFrzbL07rguEZXWaq; expires=Mon, 04 Sep 2023 22:14:30 GMT; HttpOnly; path=/; Domain=.optimove.net
incap_ses_275_2819049=vEC3fVsM2h1btXoVhP/QA3hiFmMAAAAAfpfdjycaWRCVkE8WpawK8g==; path=/; Domain=.optimove.net
x-cdn: Imperva
x-iinfo: 4-4961519-4961527 NNNN CT(1 4 0) RT(1662411383992 213) q(0 0 0 0) r(0 0) U6
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f1b27177f2978c8b44cc02d37501d35c
916ad83e940da4fcda7832dcf996892c4ef5e654
7c82a0f305c6c0f2632e028ab7137273aedc33f3ebfe24ef29e078743c9951aa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7C82A0F305C6C0F2632E028AB7137273AEDC33F3EBFE24EF29E078743C9951AA"
Last-Modified: Mon, 05 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14016
Expires: Tue, 06 Sep 2022 00:50:00 GMT
Date: Mon, 05 Sep 2022 20:56:24 GMT
Connection: keep-alive

bg.search.etargetnet.com/j/?h=a10d7cc080adb592

195.168.10.173

200 OK

86 kB

URL HTTP/1.1
bg.search.etargetnet.com/j/?h=a10d7cc080adb592
IP
195.168.10.173:0
ASN
#5578 SWAN, a.s.

File type
ASCII text, with very long lines (64471)
Size
86 kB (86228 bytes)
Hash
291ab023452661508ce5abfe05a2c9dd
796705dc5ef730e953c78d9eddd7d409c2eca31a
45a6d44cde58aa0d43fd5498dabef8e47a8e062cddc99397f51a0eda89cd9492

HTTP Headers

GET /j/?h=a10d7cc080adb592 HTTP/1.1
Host: bg.search.etargetnet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Sep 2022 20:56:24 GMT
Content-Type: application/javascript; charset=windows-1250
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
access-control-allow-origin: https://www.palmsbet.com
access-control-allow-credentials: true
Expires: Mon, 05 Sep 2022 22:56:24 GMT
Pragma: cache
Cache-Control: max-age=7200
X-Protected-By: Bee/0.41
Set-Cookie: euvh=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; samesite=none; domain=.etargetnet.com; secure
euvh=A; expires=Thu, 06-Oct-2022 20:56:24 GMT; Max-Age=2678400; path=/; samesite=none; domain=.etargetnet.com; secure
ckf=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; samesite=none; domain=.etargetnet.com; secure
ckf=1; expires=Tue, 05-Sep-2023 20:56:24 GMT; Max-Age=31536000; path=/; samesite=none; domain=.etargetnet.com; secure
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM", policyref="/w3c/p3p.xml"
Y-Protected-By: Bulbasaur/mblade01-01-a
Content-Encoding: gzip

realtime-683.optimove.net/reportEvent

107.154.132.121

200 OK

87 B

URL HTTP/2
realtime-683.optimove.net/reportEvent
IP
107.154.132.121:0
ASN
#19551 INCAPSULA

File type
JSON data\012- , ASCII text, with no line terminators
Size
87 B (87 bytes)
Hash
e0b90ae27fae83762ef117c3f73e958c
9004b37de436cf4a11a7e74be4abf69a28cc6a03
ceaa54ccdf908e3f50b6cb490a9896bdeacc77ecfb47f91dfdcfcbc6797e549b

