urlscan.io logo urlscan.io
SecurityTrails logo

promos.williamhill.es Open in urlscan Pro
143.204.215.105  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://promos.williamhill.es/
Effective URL: https://promos.williamhill.es/
Submission: On September 13 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 19 IPs in 8 countries across 16 domains to perform 42 HTTP transactions. The main IP is 143.204.215.105, located in Seattle, United States and belongs to AMAZON-02, US. The main domain is promos.williamhill.es.
TLS certificate: Issued by HydrantID SSL ICA G2 on August 21st 2020. Valid for: a year.
This is the only time promos.williamhill.es was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 12 143.204.215.105 16509 (AMAZON-02)
5 18.195.42.228 16509 (AMAZON-02)
1 3.124.173.63 16509 (AMAZON-02)
1 2 52.50.252.133 16509 (AMAZON-02)
1 52.218.112.104 16509 (AMAZON-02)
5 104.111.215.136 16625 (AKAMAI-AS)
1 99.86.2.69 16509 (AMAZON-02)
2 163.171.138.253 54994 (QUANTILNE...)
1 108.128.250.179 16509 (AMAZON-02)
1 34.248.119.134 16509 (AMAZON-02)
1 15.236.175.233 16509 (AMAZON-02)
1 54.77.20.174 16509 (AMAZON-02)
1 13.35.253.50 16509 (AMAZON-02)
2 2a03:2880:f01... 32934 (FACEBOOK)
1 2a00:1450:400... 15169 (GOOGLE)
2 2620:1ec:c11:... 8068 (MICROSOFT...)
2 2a00:1288:f03... 10310 (YAHOO-1)
2 2a03:2880:f11... 32934 (FACEBOOK)
1 212.82.100.181 34010 (YAHOO-IRD)
42 19
12    143.204.215.105 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-105.fra53.r.cloudfront.net
promos.williamhill.es
5    18.195.42.228 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
nexus.ensighten.com
1    3.124.173.63 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-173-63.eu-central-1.compute.amazonaws.com
t.nc0.co
2    52.50.252.133 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-252-133.eu-west-1.compute.amazonaws.com
dpm.demdex.net
1    52.218.112.104 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: s3-eu-west-1-r-w.amazonaws.com
prod-s3-mlp-lp-images-ext.s3.eu-west-1.amazonaws.com
5    104.111.215.136 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-136.deploy.static.akamaitechnologies.com
tags.tiqcdn.com
1    99.86.2.69 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-2-69.fra6.r.cloudfront.net
xdata.staticcache.org
2    163.171.138.253 (Italy)

ASN54994 (QUANTILNETWORKS, US)
cmscdn.staticcache.org
1    108.128.250.179 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-250-179.eu-west-1.compute.amazonaws.com
c3.adalyser.com
1    34.248.119.134 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-119-134.eu-west-1.compute.amazonaws.com
williamhill.demdex.net
1    15.236.175.233 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-175-233.eu-west-3.compute.amazonaws.com
smetrics.williamhill.es
1    54.77.20.174 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-77-20-174.eu-west-1.compute.amazonaws.com
w.usabilla.com
1    13.35.253.50 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-253-50.fra6.r.cloudfront.net
d6tizftlrpuof.cloudfront.net
2    2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    2a00:1450:4001:81c::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
2    2a00:1288:f03d:1fa::2000 (United Kingdom)

ASN10310 (YAHOO-1, US)
s.yimg.com
2    2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    212.82.100.181 (Switzerland)

ASN34010 (YAHOO-IRD, GB)
PTR: spdc.pbp.vip.ir2.yahoo.com
sp.analytics.yahoo.com
Domain Requested by
12 promos.williamhill.es 1 redirects promos.williamhill.es
5 tags.tiqcdn.com promos.williamhill.es
tags.tiqcdn.com
5 nexus.ensighten.com promos.williamhill.es
nexus.ensighten.com
2 www.facebook.com
2 s.yimg.com nexus.ensighten.com
s.yimg.com
2 bat.bing.com nexus.ensighten.com
2 connect.facebook.net nexus.ensighten.com
connect.facebook.net
2 cmscdn.staticcache.org promos.williamhill.es
2 dpm.demdex.net 1 redirects promos.williamhill.es
1 sp.analytics.yahoo.com s.yimg.com
1 www.googletagmanager.com nexus.ensighten.com
1 d6tizftlrpuof.cloudfront.net promos.williamhill.es
1 w.usabilla.com promos.williamhill.es
1 smetrics.williamhill.es nexus.ensighten.com
1 williamhill.demdex.net nexus.ensighten.com
1 c3.adalyser.com nexus.ensighten.com
1 xdata.staticcache.org promos.williamhill.es
1 prod-s3-mlp-lp-images-ext.s3.eu-west-1.amazonaws.com promos.williamhill.es
1 t.nc0.co promos.williamhill.es
42 19
Subject Issuer Validity Valid
promos.williamhill.es
HydrantID SSL ICA G2		 2020-08-21 -
2021-08-21		 a year crt.sh
nexus.ensighten.com
DigiCert SHA2 Secure Server CA		 2019-10-03 -
2020-10-02		 a year crt.sh
t.nc0.co
DigiCert SHA2 Secure Server CA		 2020-04-24 -
2021-04-24		 a year crt.sh
*.demdex.net
DigiCert SHA2 High Assurance Server CA		 2018-01-09 -
2021-02-12		 3 years crt.sh
*.s3-eu-west-1.amazonaws.com
DigiCert Baltimore CA-2 G2		 2020-08-04 -
2021-08-09		 a year crt.sh
*.tiqcdn.com
DigiCert SHA2 Secure Server CA		 2020-03-16 -
2021-06-15		 a year crt.sh
*.staticcache.org
HydrantID SSL ICA G2		 2019-10-24 -
2020-10-24		 a year crt.sh
*.adalyser.com
Thawte RSA CA 2018		 2019-06-04 -
2021-07-07		 2 years crt.sh
smetrics.williamhill.es
DigiCert SHA2 High Assurance Server CA		 2020-05-30 -
2021-09-02		 a year crt.sh
w.usabilla.com
Amazon		 2020-04-10 -
2021-05-10		 a year crt.sh
*.cloudfront.net
DigiCert Global CA G2		 2020-05-26 -
2021-04-21		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-07-21 -
2020-10-12		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
www.bing.com
Microsoft IT TLS CA 2		 2019-04-30 -
2021-04-30		 2 years crt.sh
*.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2020-08-06 -
2020-09-20		 a month crt.sh
*.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2020-08-01 -
2021-01-28		 6 months crt.sh

This page contains 5 frames:

Primary Page: https://promos.williamhill.es/
Frame ID: 914278D1093F10D48F832122DDE72962
Requests: 38 HTTP requests in this frame