HTTP Headers

POST /reportEvent HTTP/1.1
Host: realtime-683.optimove.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Content-Type: application/json
X-Request-ID: 6fd5e03d-baae-45c6-aaef-dbee05814a66
Origin: https://www.palmsbet.com
Content-Length: 661
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,Content-Type
content-type: application/json
date: Mon, 05 Sep 2022 20:56:27 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
set-cookie: visid_incap_2819049=DDup6TCDRnSon4+ZDmrdCnhiFmMAAAAAQUIPAAAAAADKUI2IFrzbL07rguEZXWaq; expires=Mon, 04 Sep 2023 22:14:30 GMT; HttpOnly; path=/; Domain=.optimove.net
incap_ses_275_2819049=bcvcXEvFfw1btXoVhP/QA3tiFmMAAAAATY6VEocxjrdaYnr6IgfacA==; path=/; Domain=.optimove.net
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 4-4961519-4961527 PNYN RT(1662411383992 3304) q(0 0 0 0) r(1 1) U6
X-Firefox-Spdy: h2

s2.adform.net/banners/scripts/st/trackpoint-async.js

37.157.2.247

200 OK

0 B

URL HTTP/2
s2.adform.net/banners/scripts/st/trackpoint-async.js
IP
37.157.2.247:0
ASN
#198622 Adform A/S

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /banners/scripts/st/trackpoint-async.js HTTP/1.1
Host: s2.adform.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 20:56:23 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 25 May 2022 11:34:23 GMT
etag: W/"552eeb5f0620fb6f56733d625b5e719e"
x-amz-request-id: tx0000000000000941672b2-0063165663-3233e6c5-default
access-control-allow-origin: *
cache-control: public, max-age=604800
x-cache-status: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

track.adform.net/Serving/TrackPoint/?pm=2130909&ADFPageName=WebsiteName%7CSectionName%7CSubSection%7CPageName&ADFdivider=%7C&ord=310381909168&Set1=en-US%7Cen-US%7C1280x1024%7C24&CPref=https%3A%2F%2Fwww.palmsbet.com%2F&ADFtpmode=2&loc=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fdice-rules-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D0b01000f-0810-46

37.157.4.25

302 Found

0 B

URL HTTP/2
track.adform.net/Serving/TrackPoint/?pm=2130909&ADFPageName=WebsiteName%7CSectionName%7CSubSection%7CPageName&ADFdivider=%7C&ord=310381909168&Set1=en-US%7Cen-US%7C1280x1024%7C24&CPref=https%3A%2F%2Fwww.palmsbet.com%2F&ADFtpmode=2&loc=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fdice-rules-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D0b01000f-0810-46
IP
37.157.4.25:0
ASN
#198622 Adform A/S

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /Serving/TrackPoint/?pm=2130909&ADFPageName=WebsiteName%7CSectionName%7CSubSection%7CPageName&ADFdivider=%7C&ord=310381909168&Set1=en-US%7Cen-US%7C1280x1024%7C24&CPref=https%3A%2F%2Fwww.palmsbet.com%2F&ADFtpmode=2&loc=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fdice-rules-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D0b01000f-0810-46 HTTP/1.1
Host: track.adform.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
server: nginx
date: Mon, 05 Sep 2022 20:56:23 GMT
content-type: text/html; charset=utf-8
location: https://track.adform.net/Serving/TrackPoint/?CC=1&pm=2130909&ADFPageName=WebsiteName%7CSectionName%7CSubSection%7CPageName&ADFdivider=%7C&ord=310381909168&Set1=en-US%7Cen-US%7C1280x1024%7C24&CPref=https%3A%2F%2Fwww.palmsbet.com%2F&ADFtpmode=2&loc=https%3A%2F%2Fwww.palmsbet.com%2Fbg%2Fpages%2Fdice-rules-lending%2F%3FmarketingCode%3DPB-0115%26tgclid%3D0b01000f-0810-46
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: C=1; domain=adform.net; expires=Wed, 05-Oct-2022 20:56:23 GMT; path=/
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