Frame: https://xdata.staticcache.org/xdata/
Frame ID: 1DFD9CFE43FF3F03ACAC6BD11D6B66F1
Requests: 1 HTTP requests in this frame

Frame: https://williamhill.demdex.net/dest5.html?d_nsid=0
Frame ID: D369DA86236E1C7A0BE49F1BB4EA2D1D
Requests: 1 HTTP requests in this frame

Frame: https://w.usabilla.com/652ba85f86e0.js?lv=1
Frame ID: EC1C3221652603784EA7CE4FDAA95ED3
Requests: 1 HTTP requests in this frame

Frame: https://d6tizftlrpuof.cloudfront.net/themes/production/williamhill-spain-button-88939dd242a6820fe35160e3b56a1236.png
Frame ID: 345CED5B18AC1B1D6A703F853DA3E0D1
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://promos.williamhill.es/ HTTP 301
    https://promos.williamhill.es/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
Overall confidence: 100%
Detected patterns
  • headers via /\(CloudFront\)$/i
Overall confidence: 100%
Detected patterns
  • headers via /\(CloudFront\)$/i
Overall confidence: 100%
Detected patterns
  • script /\/\/nexus\.ensighten\.com\//i
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i
Overall confidence: 100%
Detected patterns
  • script /^(?:https?:)?\/\/tags\.tiqcdn\.com\//i

Page Statistics

42
Requests

100 %
HTTPS

26 %
IPv6

16
Domains

19
Subdomains

19
IPs

8
Countries

880 kB
Transfer

2424 kB
Size

16
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://promos.williamhill.es/ HTTP 301
    https://promos.williamhill.es/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14
  • https://dpm.demdex.net/id?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=279422CE52785BCE0A490D4D%40AdobeOrg&d_nsid=0&ts=1600009217290 HTTP 302
  • https://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=279422CE52785BCE0A490D4D%40AdobeOrg&d_nsid=0&ts=1600009217290

42 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
promos.williamhill.es/
Redirect Chain
  • http://promos.williamhill.es/
  • https://promos.williamhill.es/
41 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://promos.williamhill.es/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.105 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-105.fra53.r.cloudfront.net
Software
/
Resource Hash
bb2b69f582ffe10aa80eba4780cf31925e0f3b5b377eff58cb8abf5667e764cc

Request headers

:method
GET
:authority
promos.williamhill.es
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
content-type
text/html; charset=utf-8
cache-control
public, max-age=120
etag
W/"a332-xY7WfV+JBmAkEDED86Rrzma4Hws"
date
Sun, 13 Sep 2020 15:00:16 GMT
set-cookie
TS018bddb2=015da7bb43a65b5bda4b13a837826b061115d5a63bccebf2a6cb28e14a463676d1a632b93f24dd3dc5d6fd8190f36bc59d2e67a604; Path=/
content-encoding
gzip
vary
Accept-Encoding
x-cache
Miss from cloudfront
via
1.1 a75b67932d84d80b40e12159613deb17.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
Kp31aSLmTWvqp7nLCGuIQs7WdgV9PmFBfkiBfHK41r_65gx1BvUf3A==

Redirect headers

Server
CloudFront
Date
Sun, 13 Sep 2020 15:00:16 GMT
Content-Type
text/html
Content-Length
183
Connection
keep-alive
Location
https://promos.williamhill.es/
X-Cache
Redirect from cloudfront
Via
1.1 89cb19c6f2c9ed0983294d3b12e80e43.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA53-C1
X-Amz-Cf-Id
4Nr36CDbTt-_tau2IaR3r1w0viaaPH6SRxK1OJE7BAtFx1TUYNXPxQ==
main.css
promos.williamhill.es/css/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://promos.williamhill.es/css/main.css
Requested by
Host: promos.williamhill.es
URL: https://promos.williamhill.es/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.105 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-105.fra53.r.cloudfront.net
Software
/
Resource Hash
77b8e855ed08efdd10041c49aa8dc12b6b217f3ed7d061eda9c7e5c8a2ad2719

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 13 Sep 2020 14:56:59 GMT
content-encoding
gzip
last-modified
Thu, 02 Jul 2020 14:29:21 GMT
age
198
etag
W/"1384-1730fee95e8"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
text/css; charset=UTF-8
status
200
cache-control
public, max-age=120
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
pFuD_OLC-5YzrCdAAJ9RxaTnOYWFPDCiFC4l0KjY8NlNcHZK5eOjog==
via
1.1 a75b67932d84d80b40e12159613deb17.cloudfront.net (CloudFront)
whHoxton-Regular.woff2
promos.williamhill.es/static/fonts/ 		25 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://promos.williamhill.es/static/fonts/whHoxton-Regular.woff2
Requested by
Host: promos.williamhill.es
URL: https://promos.williamhill.es/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.105 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-105.fra53.r.cloudfront.net
Software
/
Resource Hash
19d7e4a20d3fc05bcaacc3732ccf79acfad9ddb209bf6d1a43ca3dcbe118f7ad

Request headers

Origin
https://promos.williamhill.es
Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 13 Sep 2020 15:00:17 GMT
via
1.1 a75b67932d84d80b40e12159613deb17.cloudfront.net (CloudFront)
last-modified
Thu, 02 Jul 2020 14:29:21 GMT
x-amz-cf-pop
FRA53-C1
etag
W/"6528-1730fee95e8"
x-cache
Miss from cloudfront
content-type
font/woff2
status
200
cache-control
public, max-age=120
accept-ranges
bytes
content-length
25896
x-amz-cf-id
5pd5mQfIlPhK0k_aw2XpEcxsVj6h1Z_Z-q8h_xNwf3XzIYjOanlCJQ==
whHoxton-Heavy.woff2
promos.williamhill.es/static/fonts/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://promos.williamhill.es/static/fonts/whHoxton-Heavy.woff2
Requested by
Host: promos.williamhill.es
URL: https://promos.williamhill.es/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.105 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-105.fra53.r.cloudfront.net
Software
/
Resource Hash
ea6ab236fb2634b1eeb99cc5b8aeb9be50ad32a484b1f0e88bd799ef91bd2e9c

Request headers

Origin
https://promos.williamhill.es
Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 13 Sep 2020 14:58:45 GMT
via
1.1 a75b67932d84d80b40e12159613deb17.cloudfront.net (CloudFront)
last-modified
Thu, 02 Jul 2020 14:29:21 GMT
age
92
etag
W/"670c-1730fee95e8"
x-cache
Hit from cloudfront
content-type
font/woff2
status
200
cache-control
public, max-age=120
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-length
26380
x-amz-cf-id
yqvBavIj08NQxxS_o3Ec8-POulwNuq11FItlb_MulqcGyq0AsPsOUQ==
whHoxton-Bold.woff2
promos.williamhill.es/static/fonts/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://promos.williamhill.es/static/fonts/whHoxton-Bold.woff2
Requested by
Host: promos.williamhill.es
URL: https://promos.williamhill.es/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.105 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-105.fra53.r.cloudfront.net
Software
/
Resource Hash
dfd775e1deb97cf6e80af19b786f9a7a12aca7e65b20d2f1e496ba2eb9d8c45c

Request headers

Origin
https://promos.williamhill.es
Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 13 Sep 2020 14:57:06 GMT
via
1.1 a75b67932d84d80b40e12159613deb17.cloudfront.net (CloudFront)
last-modified
Thu, 02 Jul 2020 14:29:21 GMT
age
191
etag
W/"6680-1730fee95e8"
x-cache
RefreshHit from cloudfront
content-type
font/woff2
status
200
cache-control
public, max-age=120
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-length
26240
x-amz-cf-id
ohSA6bKVV_CdW83XIWo2fIXIgYSUSGeUwhQ1RxqAznxiYcUZ5286KQ==
whFooterIcons-Regular.woff2
promos.williamhill.es/static/fonts/ 		0
408 B 		Font
General
Check archive.org
Download Go to
Full URL
https://promos.williamhill.es/static/fonts/whFooterIcons-Regular.woff2
Requested by
Host: promos.williamhill.es
URL: https://promos.williamhill.es/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.105 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-105.fra53.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Origin
https://promos.williamhill.es
Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 13 Sep 2020 15:00:17 GMT
via
1.1 a75b67932d84d80b40e12159613deb17.cloudfront.net (CloudFront)
last-modified
Thu, 02 Jul 2020 14:29:21 GMT
x-amz-cf-pop
FRA53-C1
etag
W/"0-1730fee95e8"
x-cache
Miss from cloudfront
content-type
font/woff2
status
200
cache-control
public, max-age=120
accept-ranges
bytes
content-length
0
x-amz-cf-id
poFIFXN-bPBwIVd-Nwdek1bfRtrH4kgPfRFoGbrFDqB1LXGNSxujdQ==
whFooterIcons-Regular.woff
promos.williamhill.es/static/fonts/ 		29 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://promos.williamhill.es/static/fonts/whFooterIcons-Regular.woff
Requested by
Host: promos.williamhill.es
URL: https://promos.williamhill.es/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.105 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-105.fra53.r.cloudfront.net
Software
/
Resource Hash
4a09d1701a67fad305af63fc62a17c85c541ef2ef5509672489c576b00f6b5ff

Request headers

Origin
https://promos.williamhill.es
Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 13 Sep 2020 14:58:46 GMT
via
1.1 a75b67932d84d80b40e12159613deb17.cloudfront.net (CloudFront)
last-modified
Thu, 02 Jul 2020 14:29:21 GMT
age
91
etag
W/"72d0-1730fee95e8"
x-cache
Hit from cloudfront
content-type
font/woff
status
200
cache-control
public, max-age=120
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-length
29392
x-amz-cf-id
NRjEUJn7a-YkuLGDPvQpEJtAiLIteIUKjVDqAdo1EB9JRtB7qS518g==
Bootstrap.js
nexus.ensighten.com/williamhill/ 		54 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/williamhill/Bootstrap.js
Requested by
Host: promos.williamhill.es
URL: https://promos.williamhill.es/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
f025438a1520737b1c015a3079db5fcc18063ac754e92a0c02cb7608f47bf2c3

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 13 Sep 2020 15:00:17 GMT
content-encoding
gzip
last-modified
Tue, 04 Aug 2020 08:19:00 GMT
server
nginx
etag
W/"5f2919f4-d68c"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
cache-control
max-age=300
8bf232351466b6fd0388e66fce8467ab.svg
promos.williamhill.es/static/img/ 		9 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://promos.williamhill.es/static/img/8bf232351466b6fd0388e66fce8467ab.svg
Requested by
Host: promos.williamhill.es
URL: https://promos.williamhill.es/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.105 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-105.fra53.r.cloudfront.net
Software
/
Resource Hash
a4559b97d1ccf6c3f9b9261fbb5dec1fec4accb13224e11f30b22d0755f814e6

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 13 Sep 2020 15:00:17 GMT
content-encoding
gzip
last-modified
Thu, 02 Jul 2020 14:29:21 GMT
x-amz-cf-pop
FRA53-C1
etag
W/"232d-1730fee95e8"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
image/svg+xml
status
200
cache-control
public, max-age=120
x-amz-cf-id
G7v5bU1431ASfF5-Kv-unjbaZMFNDz4Nn02xDjBqF327_03arP87NA==
via
1.1 a75b67932d84d80b40e12159613deb17.cloudfront.net (CloudFront)
index.js
promos.williamhill.es/js/ 		710 KB
216 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://promos.williamhill.es/js/index.js
Requested by
Host: promos.williamhill.es
URL: https://promos.williamhill.es/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.105 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-105.fra53.r.cloudfront.net
Software
/
Resource Hash
d6b45d2e926a3baf9c95cee815dec9868e72f1a12106e76cb048fddac40cf3dd

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 13 Sep 2020 14:57:06 GMT
content-encoding
gzip
last-modified
Thu, 02 Jul 2020 14:29:21 GMT
age
191
etag
W/"b1740-1730fee95e8"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript; charset=UTF-8
status
200
cache-control
public, max-age=120
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
DF6IlBTA-9oN5I-tF63QMeh_31d0PcxqUunr4qvCfjOV---DIhNFmw==
via
1.1 a75b67932d84d80b40e12159613deb17.cloudfront.net (CloudFront)
/
t.nc0.co/pc/williamhill/ 		42 B
341 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.nc0.co/pc/williamhill/?bootstrapFired=true
Requested by
Host: promos.williamhill.es
URL: https://promos.williamhill.es/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.124.173.63 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-173-63.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 13 Sep 2020 15:00:17 GMT
server
nginx
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
x-offsite-uuid
8072426f-9d85-4e9b-875d-4071071cb5e1
content-length
42
expires
Thu, 01 Jan 1970 00:00:00 GMT
serverComponent.php
nexus.ensighten.com/williamhill/prod/ 		493 B
635 B 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/williamhill/prod/serverComponent.php?r=43000009.409594074&ClientID=154&PageID=https%3A%2F%2Fpromos.williamhill.es%2F
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/williamhill/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e2267673ee0b90561acda2b61a4b2d1d223bb4c9164746b021fd29ea194208cc

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Sun, 13 Sep 2020 15:00:17 GMT
cache-control
no-cache, no-store
server
nginx
content-type
text/javascript
content-length
493
expires
Sun, 13 Sep 2020 15:00:16 GMT
aca0c1613c515c1ae6cb469c64864f7f.js
nexus.ensighten.com/williamhill/prod/code/ 		60 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/williamhill/prod/code/aca0c1613c515c1ae6cb469c64864f7f.js?conditionId0=423262
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/williamhill/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
9ac90cf7dd8b1a38632ed93cd9be05468a2054be02377a7913822f3e37daec94

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 13 Sep 2020 15:00:17 GMT
content-encoding
gzip
last-modified
Tue, 04 Aug 2020 08:19:00 GMT
server
nginx
etag
W/"5f2919f4-efdf"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
cache-control
max-age=315360000
5426819d386b3ba4c5824f1cbab2e795.js
nexus.ensighten.com/williamhill/prod/code/ 		110 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/williamhill/prod/code/5426819d386b3ba4c5824f1cbab2e795.js?conditionId0=209495
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/williamhill/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
0a42e92df772e54b0d083bec0e0f27130599aa027d7a6612373abd4b22214de7

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 13 Sep 2020 15:00:17 GMT
content-encoding
gzip
last-modified
Wed, 29 Jul 2020 09:32:00 GMT
server
nginx
etag
W/"5f214210-1b7a5"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
cache-control
max-age=315360000
47a9a67a32b7b23c526a3fecf4caf091.js
nexus.ensighten.com/williamhill/prod/code/ 		111 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/williamhill/prod/code/47a9a67a32b7b23c526a3fecf4caf091.js?conditionId0=402701
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/williamhill/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
60a90cd4e5df13d1a8f205abe3130e465d6f33a4b7ce87c31b56079c34e5e7cb

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 13 Sep 2020 15:00:17 GMT
content-encoding
gzip
last-modified
Wed, 29 Jul 2020 09:32:00 GMT
server
nginx
etag
W/"5f214210-1bad1"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
cache-control
max-age=315360000
rd
dpm.demdex.net/id/
Redirect Chain
  • https://dpm.demdex.net/id?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=279422CE52785BCE0A490D4D%40AdobeOrg&d_nsid=0&ts=1600009217290
  • https://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=279422CE52785BCE0A490D4D%40AdobeOrg&d_nsid=0&ts=1600009217290
2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=279422CE52785BCE0A490D4D%40AdobeOrg&d_nsid=0&ts=1600009217290
Requested by
Host: promos.williamhill.es
URL: https://promos.williamhill.es/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.50.252.133 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-50-252-133.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
44700b48df141e0f66b60fbe60ce726b23cad33e21de73c0721f08b53b7c0d5f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS
dcs-prod-irl1-v081-01fbe066d.edge-irl1.demdex.com 5.78.0.20200908113611 3ms (+0ms)
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-TID
WBA0yj12QxU=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://promos.williamhill.es
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
747
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Access-Control-Allow-Origin
https://promos.williamhill.es
X-TID
jp6kM/G6T6M=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=279422CE52785BCE0A490D4D%40AdobeOrg&d_nsid=0&ts=1600009217290
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
7699f97ad5003418a8885bc3267c72cf.svg
promos.williamhill.es/static/img/ 		5 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://promos.williamhill.es/static/img/7699f97ad5003418a8885bc3267c72cf.svg
Requested by
Host: promos.williamhill.es
URL: https://promos.williamhill.es/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.105 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-105.fra53.r.cloudfront.net
Software
/
Resource Hash
7fa1bbda1be41722b85e7b8bc875cbec959889071c1ba606a00ae1672512f108

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 13 Sep 2020 15:00:17 GMT
content-encoding
gzip
last-modified
Thu, 02 Jul 2020 14:29:21 GMT
x-amz-cf-pop
FRA53-C1
etag
W/"137b-1730fee95e8"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
image/svg+xml
status
200
cache-control
public, max-age=120
x-amz-cf-id
iRpZvKMFMqyr5VbPDEO-G0Uw6hQUmN983LY-O3KGyIuO4J352d1jhQ==
via
1.1 a75b67932d84d80b40e12159613deb17.cloudfront.net (CloudFront)
xtV5Fe2imB3vv.jpeg
prod-s3-mlp-lp-images-ext.s3.eu-west-1.amazonaws.com/ 		61 KB
61 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prod-s3-mlp-lp-images-ext.s3.eu-west-1.amazonaws.com/xtV5Fe2imB3vv.jpeg
Requested by
Host: promos.williamhill.es
URL: https://promos.williamhill.es/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.218.112.104 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-eu-west-1-r-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
b48f74352561c4535f0000798bea927187180b98b6d6f631af380de01f8f1544

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 13 Sep 2020 15:00:18 GMT
Last-Modified
Tue, 22 Oct 2019 09:26:40 GMT
Server
AmazonS3
x-amz-request-id
C3B2D662EC308AC3
ETag
"0f9a56a8f4d87d18a45535ad9c0e12b3"
x-amz-version-id
null
Cache-Control
public, max-age=86400
Accept-Ranges
bytes
Content-Type
image/jpeg
Content-Length
62249
x-amz-id-2
YHDPvRhhFvdX+HKRI261PqGLSjdNw2Y6MbB8vOpXFIkrUcpazotzyJ3qoSmRZcEU4Mqal0zpQn8=
896c78df33e807b34b5bd4f0d9b26458.png
promos.williamhill.es/static/img/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://promos.williamhill.es/static/img/896c78df33e807b34b5bd4f0d9b26458.png
Requested by
Host: promos.williamhill.es
URL: https://promos.williamhill.es/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.105 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-105.fra53.r.cloudfront.net
Software
/
Resource Hash
2c4ee110c985018b9c72a1fda22fa771326dd81fbc507e5dafa7483754ca5bcb

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 13 Sep 2020 15:00:17 GMT
via
1.1 a75b67932d84d80b40e12159613deb17.cloudfront.net (CloudFront)
last-modified
Thu, 02 Jul 2020 14:29:21 GMT
x-amz-cf-pop
FRA53-C1
etag
W/"11fa-1730fee95e8"
x-cache
Miss from cloudfront
content-type
image/png
status
200
cache-control
public, max-age=120
accept-ranges
bytes
content-length
4602
x-amz-cf-id
zFiCe1d-k9CeVc-ccS9m55Pq7rwHq6eVWrFdROzG-ojvAWJNuLCn3g==
utag.js
tags.tiqcdn.com/utag/williamhillgroup/uk-web/prod/ 		384 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/williamhillgroup/uk-web/prod/utag.js
Requested by
Host: promos.williamhill.es
URL: https://promos.williamhill.es/js/index.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.215.136 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-215-136.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
2801ec657b08a94a80ba72f6d4cc69bc729e03abd1428d7edd71bfac9624c661

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 13 Sep 2020 15:00:17 GMT
content-encoding
gzip
last-modified
Wed, 02 Sep 2020 09:13:39 GMT
server
AkamaiNetStorage
etag
"857b3d63fd22a84f7d6ea5faedbd6f19:1599038019.471216"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=300
accept-ranges
bytes
expires
Sun, 13 Sep 2020 15:05:17 GMT
/
xdata.staticcache.org/xdata/ Frame 1DFD 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://xdata.staticcache.org/xdata/
Requested by
Host: promos.williamhill.es
URL: https://promos.williamhill.es/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.2.69 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-2-69.fra6.r.cloudfront.net
Software
CloudFront /
Resource Hash

Request headers

:method
GET
:authority
xdata.staticcache.org
:scheme
https
:path
/xdata/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://promos.williamhill.es/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://promos.williamhill.es/

Response headers

status
403
server
CloudFront
date
Sun, 13 Sep 2020 15:00:17 GMT
content-type
text/html
content-length
919
x-cache
Error from cloudfront
via
1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
oyswsiwQpRWgzLWORYa-ipI-urbc-vXT3u8toBvW84LkQqlNcG0Yvg==
SIgn-Up-Standard-Promo-Code-Crystal-Mark-23333.jpg
cmscdn.staticcache.org/assets/image/0008/1458908/ 		53 KB
53 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cmscdn.staticcache.org/assets/image/0008/1458908/SIgn-Up-Standard-Promo-Code-Crystal-Mark-23333.jpg
Requested by
Host: promos.williamhill.es
URL: https://promos.williamhill.es/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
163.171.138.253 , Italy, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software
PWS/8.3.1.0.8 /
Resource Hash
8c5c0b4dfbd809ad07d842f537d60412ada33e3cb36cbae47116b436cb0d5dd9

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 13 Sep 2020 15:00:17 GMT
via
1.1 9e28401e60919ee8bf74bc97f07d0ae1.cloudfront.net (CloudFront), 1.1 ml64:3 (W), 1.1 PSydlmlMIL1ey63:8 (W)
age
13695
status
200
x-px
ht PSydlmlMIL1ey63MXP
content-length
54108
last-modified
Tue, 31 Mar 2020 10:57:01 GMT
server
PWS/8.3.1.0.8
etag
"5e8321fd-d35c"
x-ws-request-id
5f5e3401_PSydlmlMIL1tm59_9143-24214
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=21600
x-amz-cf-pop
MXP64-C1
accept-ranges
bytes
x-amz-cf-id
0NmGFmKLXrhsxBCro9rCAmNlrY5qupQYMCg-PX6y3H4q_GgzXxLzMA==
expires
Sun, 13 Sep 2020 17:12:02 GMT
Free-Bet-Terms-Metadata-Crystal-Mark-23338.jpg
cmscdn.staticcache.org/assets/image/0004/1458814/ 		54 KB
54 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cmscdn.staticcache.org/assets/image/0004/1458814/Free-Bet-Terms-Metadata-Crystal-Mark-23338.jpg
Requested by
Host: promos.williamhill.es
URL: https://promos.williamhill.es/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
163.171.138.253 , Italy, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software
PWS/8.3.1.0.8 /
Resource Hash
987d4dc73370c1f25093685b7c32132e3b5809c325a165639e26c82968873144

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 13 Sep 2020 15:00:17 GMT
via
1.1 0c978a13e60975108c0dd1f18364108e.cloudfront.net (CloudFront), 1.1 ml64:1 (W), 1.1 PSydlmlMIL1ey63:12 (W)
age
13976
status
200
x-px
ht PSydlmlMIL1ey63MXP
content-length
54797
x-upgrade-enabled
off
last-modified
Tue, 31 Mar 2020 09:17:11 GMT
server
PWS/8.3.1.0.8
etag
"5e830a97-d60d"
x-ws-request-id
5f5e3401_PSydlmlMIL1tm59_9143-24215
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=21600
x-amz-cf-pop
MXP64-C2
accept-ranges
bytes
x-amz-cf-id
kx8wL9nhLq8bkhQrVRb8VzjnObxOGX8aeMQXuNDsO1JsCAg4U4uUBA==
expires
Sun, 13 Sep 2020 17:07:21 GMT
/
c3.adalyser.com/ 		0
225 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c3.adalyser.com/?source=direct&medium=none&campaign=direct&content=(not%20set)&keyword=(not%20set)&domain=promos.williamhill.es&url=https%3A%2F%2Fpromos.williamhill.es%2F&firstVisit=1600009217782&conversionWindowStart=1600009217782&sessionStart=1600009217782&landingPage=https%3A%2F%2Fpromos.williamhill.es%2F&userAgent=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F83.0.4103.61%20Safari%2F537.36&device=desktop&rnd=3666201146631
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/williamhill/prod/code/aca0c1613c515c1ae6cb469c64864f7f.js?conditionId0=423262
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.128.250.179 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-108-128-250-179.eu-west-1.compute.amazonaws.com
Software
/ Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Sun, 13 Sep 2020 15:00:18 GMT
Connection
keep-alive
Access-Control-Allow-Headers
*
X-Powered-By
Express
Content-Length
0
content-type
application/javascript
Cookie set dest5.html
williamhill.demdex.net/ Frame D369 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://williamhill.demdex.net/dest5.html?d_nsid=0
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/williamhill/prod/code/47a9a67a32b7b23c526a3fecf4caf091.js?conditionId0=402701
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.248.119.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-119-134.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Host
williamhill.demdex.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://promos.williamhill.es/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
demdex=85243255657174314614467381465354228589
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://promos.williamhill.es/

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=21600
Content-Encoding
gzip
Content-Type
text/html
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified
Wed, 09 Sep 2020 13:43:32 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Set-Cookie
demdex=85243255657174314614467381465354228589;Path=/;Domain=.demdex.net;Expires=Fri, 12-Mar-2021 15:00:18 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding, User-Agent
X-TID
DW4gYeNPQJs=
Content-Length
2785
Connection
keep-alive
id
smetrics.williamhill.es/ 		48 B
486 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://smetrics.williamhill.es/id?d_visid_ver=2.1.0&d_fieldgroup=A&mcorgid=279422CE52785BCE0A490D4D%40AdobeOrg&mid=88841030059319730273528996553489006187&ts=1600009217859
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/williamhill/prod/code/47a9a67a32b7b23c526a3fecf4caf091.js?conditionId0=402701
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.236.175.233 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-236-175-233.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
a264b2919f4059ad6b641a76b2211fa66c168897135461638117a7bd98eeddd5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

status
200
date
Sun, 13 Sep 2020 15:00:18 GMT
x-content-type-options
nosniff
server
jag
xserver
anedge-5bd4cfd76-2dhkm
vary
Origin
x-c
master-1347.Ibe097b.M0-443
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://promos.williamhill.es
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
content-type
application/x-javascript;charset=utf-8
content-length
48
x-xss-protection
1; mode=block
utag.97.js
tags.tiqcdn.com/utag/williamhillgroup/uk-web/prod/ 		22 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/williamhillgroup/uk-web/prod/utag.97.js?utv=ut4.46.202009020913
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/williamhillgroup/uk-web/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.215.136 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-215-136.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
9ed9077756e6056f7fce97ed483b5a208d5190e96848a9a7a3010c0432e7aa6c

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 13 Sep 2020 15:00:18 GMT
content-encoding
gzip
last-modified
Wed, 02 Sep 2020 09:13:43 GMT
server
AkamaiNetStorage
etag
"2cac87ca3944c7a0d148cdf17e3cdc49:1599038023.108215"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
6041
expires
Mon, 28 Sep 2020 15:00:18 GMT
utag.27.js
tags.tiqcdn.com/utag/williamhillgroup/uk-web/prod/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/williamhillgroup/uk-web/prod/utag.27.js?utv=ut4.46.201911121032
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/williamhillgroup/uk-web/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.215.136 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-215-136.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
242c6b29d1d453ced8ff425cbbb45922da68e9609ca6e949bac0b8c7db4715d0

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 13 Sep 2020 15:00:18 GMT
content-encoding
gzip
last-modified
Wed, 20 Nov 2019 12:16:44 GMT
server
AkamaiNetStorage
etag
"50df27eabb5119c8a98425087f1cad29:1574252205.027142"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1478
expires
Mon, 28 Sep 2020 15:00:18 GMT
utag.339.js
tags.tiqcdn.com/utag/williamhillgroup/uk-web/prod/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/williamhillgroup/uk-web/prod/utag.339.js?utv=ut4.46.202006241051
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/williamhillgroup/uk-web/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.215.136 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-215-136.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
d4cceaae56460590ead5962aa4613648e48ca2072cddde879484186caef16dc4

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 13 Sep 2020 15:00:18 GMT
content-encoding
gzip
last-modified
Tue, 17 Mar 2020 11:29:32 GMT
server
AkamaiNetStorage
etag
"ab793119ef61e49240432f20f22a933b:1584444572.17907"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
2389
expires
Mon, 28 Sep 2020 15:00:18 GMT
652ba85f86e0.js
w.usabilla.com/ Frame EC1C 		34 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://w.usabilla.com/652ba85f86e0.js?lv=1
Requested by
Host: promos.williamhill.es
URL: https://promos.williamhill.es/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.77.20.174 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-77-20-174.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
64cf2c9db7e93cf0365b310a76afb336bbb816324233daff0ff54f2826e62c53

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 13 Sep 2020 15:00:18 GMT
content-encoding
gzip
x-widget-server
2.1
etag
"3961d8a5030df257eee48e3c27925bc7"
content-type
text/javascript
status
200
cache-control
public,max-age=0
content-length
10830
utag.v.js
tags.tiqcdn.com/utag/tiqapp/ 		2 B
202 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=williamhillgroup/uk-web/202009020913&cb=1600009218276
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/williamhillgroup/uk-web/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.215.136 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-215-136.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 13 Sep 2020 15:00:18 GMT
last-modified
Thu, 14 Apr 2016 16:57:51 GMT
server
AkamaiNetStorage
etag
"7bc0ee636b3b83484fc3b9348863bd22:1460653071"
content-type
application/x-javascript
status
200
cache-control
max-age=600
accept-ranges
bytes
content-length
2
expires
Sun, 13 Sep 2020 15:10:18 GMT
williamhill-spain-button-88939dd242a6820fe35160e3b56a1236.png
d6tizftlrpuof.cloudfront.net/themes/production/ Frame 345C 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d6tizftlrpuof.cloudfront.net/themes/production/williamhill-spain-button-88939dd242a6820fe35160e3b56a1236.png
Requested by
Host: promos.williamhill.es
URL: https://promos.williamhill.es/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.35.253.50 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-253-50.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c6445c0199eb284bbf509d985be267d94002b2a17a7b9a822857dd1fe6293300

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 26 May 2020 12:36:30 GMT
Via
1.1 c26b8e74df43cd99786e716221463d0c.cloudfront.net (CloudFront)
Connection
keep-alive
Last-Modified
Thu, 26 Sep 2019 12:17:04 GMT
Server
AmazonS3
Age
9512629
ETag
"88939dd242a6820fe35160e3b56a1236"
X-Cache
Hit from cloudfront
x-amz-version-id
DiyHOM.mN2oAlbxCMPYQOZK3DpRoyB33
Cache-Control
max-age=315360000, no-transform, public
X-Amz-Cf-Pop
FRA6-C1
Accept-Ranges
bytes
Content-Type
image/png
Content-Length
3972
X-Amz-Cf-Id
R1ujaEijDX3EfJrz5erMh2_OOAju0Jb2vFQgNXjm3bc9ICvxLEgmeg==
fbevents.js
connect.facebook.net/en_US/ 		103 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/williamhill/prod/code/aca0c1613c515c1ae6cb469c64864f7f.js?conditionId0=423262
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
eecdf607f41793e61a58937f215d9b1192888fc67ba525b041b05f2b3ab9685f
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
22450
x-xss-protection
0
pragma
public
x-fb-debug
vMtJWxBk9hQ1LAFeeWVByi1JGikixz5gvQ18EBM+qoED2tFYqH5yIdnx1Y1wWmCIpsLgAsS6Ngt2BHFw762scQ==
x-fb-trip-id
664085054
x-frame-options
DENY
date
Sun, 13 Sep 2020 15:00:19 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires
Sat, 01 Jan 2000 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		88 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-4897992
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/williamhill/prod/code/aca0c1613c515c1ae6cb469c64864f7f.js?conditionId0=423262
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
cff51a038124c884bfd09bf2b254d1245ed1ade51de7f966c308466b54fd5219
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 13 Sep 2020 15:00:19 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35650
x-xss-protection
0
expires
Sun, 13 Sep 2020 15:00:19 GMT
bat.js
bat.bing.com/ 		26 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/williamhill/prod/code/aca0c1613c515c1ae6cb469c64864f7f.js?conditionId0=423262
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5c622f5433cbb6ea1df5c0dd8671e55ef7d1464366074730473c453de50a579b

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 13 Sep 2020 15:00:19 GMT
content-encoding
gzip
last-modified
Thu, 16 Jul 2020 20:00:00 GMT
x-msedge-ref
Ref A: 538F45749AE44999BF509E98F65ACA08 Ref B: FRAEDGE1215 Ref C: 2020-09-13T15:00:19Z
status
200
etag
"0e0bdafab5bd61:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
8022
ytc.js
s.yimg.com/wi/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/wi/ytc.js
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/williamhill/prod/code/aca0c1613c515c1ae6cb469c64864f7f.js?conditionId0=423262
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1, US),
Reverse DNS
Software
ATS /
Resource Hash
88cf2c9a4c4bcef2aa64fb6ea0f337f78e9a7dc61d87993441369fa5cb429d32
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

ats-carp-promotion
1
date
Sun, 13 Sep 2020 14:23:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2196
x-amz-server-side-encryption
AES256
status
200
vary
Origin, Accept-Encoding
content-length
5573
x-amz-id-2
a9VT1hJ7Ov9L39XFVpXMyNPQjkPuwYEHONPEOKkCet1TfH2dLPM3Qd88TE0ce3c8ErBX7+mL5Uo=
referrer-policy
no-referrer-when-downgrade
x-amz-expiration
expiry-date="Thu, 16 Sep 2021 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified
Tue, 11 Aug 2020 09:21:22 GMT
server
ATS
etag
"4af30fdfb3f25202fae672877237b12e-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
x-amz-request-id
86AA906FDA01A73A
x-xss-protection
1; mode=block
cache-control
public,max-age=3600
x-amz-version-id
v0T4VwTcSKojm0k.rRPUA2jezlg4p0ZC
accept-ranges
bytes
content-type
application/javascript
590498974372583
connect.facebook.net/signals/config/ 		355 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/590498974372583?v=2.9.5&r=c2
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
fe9ab937b93b1e828df36acb0227257769e4645013414d6c4ac9348f5b82a510
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
cxfaDxqCWSlgSMVzIxwFF0Gdk2CbZ9wRP7qji5pUixG+a3NmU1EuwzRB7gFQMMQBEeB5dbVr+DAd/mjiic51Uw==
x-fb-trip-id
664085054
x-frame-options
DENY
date
Sun, 13 Sep 2020 15:00:19 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
0
bat.bing.com/action/ 		0
93 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=4018288&Ver=2&mid=761bdd70-5bec-4d13-c7e0-37f3388083ef&sid=cbb161cebeac55c9e00ac5778339ce7c&vid=842e8747a790f8fd1b79fd77beca618f&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=William%20Hill%20-%20Home%20of%20Betting&p=https%3A%2F%2Fpromos.williamhill.es%2F&r=&lt=2073&evt=pageLoad&msclkid=N&sv=1&rn=815742
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
204
pragma
no-cache
date
Sun, 13 Sep 2020 15:00:19 GMT
cache-control
no-cache, must-revalidate
x-msedge-ref
Ref A: 4642D59D08A8495DADD63D40C910C1AC Ref B: FRAEDGE1215 Ref C: 2020-09-13T15:00:19Z
access-control-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
10058667.json
s.yimg.com/wi/config/ 		2 B
493 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/wi/config/10058667.json
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1, US),
Reverse DNS
Software
ATS /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 13 Sep 2020 15:00:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1
status
200
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-amz-request-id
29FA1D377E629F4D
x-amz-id-2
cW2dVK47c4sq0Cn/OkyL0ICveftueDXZpiyIs7gClG6mZtal3vRRWppVWL9R4xiGXyQjDkPzJdM=
referrer-policy
no-referrer-when-downgrade
server
ATS
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
public,max-age=3600
content-length
22
/
www.facebook.com/tr/ 		44 B
263 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=590498974372583&ev=PageView&dl=https%3A%2F%2Fpromos.williamhill.es%2F&rl=&if=false&ts=1600009219692&sw=1600&sh=1200&v=2.9.5&r=c2&ec=0&o=30&fbp=fb.1.1600009219691.792025872&it=1600009219602&coo=false&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 13 Sep 2020 15:00:19 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Sun, 13 Sep 2020 15:00:19 GMT
sp.pl
sp.analytics.yahoo.com/ 		0
857 B 		Script
General
Check archive.org
Download Go to
Full URL
https://sp.analytics.yahoo.com/sp.pl?a=10000&d=Sun%2C%2013%20Sep%202020%2015%3A00%3A20%20GMT&n=-2d&b=William%20Hill%20-%20Home%20of%20Betting&.yp=10058667&f=https%3A%2F%2Fpromos.williamhill.es%2F&enc=UTF-8&tagmgr=gtm%2Censighten
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.82.100.181 , Switzerland, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
spdc.pbp.vip.ir2.yahoo.com
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 13 Sep 2020 15:00:20 GMT
X-Content-Type-Options
nosniff
Age
0
Connection
keep-alive
Content-Length
0
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Server
ATS
X-Frame-Options
DENY
Expect-CT
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
Strict-Transport-Security
max-age=31536000
Content-Type
application/x-javascript
Cache-Control
no-cache, private, must-revalidate
Accept-Ranges
bytes
Expires
Sun, 13 Sep 2020 15:00:20 GMT
/
www.facebook.com/tr/ 		44 B
151 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=590498974372583&ev=Microdata&dl=https%3A%2F%2Fpromos.williamhill.es%2F&rl=&if=false&ts=1600009221195&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22William%20Hill%20-%20Home%20of%20Betting%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.5&r=c2&ec=1&o=30&fbp=fb.1.1600009219691.792025872&it=1600009219602&coo=false&es=automatic&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://promos.williamhill.es/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 13 Sep 2020 15:00:21 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Sun, 13 Sep 2020 15:00:21 GMT

Verdicts & Comments Add Verdict or Comment

83 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes object| ensBootstraps object| Bootstrapper number| _delay function| _log function| targetPageParams function| trk_get_settings object| _enslog string| sName object| trk_settings string| trk_account function| trk_doPlugins function| s_getLoadTime string| s_code string| s_objectID function| s_gi function| s_giqf string| tld string| site string| s_an function| s_sp function| s_jn function| s_rep function| s_d function| s_fe function| s_fa function| s_ft object| s_c_il number| s_c_in object| trk number| s_giq string| _fn function| Visitor object| visitor function| mboxCreate object| adobe string| s_account object| s function| s_doPlugins function| AppMeasurement_Module_AudienceManagement function| AppMeasurement function| s_pgicq object| s_whg function| DIL object| __core-js_shared__ object| core function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| PubSub number| __global_unique_id__ object| __SECRET_EMOTION__ object| utag_cfg_ovrd string| key string| accountId string| defaultLP string| k number| s_loadT object| data_obj object| AdalyserTracker boolean| utag_condload object| utag boolean| __tealium_twc_switch object| AnalyticsTactical object| mktInfo function| getMarketingData function| captureMarketingData function| usabillaIsVisible function| lightningjs function| usabilla_live string| gtagRename object| dataLayer function| gtag function| snaptr function| fbq function| _fbq object| uetq object| dotq function| UET object| google_tag_manager object| google_tag_data object| YAHOO

16 Cookies

Domain/Path Name / Value
.demdex.net/ Name: dextp
Value: 358-1-1600009218271|771-1-1600009218286|1123-1-1600009218301|1175-1-1600009218317|22052-1-1600009218333|30064-1-1600009218348|121998-1-1600009218363|199624-1-1600009218379
.demdex.net/ Name: demdex
Value: 85243255657174314614467381465354228589
.williamhill.es/ Name: AMCV_279422CE52785BCE0A490D4D%40AdobeOrg
Value: 1099438348%7CMCIDTS%7C18519%7CMCMID%7C88841030059319730273528996553489006187%7CMCAAMLH-1600614017%7C6%7CMCAAMB-1600614017%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1600016417s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C2.1.0
.williamhill.es/ Name: s_ecid
Value: MCMID%7C88841030059319730273528996553489006187
promos.williamhill.es/ Name: __adal_first_visit
Value: 1600009217782
promos.williamhill.es/ Name: __adal_campaign
Value: source=direct&medium=none&campaign=direct&content=(not%20set)&keyword=(not%20set)
promos.williamhill.es/ Name: __adal_session_start
Value: 1600009217782
.williamhill.es/ Name: AMCVS_279422CE52785BCE0A490D4D%40AdobeOrg
Value: 1
promos.williamhill.es/ Name: __adal_last_visit
Value: 1600009217782
promos.williamhill.es/ Name: __adal_conversion_window_start
Value: 1600009217782
promos.williamhill.es/ Name: __adal_landing
Value: https://promos.williamhill.es/
.williamhill.es/ Name: s_fid
Value: 39494F96FC138871-0532A3437BA5F3A2
.williamhill.es/ Name: trk_jsoncookie
Value: %7B%22visittype%22%3A%22nonc%22%2C%22cb%22%3A%22false%22%7D
.williamhill.es/ Name: s_cc
Value: true
.williamhill.es/ Name: utag_main
Value: v_id:uk-wh017487fb287a00206aaefe571d6c00078001e07000b08$_sn:1$_se:1$_ss:1$_st:1600011018173$ses_id:1600009218173%3Bexp-session$_pn:1%3Bexp-session
promos.williamhill.es/ Name: TS018bddb2
Value: 01a2b6744e39d0b7608296f5f70b903cf0643ff5051f1f405fbbace77d2ed87e01ae5cf612e97f7289558f44815455b63544428fcd

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bat.bing.com
c3.adalyser.com
cmscdn.staticcache.org
connect.facebook.net
d6tizftlrpuof.cloudfront.net
dpm.demdex.net
nexus.ensighten.com
prod-s3-mlp-lp-images-ext.s3.eu-west-1.amazonaws.com
promos.williamhill.es
s.yimg.com
smetrics.williamhill.es
sp.analytics.yahoo.com
t.nc0.co
tags.tiqcdn.com
w.usabilla.com
williamhill.demdex.net
www.facebook.com
www.googletagmanager.com
xdata.staticcache.org
104.111.215.136
108.128.250.179
13.35.253.50
143.204.215.105
15.236.175.233
163.171.138.253
18.195.42.228
212.82.100.181
2620:1ec:c11::200
2a00:1288:f03d:1fa::2000
2a00:1450:4001:81c::2008
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
3.124.173.63
34.248.119.134
52.218.112.104
52.50.252.133
54.77.20.174
99.86.2.69
0a42e92df772e54b0d083bec0e0f27130599aa027d7a6612373abd4b22214de7
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
19d7e4a20d3fc05bcaacc3732ccf79acfad9ddb209bf6d1a43ca3dcbe118f7ad
242c6b29d1d453ced8ff425cbbb45922da68e9609ca6e949bac0b8c7db4715d0
2801ec657b08a94a80ba72f6d4cc69bc729e03abd1428d7edd71bfac9624c661
2c4ee110c985018b9c72a1fda22fa771326dd81fbc507e5dafa7483754ca5bcb
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44700b48df141e0f66b60fbe60ce726b23cad33e21de73c0721f08b53b7c0d5f
4a09d1701a67fad305af63fc62a17c85c541ef2ef5509672489c576b00f6b5ff
5c622f5433cbb6ea1df5c0dd8671e55ef7d1464366074730473c453de50a579b
60a90cd4e5df13d1a8f205abe3130e465d6f33a4b7ce87c31b56079c34e5e7cb
64cf2c9db7e93cf0365b310a76afb336bbb816324233daff0ff54f2826e62c53
77b8e855ed08efdd10041c49aa8dc12b6b217f3ed7d061eda9c7e5c8a2ad2719
7fa1bbda1be41722b85e7b8bc875cbec959889071c1ba606a00ae1672512f108
88cf2c9a4c4bcef2aa64fb6ea0f337f78e9a7dc61d87993441369fa5cb429d32
8c5c0b4dfbd809ad07d842f537d60412ada33e3cb36cbae47116b436cb0d5dd9
987d4dc73370c1f25093685b7c32132e3b5809c325a165639e26c82968873144
9ac90cf7dd8b1a38632ed93cd9be05468a2054be02377a7913822f3e37daec94
9ed9077756e6056f7fce97ed483b5a208d5190e96848a9a7a3010c0432e7aa6c
a264b2919f4059ad6b641a76b2211fa66c168897135461638117a7bd98eeddd5
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a4559b97d1ccf6c3f9b9261fbb5dec1fec4accb13224e11f30b22d0755f814e6
b48f74352561c4535f0000798bea927187180b98b6d6f631af380de01f8f1544
bb2b69f582ffe10aa80eba4780cf31925e0f3b5b377eff58cb8abf5667e764cc
c6445c0199eb284bbf509d985be267d94002b2a17a7b9a822857dd1fe6293300
cff51a038124c884bfd09bf2b254d1245ed1ade51de7f966c308466b54fd5219
d4cceaae56460590ead5962aa4613648e48ca2072cddde879484186caef16dc4
d6b45d2e926a3baf9c95cee815dec9868e72f1a12106e76cb048fddac40cf3dd
dfd775e1deb97cf6e80af19b786f9a7a12aca7e65b20d2f1e496ba2eb9d8c45c
e2267673ee0b90561acda2b61a4b2d1d223bb4c9164746b021fd29ea194208cc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea6ab236fb2634b1eeb99cc5b8aeb9be50ad32a484b1f0e88bd799ef91bd2e9c
eecdf607f41793e61a58937f215d9b1192888fc67ba525b041b05f2b3ab9685f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f025438a1520737b1c015a3079db5fcc18063ac754e92a0c02cb7608f47bf2c3
fe9ab937b93b1e828df36acb0227257769e4645013414d6c4ac9348f5b82a510