realtime-683.optimove.net/reportEvent

107.154.132.121

200 OK

0 B

URL HTTP/2
realtime-683.optimove.net/reportEvent
IP
107.154.132.121:0
ASN
#19551 INCAPSULA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /reportEvent HTTP/1.1
Host: realtime-683.optimove.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Content-Type: application/json
X-Request-ID: 7a083980-228d-44a3-9a19-373820eafde4
Origin: https://www.palmsbet.com
Content-Length: 672
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,Content-Type
content-type: application/json
date: Mon, 05 Sep 2022 20:56:24 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
set-cookie: visid_incap_2819049=DDup6TCDRnSon4+ZDmrdCnhiFmMAAAAAQUIPAAAAAADKUI2IFrzbL07rguEZXWaq; expires=Mon, 04 Sep 2023 22:14:30 GMT; HttpOnly; path=/; Domain=.optimove.net
incap_ses_275_2819049=7EL6SwZ9ZANbtXoVhP/QA3hiFmMAAAAAN7WjMUatZ7kjUrZgqQkZHw==; path=/; Domain=.optimove.net
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 4-4961519-4961527 PNYN RT(1662411383992 264) q(0 0 0 0) r(0 0) U6
X-Firefox-Spdy: h2

stream-683.optimove.net/

107.154.132.121

200 OK

0 B

URL HTTP/2
stream-683.optimove.net/
IP
107.154.132.121:0
ASN
#19551 INCAPSULA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST / HTTP/1.1
Host: stream-683.optimove.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Content-Type: application/json
X-Request-ID: 3c882929-1969-46a5-968a-8e82a749c0c8
Origin: https://www.palmsbet.com
Content-Length: 661
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-powered-by: Express
access-control-allow-origin: *
content-type: application/json; charset=utf-8
etag: W/"31-kr6II1uLoNAsWrETzhHRFNm7VKc"
date: Mon, 05 Sep 2022 20:56:27 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
set-cookie: visid_incap_2816538=fldfRpZ9R/6t0lAuu8ST8HhiFmMAAAAAQUIPAAAAAACeAG7yFWPZth09AnMbJ3pC; expires=Mon, 04 Sep 2023 22:14:30 GMT; HttpOnly; path=/; Domain=.optimove.net
incap_ses_275_2816538=T685OzB2+mlQtXoVhP/QA3tiFmMAAAAAuoILO74HIdtJjke2ZYUt2A==; path=/; Domain=.optimove.net
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 4-4961519-4961521 PNYN RT(1662411383992 3241) q(0 0 0 0) r(0 0) U6
X-Firefox-Spdy: h2

www.palmsbet.com/affiliate/?marketingCode=PB-0115&banID=&brand=ecasino&ns=w300a1muganqm4riitfvslao&clickid=w300a1muganqm4riitfvslao&pages=dice-rules-lending

104.26.7.160

200 OK

0 B

URL HTTP/2
www.palmsbet.com/affiliate/?marketingCode=PB-0115&banID=&brand=ecasino&ns=w300a1muganqm4riitfvslao&clickid=w300a1muganqm4riitfvslao&pages=dice-rules-lending
IP
104.26.7.160:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /affiliate/?marketingCode=PB-0115&banID=&brand=ecasino&ns=w300a1muganqm4riitfvslao&clickid=w300a1muganqm4riitfvslao&pages=dice-rules-lending HTTP/1.1
Host: www.palmsbet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Mon, 05 Sep 2022 20:56:20 GMT
content-type: text/html
last-modified: Tue, 23 Nov 2021 13:23:59 GMT
cache-control: no-store
access-control-allow-credentials: true
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'none'
x-xss-protection: 1
x-frame-options: DENY
strict-transport-security: max-age=63072000; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nfry9LYNlA2nVTpImnOY92OErhwfuIeDq39ZsFh30zktdHeErCUchZ16lr%2F8L79R9L7rW3i4KHZAE78j4D4UrlDKD14csmPJZXiCnUWvmir6eWqoPFrC37v7HkFb44TyKVc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7461def8080db529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

track.adform.net/serving/scripts/trackpoint/async/

37.157.4.25

301 Moved Permanently

0 B

URL HTTP/2
track.adform.net/serving/scripts/trackpoint/async/
IP
37.157.4.25:0
ASN
#198622 Adform A/S

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /serving/scripts/trackpoint/async/ HTTP/1.1
Host: track.adform.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.palmsbet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
server: nginx
date: Mon, 05 Sep 2022 20:56:22 GMT
content-type: text/html
location: https://s2.adform.net/banners/scripts/st/trackpoint-async.js
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (29)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations