Overview

URLwww.claimwell.com/
IP 151.101.130.159 (United States)
ASN#54113 FASTLY
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-13 21:55:20 UTC
StatusLoading report..
IDS alerts0
Blocklist alert44
urlquery alerts No alerts detected
Tags None

Domain Summary (23)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
www.google.com (1) 7 2016-03-22 03:56:07 UTC 2022-11-13 09:45:38 UTC 142.250.74.164
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
www.claimwell.com (1) 0 2021-06-08 19:43:15 UTC 2022-11-13 12:54:17 UTC 151.101.130.159 Unknown ranking
r3.o.lencr.org (7) 344 No data No data 23.36.76.226
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-13 05:53:05 UTC 34.102.187.140
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
claimwell.com (67) 0 2017-06-19 07:43:26 UTC 2022-11-13 12:58:34 UTC 151.101.130.159 Unknown ranking
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-13 05:52:25 UTC 34.117.237.239
www.google-analytics.com (2) 40 2012-10-03 01:04:21 UTC 2022-11-13 20:17:24 UTC 142.250.74.174
fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-11-13 12:57:37 UTC 142.250.74.10
ocsp.digicert.com (3) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
ocsp.pki.goog (10) 175 2018-07-01 06:43:07 UTC 2020-05-02 20:58:16 UTC 142.250.74.35
f.vimeocdn.com (4) 3234 2014-04-09 18:24:34 UTC 2020-02-02 07:43:43 UTC 151.101.86.109
i.vimeocdn.com (2) 3126 2014-03-27 22:24:57 UTC 2020-02-27 02:30:52 UTC 151.101.86.109
www.gstatic.com (1) 0 2016-07-26 09:37:06 UTC 2022-11-13 05:50:11 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
import.themovation.com (1) 0 2015-06-27 11:11:33 UTC 2022-11-10 01:52:42 UTC 174.138.58.92 Domain (themovation.com) ranked at: 516006
region1.google-analytics.com (1) 0 2022-03-17 11:26:33 UTC 2022-11-13 19:38:44 UTC 216.239.32.36 Domain (google-analytics.com) ranked at: 8401
fresnel.vimeocdn.com (2) 3128 2014-12-13 09:04:00 UTC 2022-11-13 14:11:21 UTC 34.120.202.204
www.googletagmanager.com (1) 75 2013-05-22 02:07:37 UTC 2022-11-13 11:17:09 UTC 142.250.74.168
fonts.gstatic.com (2) 0 2014-09-09 00:40:21 UTC 2022-11-13 19:00:44 UTC 216.58.207.195 Domain (gstatic.com) ranked at: 540
player.vimeo.com (1) 1858 2013-09-26 03:16:08 UTC 2020-01-28 05:29:01 UTC 162.159.128.61
ocsp.sectigo.com (1) 487 2019-11-29 11:50:24 UTC 2021-09-17 20:05:40 UTC 104.18.32.68
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 54.186.117.16

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-13 2 www.claimwell.com/ Phishing
2022-11-13 2 claimwell.com/ Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/formidable/css/formidableforms.css?ver=10242250 Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/th-widget-pack/assets/icons/icons.css?ver= (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.8.0 Phishing
2022-11-13 2 claimwell.com/wp-content/uploads/essential-addons-elementor/eael-3890.css?v (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor- (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/soli (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/font (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/th-widget-pack/header-footer/inc/widgets-c (...) Phishing
2022-11-13 2 claimwell.com/wp-content/uploads/elementor/css/post-3890.css?ver=1667319926 Phishing
2022-11-13 2 claimwell.com/wp-content/uploads/elementor/css/post-5004.css?ver=1667319981 Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/v4-s (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/th-widget-pack/header-footer/assets/css/he (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/header-footer-elementor/inc/widgets-css/fr (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/font (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/all. (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/bran (...) Phishing
2022-11-13 2 claimwell.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0 Phishing
2022-11-13 2 claimwell.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-sh (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/essential-addons-for-elementor-lite/assets (...) Phishing
2022-11-13 2 claimwell.com/wp-content/uploads/essential-addons-elementor/eael-3890.js?ve (...) Phishing
2022-11-13 2 claimwell.com/wp-content/uploads/2021/03/dollar-sign-circle.svg Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/th-widget-pack/js/themo-foot.js?ver=2.1.14 Phishing
2022-11-13 2 claimwell.com/wp-content/themes/stratusx/assets/js/main.js?ver=1.2 Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/jquery-numerator/jque (...) Phishing
2022-11-13 2 claimwell.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4 Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.j (...) Phishing
2022-11-13 2 claimwell.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9 Phishing
2022-11-13 2 claimwell.com/wp-includes/js/dist/hooks.min.js?ver=c6d64f2cb8f5c6bb49caca37 (...) Phishing
2022-11-13 2 claimwell.com/wp-includes/js/dist/i18n.min.js?ver=ebee46757c6a411e38fd079a7 (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ve (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor-pro/assets/js/preloaded-elements (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sti (...) Phishing
2022-11-13 2 claimwell.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3 Phishing
2022-11-13 2 claimwell.com/wp-content/fonts/raleway/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVs9pbCI (...) Phishing
2022-11-13 2 claimwell.com/wp-content/fonts/raleway/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCI (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts (...) Phishing
2022-11-13 2 claimwell.com/wp-content/fonts/raleway/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVuEorCI (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts (...) Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 151.101.130.159
Date UQ / IDS / BL URL IP
2023-01-28 20:01:01 +0000 0 - 2 - 0 www.doktor.se/ 151.101.130.159
2023-01-26 21:20:46 +0000 0 - 3 - 0 toronto.iabc.to/wp-login.php 151.101.130.159
2023-01-22 05:06:45 +0000 0 - 0 - 13 franosbarbershop.com/wp-content/verif.accs.se (...) 151.101.130.159
2023-01-14 22:19:11 +0000 0 - 0 - 2 infusetheplanet.com/wp-content/themes/twentys (...) 151.101.130.159
2023-01-13 17:31:25 +0000 0 - 3 - 0 ecckersports.com/ 151.101.130.159


Last 5 reports on ASN: FASTLY
Date UQ / IDS / BL URL IP
2023-01-30 02:24:00 +0000 0 - 0 - 1 raw.githubusercontent.com/decoder1989/Eth/mai (...) 185.199.109.133
2023-01-30 02:23:57 +0000 0 - 0 - 1 raw.githubusercontent.com/lacasitamx/INSTALAD (...) 185.199.109.133
2023-01-30 02:22:20 +0000 0 - 1 - 1 raw.githubusercontent.com/1337wtf1337/1337wtf (...) 185.199.110.133
2023-01-30 02:21:07 +0000 0 - 0 - 1 raw.githubusercontent.com/decoder1989/Waspen/ (...) 185.199.108.133
2023-01-30 02:21:00 +0000 0 - 0 - 1 raw.githubusercontent.com/decoder1989/Wallet1 (...) 185.199.110.133


Last 5 reports on domain: claimwell.com
Date UQ / IDS / BL URL IP
2022-11-13 21:55:20 +0000 0 - 0 - 44 www.claimwell.com/ 151.101.130.159
2022-11-13 21:54:31 +0000 0 - 0 - 44 claimwell.com/ 151.101.130.159
2022-11-13 21:53:30 +0000 0 - 0 - 44 www.claimwell.com/ 151.101.130.159
2022-11-13 21:49:53 +0000 0 - 0 - 36 claimwell.com/demo/auto/ 151.101.130.159
2022-11-13 12:57:54 +0000 0 - 0 - 36 claimwell.com/aqq/docusign/docusign/ 151.101.130.159


Last 2 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-11-13 21:54:31 +0000 0 - 0 - 44 claimwell.com/ 151.101.130.159
2022-11-13 21:53:30 +0000 0 - 0 - 44 www.claimwell.com/ 151.101.130.159

JavaScript

Executed Scripts (50)

Executed Evals (6)
#1 JavaScript::Eval (size: 19108) - SHA256: 535f2fd7a2f45f2565bc2f993607a04bc99c113f6f76024b3db3ae7d5b7fb439
(function() {
    var u = function(A, I, D, n, M, T, e, g, h) {
            if ((D.J += (((g = (M = (e = (h = (A || D.v++, 0 < D.R && D.W && D.FY && 1 >= D.O && !D.D && !D.T && (!A || 1 < D.Y - I)) && 0 == document.hidden, T = 4 == D.v) || h ? D.H() : D.u, e - D.u), M) >> 14, D).I && (D.I ^= g * (M << 2)), D).h = g || D.h, g), T) || h) D.u = e, D.v = 0;
            if (!h || e - D.C < D.R - (n ? 255 : A ? 5 : 2)) return false;
            return (d(D, 411, (n = B(D, (D.Y = I, A ? 415 : 411)), D.A)), D.G).push([DG, n, A ? I + 1 : I]), D.T = p, true
        },
        X, j0 = function(A, I) {
            return A[I] << 24 | A[(I | 0) + 1] << 16 | A[(I | 0) + 2] << 8 | A[(I | 0) + 3]
        },
        B = function(A, I) {
            if (A = A.U[I], void 0 === A) throw [w, 30, I];
            if (A.value) return A.create();
            return A.create(5 * I * I + -98 * I + -22), A.prototype
        },
        I3 = function(A, I) {
            if ((I = q.trustedTypes, A = null, !I) || !I.createPolicy) return A;
            try {
                A = I.createPolicy("bg", {
                    createHTML: Au,
                    createScript: Au,
                    createScriptURL: Au
                })
            } catch (D) {
                q.console && q.console.error(D.message)
            }
            return A
        },
        U = function(A, I, D) {
            D[d(A, I, D), TH] = 2796
        },
        gn = function(A, I, D, n) {
            return B((d(D, ((n = B(D, 411), D.s) && n < D.A ? (d(D, 411, D.A), e0(D, A)) : d(D, 411, A), ng(D, I), 411), n), D), 141)
        },
        hu = function(A, I, D, n, M, T) {
            for (M = ((D = (n = A[sL] || {}, c(A)), n.qK = c(A), n).g = [], A).h == A ? (P(A) | 0) - 1 : 1, I = c(A), T = 0; T < M; T++) n.g.push(c(A));
            for (n.P = B(A, D); M--;) n.g[M] = B(A, n.g[M]);
            return n.UH = B(A, I), n
        },
        MO = function(A, I) {
            (I.push(A[0] << 24 | A[1] << 16 | A[2] << 8 | A[3]), I).push(A[4] << 24 | A[5] << 16 | A[6] << 8 | A[7]), I.push(A[8] << 24 | A[9] << 16 | A[10] << 8 | A[11])
        },
        Bh = function(A, I, D, n) {
            function M() {}
            return n = a3(A, (D = void 0, function(T) {
                M && (I && p(I), D = T, M(), M = void 0)
            }), !!I)[0], {
                invoke: function(T, e, g, h) {
                    function a() {
                        D(function(Y) {
                            p(function() {
                                T(Y)
                            })
                        }, g)
                    }
                    if (!e) return e = n(g), T && T(e), e;
                    D ? a() : (h = M, M = function() {
                        p((h(), a))
                    })
                }
            }
        },
        Y0 = function(A, I, D) {
            if (3 == A.length) {
                for (D = 0; 3 > D; D++) I[D] += A[D];
                for (D = (A = [13, 8, 13, 12, 16, 5, 3, 10, 15], 0); 9 > D; D++) I[3](I, D % 3, A[D])
            }
        },
        e0 = function(A, I) {
            d(((A.fe.push(A.U.slice()), A).U[411] = void 0, A), 411, I)
        },
        pg = function(A, I) {
            return x[A](x.prototype, {
                floor: I,
                call: I,
                pop: I,
                propertyIsEnumerable: I,
                console: I,
                parent: I,
                length: I,
                document: I,
                prototype: I,
                replace: I,
                splice: I,
                stack: I
            })
        },
        E = function(A, I, D) {
            D = this;
            try {
                ul(A, I, this)
            } catch (n) {
                k(this, n), I(function(M) {
                    M(D.F)
                })
            }
        },
        q = this || self,
        o3 = function(A, I) {
            return (I = I.create().shift(), A.D).create().length || A.j.create().length || (A.D = void 0, A.j = void 0), I
        },
        a3 = function(A, I, D, n) {
            return (n = l[A.substring(0, 3) + "_"]) ? n(A.substring(3), I, D) : y1(A, I)
        },
        GH = function(A, I, D) {
            if ((D = typeof A, "object") == D)
                if (A) {
                    if (A instanceof Array) return "array";
                    if (A instanceof Object) return D;
                    if (I = Object.prototype.toString.call(A), "[object Window]" == I) return "object";
                    if ("[object Array]" == I || "number" == typeof A.length && "undefined" != typeof A.splice && "undefined" != typeof A.propertyIsEnumerable && !A.propertyIsEnumerable("splice")) return "array";
                    if ("[object Function]" == I || "undefined" != typeof A.call && "undefined" != typeof A.propertyIsEnumerable && !A.propertyIsEnumerable("call")) return "function"
                } else return "null";
            else if ("function" == D && "undefined" == typeof A.call) return "object";
            return D
        },
        mt = function(A, I) {
            return I = P(A), I & 128 && (I = I & 127 | P(A) << 7), I
        },
        Wh = function(A, I, D, n, M, T) {
            function e() {
                if (D.h == D) {
                    if (D.U) {
                        var g = [r, n, A, void 0, M, T, arguments];
                        if (2 == I) var h = C(D, false, (F(D, g), false));
                        else if (1 == I) {
                            var a = !D.G.length;
                            F(D, g), a && C(D, false, false)
                        } else h = Xy(g, D);
                        return h
                    }
                    M && T && M.removeEventListener(T, e, O)
                }
            }
            return e
        },
        c = function(A, I) {
            if (A.D) return o3(A, A.j);
            return (I = z(A, 8, true), I) & 128 && (I ^= 128, A = z(A, 2, true), I = (I << 2) + (A | 0)), I
        },
        Xy = function(A, I, D, n, M) {
            if ((D = A[0], D) == J) I.X = 25, I.i(A);
            else if (D == v) {
                M = A[1];
                try {
                    n = I.F || I.i(A)
                } catch (T) {
                    k(I, T), n = I.F
                }
                M(n)
            } else if (D == DG) I.i(A);
            else if (D == K) I.i(A);
            else if (D == Q1) {
                try {
                    for (n = 0; n < I.N.length; n++) try {
                        M = I.N[n], M[0][M[1]](M[2])
                    } catch (T) {}
                } catch (T) {}(0, A[1])(function(T, e) {
                    I.o(T, true, e)
                }, (I.N = [], function(T) {
                    F(I, (T = !I.G.length, [wn])), T && C(I, false, true)
                }))
            } else {
                if (D == r) return n = A[2], d(I, 103, A[6]), d(I, 141, n), I.i(A);
                D == wn ? (I.U = null, I.K = [], I.s = []) : D == TH && "loading" === q.document.readyState && (I.T = function(T, e) {
                    function g() {
                        e || (e = true, T())
                    }
                    q.document.addEventListener("DOMContentLoaded", g, (e = false, O)), q.addEventListener("load", g, O)
                })
            }
        },
        P = function(A) {
            return A.D ? o3(A, A.j) : z(A, 8, true)
        },
        ng = function(A, I, D, n, M, T) {
            if (!A.F) {
                A.O++;
                try {
                    for (T = void 0, D = 0, M = A.A; --I;) try {
                        if (n = void 0, A.D) T = o3(A, A.D);
                        else {
                            if (D = B(A, 411), D >= M) break;
                            T = B(A, (n = c((d(A, 415, D), A)), n))
                        }
                        u(false, (T && T[wn] & 2048 ? T(A, I) : V(A, [w, 21, n], 0), I), A, false)
                    } catch (e) {
                        B(A, 27) ? V(A, e, 22) : d(A, 27, e)
                    }
                    if (!I) {
                        if (A.Da) {
                            ng(A, (A.O--, 342722082906));
                            return
                        }
                        V(A, [w, 33], 0)
                    }
                } catch (e) {
                    try {
                        V(A, e, 22)
                    } catch (g) {
                        k(A, g)
                    }
                }
                A.O--
            }
        },
        k = function(A, I) {
            A.F = ((A.F ? A.F + "~" : "E:") + I.message + ":" + I.stack).slice(0, 2048)
        },
        il = function(A, I, D, n, M) {
            for (M = I = (A = A.replace(/\r\n/g, "\n"), 0), n = []; I < A.length; I++) D = A.charCodeAt(I), 128 > D ? n[M++] = D : (2048 > D ? n[M++] = D >> 6 | 192 : (55296 == (D & 64512) && I + 1 < A.length && 56320 == (A.charCodeAt(I + 1) & 64512) ? (D = 65536 + ((D & 1023) << 10) + (A.charCodeAt(++I) & 1023), n[M++] = D >> 18 | 240, n[M++] = D >> 12 & 63 | 128) : n[M++] = D >> 12 | 224, n[M++] = D >> 6 & 63 | 128), n[M++] = D & 63 | 128);
            return n
        },
        Au = function(A) {
            return A
        },
        qO = function(A, I, D) {
            return (D = x[A.V](A.AG), D)[A.V] = function() {
                return I
            }, D.concat = function(n) {
                I = n
            }, D
        },
        UL = function(A, I, D, n) {
            for (n = (D = c(I), 0); 0 < A; A--) n = n << 8 | P(I);
            d(I, D, n)
        },
        ZG = function(A, I, D, n) {
            S(L(A, (n = (D = c(I), c(I)), B(I, D))), I, n)
        },
        Hh = function(A, I, D) {
            return I.o(function(n) {
                D = n
            }, false, A), D
        },
        L = function(A, I, D, n) {
            for (D = (n = (A | 0) - 1, []); 0 <= n; n--) D[(A | 0) - 1 - (n | 0)] = I >> 8 * n & 255;
            return D
        },
        $0 = function(A, I, D, n, M) {
            for (n = 0, M = A[2] | 0, A = A[3] | 0; 14 > n; n++) D = D >>> 8 | D << 24, D += I | 0, D ^= M + 2229, A = A >>> 8 | A << 24, I = I << 3 | I >>> 29, I ^= D, A += M | 0, A ^= n + 2229, M = M << 3 | M >>> 29, M ^= A;
            return [I >>> 24 & 255, I >>> 16 & 255, I >>> 8 & 255, I >>> 0 & 255, D >>> 24 & 255, D >>> 16 & 255, D >>> 8 & 255, D >>> 0 & 255]
        },
        S = function(A, I, D, n, M, T) {
            if (I.h == I)
                for (T = B(I, D), 114 == D ? (D = function(e, g, h, a) {
                        if (T.ne != (h = (a = T.length, (a | 0) - 4 >> 3), h)) {
                            g = (h = (T.ne = h, h << 3) - 4, [0, 0, M[1], M[2]]);
                            try {
                                T.VZ = $0(g, j0(T, h), j0(T, (h | 0) + 4))
                            } catch (Y) {
                                throw Y;
                            }
                        }
                        T.push(T.VZ[a & 7] ^ e)
                    }, M = B(I, 352)) : D = function(e) {
                        T.push(e)
                    }, n && D(n & 255), I = 0, n = A.length; I < n; I++) D(A[I])
        },
        f = function(A, I) {
            for (I = []; A--;) I.push(255 * Math.random() | 0);
            return I
        },
        C = function(A, I, D, n, M, T) {
            if (A.G.length) {
                A.W = !(A.FY = (A.W && 0(), D), 0);
                try {
                    n = A.H(), A.u = n, A.C = n, A.v = 0, T = ch(A, D), M = A.H() - A.C, A.Z += M, M < (I ? 0 : 10) || 0 >= A.X-- || (M = Math.floor(M), A.K.push(254 >= M ? M : 254))
                } finally {
                    A.W = false
                }
                return T
            }
        },
        x0 = function(A, I, D, n, M, T, e, g) {
            return ((T = x[(n = [10, (e = (M = Ph, A & 7), -98), 54, 77, 21, -31, n, 51, -77, 74], I).V](I.hG), T)[I.V] = function(h) {
                e += (g = h, 6 + 7 * A), e &= 7
            }, T).concat = function(h) {
                return (h = (g = (h = +e - -5390 * (h = D % 16 + 1, D) * g + 55 * g * g - 275 * D * D * g - -1210 * g + (M() | 0) * h + n[e + 19 & 7] * D * h - h * g + 5 * D * D * h, void 0), n[h]), n)[(e + 45 & 7) + (A & 2)] = h, n[e + (A & 2)] = -98, h
            }, T
        },
        z = function(A, I, D, n, M, T, e, g, h, a, Y, y, Q, m) {
            if ((h = B(A, 411), h) >= A.A) throw [w, 31];
            for (Q = (m = h, Y = (y = 0, I), A.S5.length); 0 < Y;) n = m % 8, e = m >> 3, T = 8 - (n | 0), T = T < Y ? T : Y, M = A.s[e], D && (g = A, g.S != m >> 6 && (g.S = m >> 6, a = B(g, 394), g.L = $0([0, 0, a[1], a[2]], g.I, g.S)), M ^= A.L[e & Q]), y |= (M >> 8 - (n | 0) - (T | 0) & (1 << T) - 1) << (Y | 0) - (T | 0), Y -= T, m += T;
            return d(A, 411, (h | (D = y, 0)) + (I | 0)), D
        },
        ch = function(A, I, D, n) {
            for (; A.G.length;) {
                D = (A.T = null, A.G.pop());
                try {
                    n = Xy(D, A)
                } catch (M) {
                    k(A, M)
                }
                if (I && A.T) {
                    (I = A.T, I)(function() {
                        C(A, true, true)
                    });
                    break
                }
            }
            return n
        },
        p = q.requestIdleCallback ? function(A) {
            requestIdleCallback(function() {
                A()
            }, {
                timeout: 4
            })
        } : q.setImmediate ? function(A) {
            setImmediate(A)
        } : function(A) {
            setTimeout(A, 0)
        },
        l, y1 = function(A, I) {
            return [(I(function(D) {
                D(A)
            }), function() {
                return A
            })]
        },
        d = function(A, I, D) {
            if (411 == I || 415 == I) A.U[I] ? A.U[I].concat(D) : A.U[I] = qO(A, D);
            else {
                if (A.B && 394 != I) return;
                161 == I || 114 == I || 437 == I || 261 == I || 352 == I ? A.U[I] || (A.U[I] = x0(118, A, I, D)) : A.U[I] = x0(121, A, I, D)
            }
            394 == I && (A.I = z(A, 32, false), A.S = void 0)
        },
        F = function(A, I) {
            A.G.splice(0, 0, I)
        },
        ul = function(A, I, D, n, M) {
            for (n = (M = ((D.hG = pg((D.by = k0, D.kb = (D.S5 = D[v], bl), D.V), {get: function() {
                        return this.concat()
                    }
                }), D).AG = x[D.V](D.hG, {
                    value: {
                        value: {}
                    }
                }), []), 0); 289 > n; n++) M[n] = String.fromCharCode(n);
            C(D, (F(D, (F((F(D, (U(D, (d(D, 239, (U(D, 331, (U(D, (U(D, 144, (U(D, (U(D, 17, (U(D, (U(D, 325, (d(D, 161, [160, (d(D, (U(D, (D.sH = (U(D, (U(D, 223, (d(D, 424, (d(D, 143, (U(D, (d(D, 434, (d(D, 352, (U(D, (U(D, 194, (U(D, 370, (d(D, 437, (U(D, 95, ((U(D, 154, (U((U(D, 21, (U(D, (U(D, 175, (U(D, 129, (U(D, 280, (d((d(D, 100, (D.iy = (d(D, 141, (U((U(D, (D.j5 = (d(D, (d(D, (D.T = (D.FY = false, (D.O = 0, D.G = [], D.D = (D.zX = function(T) {
                this.h = T
            }, D.B = false, D.C = 0, void 0), (D.fe = [], D).j = (D.R = ((D.F = void 0, D).J = 1, 0), n = (D.W = false, D.X = 25, window.performance || {}), D.N = [], (D.h = D, D).L = void 0, (D.QZ = 0, D.Z = 0, D.s = [], D).S = ((D.Y = 8001, D).v = void 0, void 0), D.U = [], void 0), D.A = (D.u = (D.K = [], 0), 0), D).I = void 0, D.Hn = n.timeOrigin || (n.timing || {}).navigationStart || 0, null), 411), 0), 415), 0), 0), U(D, 483, function() {}), 360), function(T, e, g, h) {
                h = (e = B(T, (g = (h = (e = c(T), c(T)), c(T)), e)), B(T, h)), d(T, g, e in h | 0)
            }), D), 202, function(T, e, g, h) {
                d(T, (g = B(T, (h = B(T, (e = (h = c((g = c(T), T)), c(T)), h)), g)) == h, e), +g)
            }), {})), 0), 0)), D), 27, 438), function(T, e, g, h, a) {
                for (h = c(T), g = mt(T), a = [], e = 0; e < g; e++) a.push(P(T));
                d(T, h, a)
            })), function(T, e, g, h, a, Y) {
                u(true, e, T, false) || (g = hu(T.h), e = g.qK, h = g.UH, Y = g.g, a = Y.length, g = g.P, h = 0 == a ? new h[g] : 1 == a ? new h[g](Y[0]) : 2 == a ? new h[g](Y[0], Y[1]) : 3 == a ? new h[g](Y[0], Y[1], Y[2]) : 4 == a ? new h[g](Y[0], Y[1], Y[2], Y[3]) : 2(), d(T, e, h))
            })), function(T, e, g, h) {
                if (e = T.fe.pop()) {
                    for (g = P(T); 0 < g; g--) h = c(T), e[h] = T.U[h];
                    T.U = (e[424] = (e[261] = T.U[261], T.U)[424], e)
                } else d(T, 411, T.A)
            })), 127), function(T, e, g, h) {
                !u(true, e, T, false) && (e = hu(T), g = e.P, h = e.UH, T.h == T || g == T.zX && h == T) && (d(T, e.qK, g.apply(h, e.g)), T.u = T.H())
            }), function(T, e, g, h, a, Y, y) {
                for (Y = (h = (g = mt((e = c(T), T)), a = "", y = B(T, 322), y.length), 0); g--;) Y = ((Y | 0) + (mt(T) | 0)) % h, a += M[y[Y]];
                d(T, e, a)
            })), D), 336, function(T) {
                ll(4, T)
            }), function(T, e) {
                e0((e = B(T, c(T)), T.h), e)
            })), U(D, 69, function(T) {
                ll(3, T)
            }), U)(D, 6, function(T, e, g) {
                d(T, (g = GH((g = B(T, (g = c(T), e = c(T), g)), g)), e), g)
            }), function(T, e, g, h, a) {
                d(T, (e = B(T, (h = B((a = B(T, (a = (e = c((h = c((g = c(T), T)), T)), c(T)), a)), T), h), e)), g), Wh(e, a, T, h))
            })), [])), function(T) {
                ZG(1, T)
            })), function(T, e, g, h) {
                (h = c((e = (g = c(T), P(T)), T)), d)(T, h, B(T, g) >>> e)
            })), 201), function(T, e, g, h) {
                d(T, (g = B(T, (e = B(T, (e = c(T), h = c(T), e)), h)), h), g + e)
            }), [0, 0, 0])), 0)), 151), function(T, e, g, h) {
                (h = (e = c(T), c)(T), g = c(T), T).h == T && (g = B(T, g), h = B(T, h), B(T, e)[h] = g, 394 == e && (T.S = void 0, 2 == h && (T.I = z(T, 32, false), T.S = void 0)))
            }), q)), 2048)), function(T, e, g, h) {
                d(T, (e = (h = c((g = c(T), T)), c(T)), e), B(T, g) || B(T, h))
            })), 215), function(T, e, g) {
                u(true, e, T, false) || (e = c(T), g = c(T), d(T, g, function(h) {
                    return eval(h)
                }(EL(B(T.h, e)))))
            }), 0), 86), function(T, e, g, h) {
                g = B(T, (e = c((g = c(T), T)), h = c(T), g)), e = B(T, e), d(T, h, g[e])
            }), 261), []), 0), 0]), function(T, e) {
                T = B((e = c(T), T).h, e), T[0].removeEventListener(T[1], T[2], O)
            })), 145), function(T) {
                UL(4, T)
            }), function(T, e, g, h, a, Y) {
                if (!u(true, e, T, true)) {
                    if ("object" == GH((T = (g = B((Y = (e = (e = (Y = c(T), g = c(T), c(T)), a = c(T), B(T, e)), B(T, Y)), T), g), B(T, a)), Y))) {
                        for (h in a = [], Y) a.push(h);
                        Y = a
                    }
                    for (a = (e = 0 < e ? e : 1, h = 0, Y).length; h < a; h += e) g(Y.slice(h, (h | 0) + (e | 0)), T)
                }
            })), 171), function(T, e, g, h, a, Y, y, Q, m, Z, W, G) {
                function N(H, b) {
                    for (; y < H;) m |= P(T) << y, y += 8;
                    return b = m & (y -= H, (1 << H) - 1), m >>= H, b
                }
                for (G = (W = (Z = (h = (y = (g = c(T), m = 0), (N(3) | 0) + 1), N)(5), 0), Q = [], 0); G < Z; G++) Y = N(1), Q.push(Y), W += Y ? 0 : 1;
                for (G = (e = (W = ((W | 0) - 1).toString(2).length, []), 0); G < Z; G++) Q[G] || (e[G] = N(W));
                for (W = 0; W < Z; W++) Q[W] && (e[W] = c(T));
                for (a = []; h--;) a.push(B(T, c(T)));
                U(T, g, function(H, b, t, R, dn) {
                    for (b = (dn = (t = [], []), 0); b < Z; b++) {
                        if (!Q[R = e[b], b]) {
                            for (; R >= t.length;) t.push(c(H));
                            R = t[R]
                        }
                        dn.push(R)
                    }
                    H.j = qO(H, (H.D = qO(H, a.slice()), dn))
                })
            }), function(T, e, g, h, a) {
                (h = (e = B(T, (a = (h = c((g = c(T), T)), e = c(T), c)(T), g = B(T.h, g), a = B(T, a), e)), B(T, h)), 0 !== g) && (e = Wh(a, 1, T, e, g, h), g.addEventListener(h, e, O), d(T, 434, [g, h, e]))
            })), 102), function(T, e, g) {
                (g = B(T, (g = c((e = c(T), T)), g)), 0 != B(T, e)) && d(T, 411, g)
            }), d(D, 114, f(4)), function(T, e, g) {
                d(T, (e = c((g = c(T), T)), e), "" + B(T, g))
            })), D)), 15), function(T) {
                ZG(4, T)
            }), [TH])), D), [K, A]), [Q1, I])), true), true)
        },
        V = function(A, I, D, n, M, T) {
            if (!A.B) {
                if (3 < (I = B(A, (D = (M = B((n = void 0, I && I[0] === w && (D = I[1], n = I[2], I = void 0), A), 261), 0 == M.length && (T = B(A, 415) >> 3, M.push(D, T >> 8 & 255, T & 255), void 0 != n && M.push(n & 255)), ""), I && (I.message && (D += I.message), I.stack && (D += ":" + I.stack)), 424)), I)) {
                    A.h = (n = (D = il((I -= (D = D.slice(0, (I | 0) - 3), (D.length | 0) + 3), D)), A).h, A);
                    try {
                        S(L(2, D.length).concat(D), A, 114, 9)
                    } finally {
                        A.h = n
                    }
                }
                d(A, 424, I)
            }
        },
        ll = function(A, I, D, n, M) {
            (n = (D = c((M = A & 3, A &= 4, I)), c(I)), D = B(I, D), A) && (D = il("" + D)), M && S(L(2, D.length), I, n), S(D, I, n)
        },
        NO = function(A, I, D, n) {
            try {
                n = A[((I | 0) + 2) % 3], A[I] = (A[I] | 0) - (A[((I | 0) + 1) % 3] | 0) - (n | 0) ^ (1 == I ? n << D : n >>> D)
            } catch (M) {
                throw M;
            }
        },
        O = {
            passive: true,
            capture: true
        },
        sL = String.fromCharCode(105, 110, 116, 101, 103, 67, 104, 101, 99, 107, 66, 121, 112, 97, 115, 115),
        K = [],
        r = [],
        DG = ((E.prototype.uy = void 0, E.prototype).l = "toString", []),
        J = [],
        v = [],
        TH = [],
        w = (E.prototype.Ce = void 0, {}),
        Q1 = (E.prototype.Da = false, []),
        wn = [],
        Ph = (((((MO, function() {})(f), function() {})(NO), function() {})(Y0), E).prototype.V = "create", void 0),
        x = w.constructor,
        bl = (((((((X = E.prototype, X.Iz = function() {
            return Math.floor(this.Z + (this.H() - this.C))
        }, X.yZ = function(A, I, D, n, M, T) {
            for (T = [], D = n = 0; n < A.length; n++)
                for (M = M << I | A[n], D += I; 7 < D;) D -= 8, T.push(M >> D & 255);
            return T
        }, X).H = (window.performance || {}).now ? function() {
            return this.Hn + window.performance.now()
        } : function() {
            return +new Date
        }, X).gd = function(A, I, D, n, M) {
            for (M = n = 0; n < A.length; n++) M += A.charCodeAt(n), M += M << 10, M ^= M >> 6;
            return n = (A = (M += M << 3, M ^= M >> 11, M) + (M << 15) >>> 0, new Number(A & (1 << I) - 1)), n[0] = (A >>> I) % D, n
        }, X).o = function(A, I, D, n, M) {
            if (D = "array" === GH(D) ? D : [D], this.F) A(this.F);
            else try {
                M = !this.G.length, n = [], F(this, [J, n, D]), F(this, [v, A, n]), I && !M || C(this, true, I)
            } catch (T) {
                k(this, T), A(this.F)
            }
        }, X.TX = function() {
            return Math.floor(this.H())
        }, X.MK = function(A, I, D) {
            return ((I ^= I << 13, I ^= I >> 17, I = (I ^ I << 5) & D) || (I = 1), A) ^ I
        }, E).prototype.i = function(A, I) {
            return Ph = (A = (I = {}, {}), function() {
                    return I == A ? -22 : -12
                }),
                function(D, n, M, T, e, g, h, a, Y, y, Q, m, Z, W, G) {
                    I = (T = I, A);
                    try {
                        if (a = D[0], a == K) {
                            g = D[1];
                            try {
                                for (G = Q = (e = (m = [], atob)(g), 0); G < e.length; G++) W = e.charCodeAt(G), 255 < W && (m[Q++] = W & 255, W >>= 8), m[Q++] = W;
                                (this.A = (this.s = m, this).s.length << 3, d)(this, 394, [0, 0, 0])
                            } catch (N) {
                                V(this, N, 17);
                                return
                            }
                            ng(this, 8001)
                        } else if (a == J) D[1].push(B(this, 161).length, B(this, 437).length, B(this, 114).length, B(this, 424)), d(this, 141, D[2]), this.U[307] && gn(B(this, 307), 8001, this);
                        else {
                            if (a == v) {
                                M = L(2, ((m = D[2], B(this, 161).length) | 0) + 2), y = this.h, this.h = this;
                                try {
                                    h = B(this, 261), 0 < h.length && S(L(2, h.length).concat(h), this, 161, 10), S(L(1, this.J), this, 161, 109), S(L(1, this[v].length), this, 161), e = 0, n = B(this, 114), e -= (B(this, 161).length | 0) + 5, e += B(this, 100) & 2047, 4 < n.length && (e -= (n.length | 0) + 3), 0 < e && S(L(2, e).concat(f(e)), this, 161, 15), 4 < n.length && S(L(2, n.length).concat(n), this, 161, 156)
                                } finally {
                                    this.h = y
                                }
                                if (((G = f(2).concat(B(this, 161)), G)[1] = G[0] ^ 6, G)[3] = G[1] ^ M[0], G[4] = G[1] ^ M[1], Z = this.GX(G)) Z = "!" + Z;
                                else
                                    for (e = 0, Z = ""; e < G.length; e++) Y = G[e][this.l](16), 1 == Y.length && (Y = "0" + Y), Z += Y;
                                return d(this, 424, (B(this, (B(((Q = Z, B)(this, 161).length = m.shift(), this), 437).length = m.shift(), 114)).length = m.shift(), m.shift())), Q
                            }
                            if (a == DG) gn(D[1], D[2], this);
                            else if (a == r) return gn(D[1], 8001, this)
                        }
                    } finally {
                        I = T
                    }
                }
        }(), E.prototype).OH = 0, E.prototype.EH = 0, E.prototype).GX = function(A, I, D, n) {
            if (D = window.btoa) {
                for (I = "", n = 0; n < A.length; n += 8192) I += String.fromCharCode.apply(null, A.slice(n, n + 8192));
                A = D(I).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "")
            } else A = void 0;
            return A
        }, /./),
        k0, rn = K.pop.bind((E.prototype[Q1] = [0, 0, 1, 1, 0, 1, 1], E.prototype[J])),
        EL = ((k0 = pg(E.prototype.V, (bl[E.prototype.l] = rn, {get: rn
        })), E.prototype).e5 = void 0, function(A, I) {
            return (I = I3()) && 1 === A.eval(I.createScript("1")) ? function(D) {
                return I.createScript(D)
            } : function(D) {
                return "" + D
            }
        })(q);
    40 < (l = q.botguard || (q.botguard = {}), l.m) || (l.m = 41, l.bg = Bh, l.a = a3), l.yDq_ = function(A, I, D) {
        return [(D = new E(A, I), function(n) {
            return Hh(n, D)
        })]
    };
}).call(this);
#2 JavaScript::Eval (size: 22) - SHA256: 94ad18c1a336e08a4bfce57073e3f008391b324ebf524e0e7069827f300b075d
0,
function(T) {
    UL(2, T)
}
#3 JavaScript::Eval (size: 15598) - SHA256: 5e98214e0abbdd815117694f4ba8fa352052ada859b5f327e5d5f65a3166d9a4
/* Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29t */
(function() {
    var T = this || self,
        n = function(D, A) {
            if ((A = (D = null, T.trustedTypes), !A) || !A.createPolicy) return D;
            try {
                D = A.createPolicy("bg", {
                    createHTML: e,
                    createScript: e,
                    createScriptURL: e
                })
            } catch (I) {
                T.console && T.console.error(I.message)
            }
            return D
        },
        e = function(D) {
            return D
        };
    (0, eval)(function(D, A) {
        return (A = n()) && 1 === D.eval(A.createScript("1")) ? function(I) {
            return A.createScript(I)
        } : function(I) {
            return "" + I
        }
    }(T)(Array(7824 * Math.random() | 0).join("\n") + '(function(){var u=function(A,I,D,n,M,T,e,g,h){if((D.J+=(((g=(M=(e=(h=(A||D.v++,0<D.R&&D.W&&D.FY&&1>=D.O&&!D.D&&!D.T&&(!A||1<D.Y-I))&&0==document.hidden,T=4==D.v)||h?D.H():D.u,e-D.u),M)>>14,D).I&&(D.I^=g*(M<<2)),D).h=g||D.h,g),T)||h)D.u=e,D.v=0;if(!h||e-D.C<D.R-(n?255:A?5:2))return false;return(d(D,411,(n=B(D,(D.Y=I,A?415:411)),D.A)),D.G).push([DG,n,A?I+1:I]),D.T=p,true},X,j0=function(A,I){return A[I]<<24|A[(I|0)+1]<<16|A[(I|0)+2]<<8|A[(I|0)+3]},B=function(A,I){if(A=A.U[I],void 0===A)throw[w,30,I];if(A.value)return A.create();return A.create(5*I*I+-98*I+-22),A.prototype},I3=function(A,I){if((I=q.trustedTypes,A=null,!I)||!I.createPolicy)return A;try{A=I.createPolicy("bg",{createHTML:Au,createScript:Au,createScriptURL:Au})}catch(D){q.console&&q.console.error(D.message)}return A},U=function(A,I,D){D[d(A,I,D),TH]=2796},gn=function(A,I,D,n){return B((d(D,((n=B(D,411),D.s)&&n<D.A?(d(D,411,D.A),e0(D,A)):d(D,411,A),ng(D,I),411),n),D),141)},hu=function(A,I,D,n,M,T){for(M=((D=(n=A[sL]||{},c(A)),n.qK=c(A),n).g=[],A).h==A?(P(A)|0)-1:1,I=c(A),T=0;T<M;T++)n.g.push(c(A));for(n.P=B(A,D);M--;)n.g[M]=B(A,n.g[M]);return n.UH=B(A,I),n},MO=function(A,I){(I.push(A[0]<<24|A[1]<<16|A[2]<<8|A[3]),I).push(A[4]<<24|A[5]<<16|A[6]<<8|A[7]),I.push(A[8]<<24|A[9]<<16|A[10]<<8|A[11])},Bh=function(A,I,D,n){function M(){}return n=a3(A,(D=void 0,function(T){M&&(I&&p(I),D=T,M(),M=void 0)}),!!I)[0],{invoke:function(T,e,g,h){function a(){D(function(Y){p(function(){T(Y)})},g)}if(!e)return e=n(g),T&&T(e),e;D?a():(h=M,M=function(){p((h(),a))})}}},Y0=function(A,I,D){if(3==A.length){for(D=0;3>D;D++)I[D]+=A[D];for(D=(A=[13,8,13,12,16,5,3,10,15],0);9>D;D++)I[3](I,D%3,A[D])}},e0=function(A,I){d(((A.fe.push(A.U.slice()),A).U[411]=void 0,A),411,I)},pg=function(A,I){return x[A](x.prototype,{floor:I,call:I,pop:I,propertyIsEnumerable:I,console:I,parent:I,length:I,document:I,prototype:I,replace:I,splice:I,stack:I})},E=function(A,I,D){D=this;try{ul(A,I,this)}catch(n){k(this,n),I(function(M){M(D.F)})}},q=this||self,o3=function(A,I){return(I=I.create().shift(),A.D).create().length||A.j.create().length||(A.D=void 0,A.j=void 0),I},a3=function(A,I,D,n){return(n=l[A.substring(0,3)+"_"])?n(A.substring(3),I,D):y1(A,I)},GH=function(A,I,D){if((D=typeof A,"object")==D)if(A){if(A instanceof Array)return"array";if(A instanceof Object)return D;if(I=Object.prototype.toString.call(A),"[object Window]"==I)return"object";if("[object Array]"==I||"number"==typeof A.length&&"undefined"!=typeof A.splice&&"undefined"!=typeof A.propertyIsEnumerable&&!A.propertyIsEnumerable("splice"))return"array";if("[object Function]"==I||"undefined"!=typeof A.call&&"undefined"!=typeof A.propertyIsEnumerable&&!A.propertyIsEnumerable("call"))return"function"}else return"null";else if("function"==D&&"undefined"==typeof A.call)return"object";return D},mt=function(A,I){return I=P(A),I&128&&(I=I&127|P(A)<<7),I},Wh=function(A,I,D,n,M,T){function e(){if(D.h==D){if(D.U){var g=[r,n,A,void 0,M,T,arguments];if(2==I)var h=C(D,false,(F(D,g),false));else if(1==I){var a=!D.G.length;F(D,g),a&&C(D,false,false)}else h=Xy(g,D);return h}M&&T&&M.removeEventListener(T,e,O)}}return e},c=function(A,I){if(A.D)return o3(A,A.j);return(I=z(A,8,true),I)&128&&(I^=128,A=z(A,2,true),I=(I<<2)+(A|0)),I},Xy=function(A,I,D,n,M){if((D=A[0],D)==J)I.X=25,I.i(A);else if(D==v){M=A[1];try{n=I.F||I.i(A)}catch(T){k(I,T),n=I.F}M(n)}else if(D==DG)I.i(A);else if(D==K)I.i(A);else if(D==Q1){try{for(n=0;n<I.N.length;n++)try{M=I.N[n],M[0][M[1]](M[2])}catch(T){}}catch(T){}(0,A[1])(function(T,e){I.o(T,true,e)},(I.N=[],function(T){F(I,(T=!I.G.length,[wn])),T&&C(I,false,true)}))}else{if(D==r)return n=A[2],d(I,103,A[6]),d(I,141,n),I.i(A);D==wn?(I.U=null,I.K=[],I.s=[]):D==TH&&"loading"===q.document.readyState&&(I.T=function(T,e){function g(){e||(e=true,T())}q.document.addEventListener("DOMContentLoaded",g,(e=false,O)),q.addEventListener("load",g,O)})}},P=function(A){return A.D?o3(A,A.j):z(A,8,true)},ng=function(A,I,D,n,M,T){if(!A.F){A.O++;try{for(T=void 0,D=0,M=A.A;--I;)try{if(n=void 0,A.D)T=o3(A,A.D);else{if(D=B(A,411),D>=M)break;T=B(A,(n=c((d(A,415,D),A)),n))}u(false,(T&&T[wn]&2048?T(A,I):V(A,[w,21,n],0),I),A,false)}catch(e){B(A,27)?V(A,e,22):d(A,27,e)}if(!I){if(A.Da){ng(A,(A.O--,342722082906));return}V(A,[w,33],0)}}catch(e){try{V(A,e,22)}catch(g){k(A,g)}}A.O--}},k=function(A,I){A.F=((A.F?A.F+"~":"E:")+I.message+":"+I.stack).slice(0,2048)},il=function(A,I,D,n,M){for(M=I=(A=A.replace(/\\r\\n/g,"\\n"),0),n=[];I<A.length;I++)D=A.charCodeAt(I),128>D?n[M++]=D:(2048>D?n[M++]=D>>6|192:(55296==(D&64512)&&I+1<A.length&&56320==(A.charCodeAt(I+1)&64512)?(D=65536+((D&1023)<<10)+(A.charCodeAt(++I)&1023),n[M++]=D>>18|240,n[M++]=D>>12&63|128):n[M++]=D>>12|224,n[M++]=D>>6&63|128),n[M++]=D&63|128);return n},Au=function(A){return A},qO=function(A,I,D){return(D=x[A.V](A.AG),D)[A.V]=function(){return I},D.concat=function(n){I=n},D},UL=function(A,I,D,n){for(n=(D=c(I),0);0<A;A--)n=n<<8|P(I);d(I,D,n)},ZG=function(A,I,D,n){S(L(A,(n=(D=c(I),c(I)),B(I,D))),I,n)},Hh=function(A,I,D){return I.o(function(n){D=n},false,A),D},L=function(A,I,D,n){for(D=(n=(A|0)-1,[]);0<=n;n--)D[(A|0)-1-(n|0)]=I>>8*n&255;return D},$0=function(A,I,D,n,M){for(n=0,M=A[2]|0,A=A[3]|0;14>n;n++)D=D>>>8|D<<24,D+=I|0,D^=M+2229,A=A>>>8|A<<24,I=I<<3|I>>>29,I^=D,A+=M|0,A^=n+2229,M=M<<3|M>>>29,M^=A;return[I>>>24&255,I>>>16&255,I>>>8&255,I>>>0&255,D>>>24&255,D>>>16&255,D>>>8&255,D>>>0&255]},S=function(A,I,D,n,M,T){if(I.h==I)for(T=B(I,D),114==D?(D=function(e,g,h,a){if(T.ne!=(h=(a=T.length,(a|0)-4>>3),h)){g=(h=(T.ne=h,h<<3)-4,[0,0,M[1],M[2]]);try{T.VZ=$0(g,j0(T,h),j0(T,(h|0)+4))}catch(Y){throw Y;}}T.push(T.VZ[a&7]^e)},M=B(I,352)):D=function(e){T.push(e)},n&&D(n&255),I=0,n=A.length;I<n;I++)D(A[I])},f=function(A,I){for(I=[];A--;)I.push(255*Math.random()|0);return I},C=function(A,I,D,n,M,T){if(A.G.length){A.W=!(A.FY=(A.W&&0(),D),0);try{n=A.H(),A.u=n,A.C=n,A.v=0,T=ch(A,D),M=A.H()-A.C,A.Z+=M,M<(I?0:10)||0>=A.X--||(M=Math.floor(M),A.K.push(254>=M?M:254))}finally{A.W=false}return T}},x0=function(A,I,D,n,M,T,e,g){return((T=x[(n=[10,(e=(M=Ph,A&7),-98),54,77,21,-31,n,51,-77,74],I).V](I.hG),T)[I.V]=function(h){e+=(g=h,6+7*A),e&=7},T).concat=function(h){return(h=(g=(h=+e- -5390*(h=D%16+1,D)*g+55*g*g-275*D*D*g- -1210*g+(M()|0)*h+n[e+19&7]*D*h-h*g+5*D*D*h,void 0),n[h]),n)[(e+45&7)+(A&2)]=h,n[e+(A&2)]=-98,h},T},z=function(A,I,D,n,M,T,e,g,h,a,Y,y,Q,m){if((h=B(A,411),h)>=A.A)throw[w,31];for(Q=(m=h,Y=(y=0,I),A.S5.length);0<Y;)n=m%8,e=m>>3,T=8-(n|0),T=T<Y?T:Y,M=A.s[e],D&&(g=A,g.S!=m>>6&&(g.S=m>>6,a=B(g,394),g.L=$0([0,0,a[1],a[2]],g.I,g.S)),M^=A.L[e&Q]),y|=(M>>8-(n|0)-(T|0)&(1<<T)-1)<<(Y|0)-(T|0),Y-=T,m+=T;return d(A,411,(h|(D=y,0))+(I|0)),D},ch=function(A,I,D,n){for(;A.G.length;){D=(A.T=null,A.G.pop());try{n=Xy(D,A)}catch(M){k(A,M)}if(I&&A.T){(I=A.T,I)(function(){C(A,true,true)});break}}return n},p=q.requestIdleCallback?function(A){requestIdleCallback(function(){A()},{timeout:4})}:q.setImmediate?function(A){setImmediate(A)}:function(A){setTimeout(A,0)},l,y1=function(A,I){return[(I(function(D){D(A)}),function(){return A})]},d=function(A,I,D){if(411==I||415==I)A.U[I]?A.U[I].concat(D):A.U[I]=qO(A,D);else{if(A.B&&394!=I)return;161==I||114==I||437==I||261==I||352==I?A.U[I]||(A.U[I]=x0(118,A,I,D)):A.U[I]=x0(121,A,I,D)}394==I&&(A.I=z(A,32,false),A.S=void 0)},F=function(A,I){A.G.splice(0,0,I)},ul=function(A,I,D,n,M){for(n=(M=((D.hG=pg((D.by=k0,D.kb=(D.S5=D[v],bl),D.V),{get:function(){return this.concat()}}),D).AG=x[D.V](D.hG,{value:{value:{}}}),[]),0);289>n;n++)M[n]=String.fromCharCode(n);C(D,(F(D,(F((F(D,(U(D,(d(D,239,(U(D,331,(U(D,(U(D,144,(U(D,(U(D,17,(U(D,(U(D,325,(d(D,161,[160,(d(D,(U(D,(D.sH=(U(D,(U(D,223,(d(D,424,(d(D,143,(U(D,(d(D,434,(d(D,352,(U(D,(U(D,194,(U(D,370,(d(D,437,(U(D,95,((U(D,154,(U((U(D,21,(U(D,(U(D,175,(U(D,129,(U(D,280,(d((d(D,100,(D.iy=(d(D,141,(U((U(D,(D.j5=(d(D,(d(D,(D.T=(D.FY=false,(D.O=0,D.G=[],D.D=(D.zX=function(T){this.h=T},D.B=false,D.C=0,void 0),(D.fe=[],D).j=(D.R=((D.F=void 0,D).J=1,0),n=(D.W=false,D.X=25,window.performance||{}),D.N=[],(D.h=D,D).L=void 0,(D.QZ=0,D.Z=0,D.s=[],D).S=((D.Y=8001,D).v=void 0,void 0),D.U=[],void 0),D.A=(D.u=(D.K=[],0),0),D).I=void 0,D.Hn=n.timeOrigin||(n.timing||{}).navigationStart||0,null),411),0),415),0),0),U(D,483,function(){}),360),function(T,e,g,h){h=(e=B(T,(g=(h=(e=c(T),c(T)),c(T)),e)),B(T,h)),d(T,g,e in h|0)}),D),202,function(T,e,g,h){d(T,(g=B(T,(h=B(T,(e=(h=c((g=c(T),T)),c(T)),h)),g))==h,e),+g)}),{})),0),0)),D),27,438),function(T,e,g,h,a){for(h=c(T),g=mt(T),a=[],e=0;e<g;e++)a.push(P(T));d(T,h,a)})),function(T,e,g,h,a,Y){u(true,e,T,false)||(g=hu(T.h),e=g.qK,h=g.UH,Y=g.g,a=Y.length,g=g.P,h=0==a?new h[g]:1==a?new h[g](Y[0]):2==a?new h[g](Y[0],Y[1]):3==a?new h[g](Y[0],Y[1],Y[2]):4==a?new h[g](Y[0],Y[1],Y[2],Y[3]):2(),d(T,e,h))})),function(T,e,g,h){if(e=T.fe.pop()){for(g=P(T);0<g;g--)h=c(T),e[h]=T.U[h];T.U=(e[424]=(e[261]=T.U[261],T.U)[424],e)}else d(T,411,T.A)})),127),function(T,e,g,h){!u(true,e,T,false)&&(e=hu(T),g=e.P,h=e.UH,T.h==T||g==T.zX&&h==T)&&(d(T,e.qK,g.apply(h,e.g)),T.u=T.H())}),function(T,e,g,h,a,Y,y){for(Y=(h=(g=mt((e=c(T),T)),a="",y=B(T,322),y.length),0);g--;)Y=((Y|0)+(mt(T)|0))%h,a+=M[y[Y]];d(T,e,a)})),D),336,function(T){ll(4,T)}),function(T,e){e0((e=B(T,c(T)),T.h),e)})),U(D,69,function(T){ll(3,T)}),U)(D,6,function(T,e,g){d(T,(g=GH((g=B(T,(g=c(T),e=c(T),g)),g)),e),g)}),function(T,e,g,h,a){d(T,(e=B(T,(h=B((a=B(T,(a=(e=c((h=c((g=c(T),T)),T)),c(T)),a)),T),h),e)),g),Wh(e,a,T,h))})),[])),function(T){ZG(1,T)})),function(T,e,g,h){(h=c((e=(g=c(T),P(T)),T)),d)(T,h,B(T,g)>>>e)})),201),function(T,e,g,h){d(T,(g=B(T,(e=B(T,(e=c(T),h=c(T),e)),h)),h),g+e)}),[0,0,0])),0)),151),function(T,e,g,h){(h=(e=c(T),c)(T),g=c(T),T).h==T&&(g=B(T,g),h=B(T,h),B(T,e)[h]=g,394==e&&(T.S=void 0,2==h&&(T.I=z(T,32,false),T.S=void 0)))}),q)),2048)),function(T,e,g,h){d(T,(e=(h=c((g=c(T),T)),c(T)),e),B(T,g)||B(T,h))})),215),function(T,e,g){u(true,e,T,false)||(e=c(T),g=c(T),d(T,g,function(h){return eval(h)}(EL(B(T.h,e)))))}),0),86),function(T,e,g,h){g=B(T,(e=c((g=c(T),T)),h=c(T),g)),e=B(T,e),d(T,h,g[e])}),261),[]),0),0]),function(T,e){T=B((e=c(T),T).h,e),T[0].removeEventListener(T[1],T[2],O)})),145),function(T){UL(4,T)}),function(T,e,g,h,a,Y){if(!u(true,e,T,true)){if("object"==GH((T=(g=B((Y=(e=(e=(Y=c(T),g=c(T),c(T)),a=c(T),B(T,e)),B(T,Y)),T),g),B(T,a)),Y))){for(h in a=[],Y)a.push(h);Y=a}for(a=(e=0<e?e:1,h=0,Y).length;h<a;h+=e)g(Y.slice(h,(h|0)+(e|0)),T)}})),171),function(T,e,g,h,a,Y,y,Q,m,Z,W,G){function N(H,b){for(;y<H;)m|=P(T)<<y,y+=8;return b=m&(y-=H,(1<<H)-1),m>>=H,b}for(G=(W=(Z=(h=(y=(g=c(T),m=0),(N(3)|0)+1),N)(5),0),Q=[],0);G<Z;G++)Y=N(1),Q.push(Y),W+=Y?0:1;for(G=(e=(W=((W|0)-1).toString(2).length,[]),0);G<Z;G++)Q[G]||(e[G]=N(W));for(W=0;W<Z;W++)Q[W]&&(e[W]=c(T));for(a=[];h--;)a.push(B(T,c(T)));U(T,g,function(H,b,t,R,dn){for(b=(dn=(t=[],[]),0);b<Z;b++){if(!Q[R=e[b],b]){for(;R>=t.length;)t.push(c(H));R=t[R]}dn.push(R)}H.j=qO(H,(H.D=qO(H,a.slice()),dn))})}),function(T,e,g,h,a){(h=(e=B(T,(a=(h=c((g=c(T),T)),e=c(T),c)(T),g=B(T.h,g),a=B(T,a),e)),B(T,h)),0!==g)&&(e=Wh(a,1,T,e,g,h),g.addEventListener(h,e,O),d(T,434,[g,h,e]))})),102),function(T,e,g){(g=B(T,(g=c((e=c(T),T)),g)),0!=B(T,e))&&d(T,411,g)}),d(D,114,f(4)),function(T,e,g){d(T,(e=c((g=c(T),T)),e),""+B(T,g))})),D)),15),function(T){ZG(4,T)}),[TH])),D),[K,A]),[Q1,I])),true),true)},V=function(A,I,D,n,M,T){if(!A.B){if(3<(I=B(A,(D=(M=B((n=void 0,I&&I[0]===w&&(D=I[1],n=I[2],I=void 0),A),261),0==M.length&&(T=B(A,415)>>3,M.push(D,T>>8&255,T&255),void 0!=n&&M.push(n&255)),""),I&&(I.message&&(D+=I.message),I.stack&&(D+=":"+I.stack)),424)),I)){A.h=(n=(D=il((I-=(D=D.slice(0,(I|0)-3),(D.length|0)+3),D)),A).h,A);try{S(L(2,D.length).concat(D),A,114,9)}finally{A.h=n}}d(A,424,I)}},ll=function(A,I,D,n,M){(n=(D=c((M=A&3,A&=4,I)),c(I)),D=B(I,D),A)&&(D=il(""+D)),M&&S(L(2,D.length),I,n),S(D,I,n)},NO=function(A,I,D,n){try{n=A[((I|0)+2)%3],A[I]=(A[I]|0)-(A[((I|0)+1)%3]|0)-(n|0)^(1==I?n<<D:n>>>D)}catch(M){throw M;}},O={passive:true,capture:true},sL=String.fromCharCode(105,110,116,101,103,67,104,101,99,107,66,121,112,97,115,115),K=[],r=[],DG=((E.prototype.uy=void 0,E.prototype).l="toString",[]),J=[],v=[],TH=[],w=(E.prototype.Ce=void 0,{}),Q1=(E.prototype.Da=false,[]),wn=[],Ph=(((((MO,function(){})(f),function(){})(NO),function(){})(Y0),E).prototype.V="create",void 0),x=w.constructor,bl=(((((((X=E.prototype,X.Iz=function(){return Math.floor(this.Z+(this.H()-this.C))},X.yZ=function(A,I,D,n,M,T){for(T=[],D=n=0;n<A.length;n++)for(M=M<<I|A[n],D+=I;7<D;)D-=8,T.push(M>>D&255);return T},X).H=(window.performance||{}).now?function(){return this.Hn+window.performance.now()}:function(){return+new Date},X).gd=function(A,I,D,n,M){for(M=n=0;n<A.length;n++)M+=A.charCodeAt(n),M+=M<<10,M^=M>>6;return n=(A=(M+=M<<3,M^=M>>11,M)+(M<<15)>>>0,new Number(A&(1<<I)-1)),n[0]=(A>>>I)%D,n},X).o=function(A,I,D,n,M){if(D="array"===GH(D)?D:[D],this.F)A(this.F);else try{M=!this.G.length,n=[],F(this,[J,n,D]),F(this,[v,A,n]),I&&!M||C(this,true,I)}catch(T){k(this,T),A(this.F)}},X.TX=function(){return Math.floor(this.H())},X.MK=function(A,I,D){return((I^=I<<13,I^=I>>17,I=(I^I<<5)&D)||(I=1),A)^I},E).prototype.i=function(A,I){return Ph=(A=(I={},{}),function(){return I==A?-22:-12}),function(D,n,M,T,e,g,h,a,Y,y,Q,m,Z,W,G){I=(T=I,A);try{if(a=D[0],a==K){g=D[1];try{for(G=Q=(e=(m=[],atob)(g),0);G<e.length;G++)W=e.charCodeAt(G),255<W&&(m[Q++]=W&255,W>>=8),m[Q++]=W;(this.A=(this.s=m,this).s.length<<3,d)(this,394,[0,0,0])}catch(N){V(this,N,17);return}ng(this,8001)}else if(a==J)D[1].push(B(this,161).length,B(this,437).length,B(this,114).length,B(this,424)),d(this,141,D[2]),this.U[307]&&gn(B(this,307),8001,this);else{if(a==v){M=L(2,((m=D[2],B(this,161).length)|0)+2),y=this.h,this.h=this;try{h=B(this,261),0<h.length&&S(L(2,h.length).concat(h),this,161,10),S(L(1,this.J),this,161,109),S(L(1,this[v].length),this,161),e=0,n=B(this,114),e-=(B(this,161).length|0)+5,e+=B(this,100)&2047,4<n.length&&(e-=(n.length|0)+3),0<e&&S(L(2,e).concat(f(e)),this,161,15),4<n.length&&S(L(2,n.length).concat(n),this,161,156)}finally{this.h=y}if(((G=f(2).concat(B(this,161)),G)[1]=G[0]^6,G)[3]=G[1]^M[0],G[4]=G[1]^M[1],Z=this.GX(G))Z="!"+Z;else for(e=0,Z="";e<G.length;e++)Y=G[e][this.l](16),1==Y.length&&(Y="0"+Y),Z+=Y;return d(this,424,(B(this,(B(((Q=Z,B)(this,161).length=m.shift(),this),437).length=m.shift(),114)).length=m.shift(),m.shift())),Q}if(a==DG)gn(D[1],D[2],this);else if(a==r)return gn(D[1],8001,this)}}finally{I=T}}}(),E.prototype).OH=0,E.prototype.EH=0,E.prototype).GX=function(A,I,D,n){if(D=window.btoa){for(I="",n=0;n<A.length;n+=8192)I+=String.fromCharCode.apply(null,A.slice(n,n+8192));A=D(I).replace(/\\+/g,"-").replace(/\\//g,"_").replace(/=/g,"")}else A=void 0;return A},/./),k0,rn=K.pop.bind((E.prototype[Q1]=[0,0,1,1,0,1,1],E.prototype[J])),EL=((k0=pg(E.prototype.V,(bl[E.prototype.l]=rn,{get:rn})),E.prototype).e5=void 0,function(A,I){return(I=I3())&&1===A.eval(I.createScript("1"))?function(D){return I.createScript(D)}:function(D){return""+D}})(q);40<(l=q.botguard||(q.botguard={}),l.m)||(l.m=41,l.bg=Bh,l.a=a3),l.yDq_=function(A,I,D){return[(D=new E(A,I),function(n){return Hh(n,D)})]};}).call(this);'));
}).call(this);
#4 JavaScript::Eval (size: 4) - SHA256: 7d4c1271a755dfd5e14270393e1d7380055a4f27db2868e1b49a02b4d1083a68
3297
#5 JavaScript::Eval (size: 22) - SHA256: 76fa5194b42930d151e7569cc0b9f77ea02344fef8104bda49d4318b5b438698
0,
function(T) {
    UL(1, T)
}
#6 JavaScript::Eval (size: 60) - SHA256: dcbc8087c9f3488411409f0a3c9069e6a40b27851598c7a72361e97785aa874d
0,
function(T, e, g) {
    d(T, (g = c(T), e = c(T), g = T.U[g] && B(T, g), e), g)
}

Executed Writes (0)


HTTP Transactions (119)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: www.claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         151.101.130.159
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Connection: keep-alive
Content-Length: 162
Location: https://claimwell.com/
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
X-FW-Server: Flywheel/5.1.0
X-FW-Hash: ogapwyqe2r
X-FW-Version: 5.0.0
Server: Flywheel/5.1.0
Accept-Ranges: bytes
Date: Sun, 13 Nov 2022 21:55:08 GMT
X-Served-By: cache-bma1676-BMA
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1668376508.002122,VS0,VE1
X-FW-Serve: TRUE
X-FW-Static: NO
X-FW-Type: VISIT


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D3F75D03561D6A47D19370292E821A86E58381466F0C69386A21175DE55882FF"
Last-Modified: Fri, 11 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9316
Expires: Mon, 14 Nov 2022 00:30:24 GMT
Date: Sun, 13 Nov 2022 21:55:08 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2463
Cache-Control: max-age=134236
Date: Sun, 13 Nov 2022 21:55:08 GMT
Etag: "6370c779-1d7"
Expires: Tue, 15 Nov 2022 11:12:24 GMT
Last-Modified: Sun, 13 Nov 2022 10:31:21 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Length, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 13 Nov 2022 21:44:26 GMT
cache-control: public,max-age=3600
age: 642
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    4736bac84ca28f2b1e961159fb4ea098
Sha1:   1319612979f53896fcfeacd4215c2715d4951e4c
Sha256: 5e81213e111ddf68c7f884f72b4e06fc4dc95eb902c3cf0762236b2418840dba
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "00E3B967C579B0CCF709B78D497A43D95646B16EB50925FEF1E2694C58F290B2"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3890
Expires: Sun, 13 Nov 2022 22:59:58 GMT
Date: Sun, 13 Nov 2022 21:55:08 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: WwK7Hd+DARlCni/J3Vlw8x++uesA0ysNO+RPlVLocVrXSLiNgMsW720J0yqWx3Sb/jb2zob3Ebw=
x-amz-request-id: PF54TGGX4H0WXFKS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 13 Nov 2022 21:50:50 GMT
age: 258
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            GET / HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
link: <https://claimwell.com/wp-json/>; rel="https://api.w.org/", <https://claimwell.com/wp-json/wp/v2/pages/3890>; rel="alternate"; type="application/json", <https://claimwell.com/>; rel=shortlink
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-dynamic: TRUE
x-fw-hash: ogapwyqe2r
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.314126,VS0,VE1
vary: Accept-Encoding
x-fw-serve: TRUE
x-fw-static: NO
x-fw-type: VISIT
content-length: 47352
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8489)
Size:   47352
Md5:    6102ac1da6a67ada31d6807ed0e826f8
Sha1:   be4a2a1b6fccde5a76e28239a7970d540957efed
Sha256: 9d18ae13d80d8f9d26a13172baf2821771c6eaf6af0046c094e1acd527e8941c

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sun, 13 Nov 2022 21:55:08 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /wp-content/plugins/formidable/css/formidableforms.css?ver=10242250 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Mon, 24 Oct 2022 22:50:53 GMT
etag: W/"635716cd-cc9c"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.465178,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 10150
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (52279)
Size:   10150
Md5:    327656c6623189eb218b3a05b4a7ac28
Sha1:   021dce514a3506e9fcb547cbbcb6ceb08df69c4b
Sha256: 6fd36dfdab0fd0e28e65ff4818da4820c6acb6e9597ca17ef6e931ba853cba29

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/th-widget-pack/assets/icons/icons.css?ver=2.1.14 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Mon, 24 Oct 2022 22:49:55 GMT
etag: W/"63571693-d147"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.465519,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 8578
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   8578
Md5:    6dbc0f0655775fc588d0784519520f25
Sha1:   74db90c46ed1888978b16eb4d6505a64d2d29889
Sha256: 96cb95468d35fd20563225b3838ab15c7a12a18f03e8b87d1ce0235b6d722dfb

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/th-widget-pack/css/global.css?ver=1666651795 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Mon, 24 Oct 2022 22:49:55 GMT
etag: W/"63571693-656"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.465978,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 321
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1621)
Size:   321
Md5:    e42d16a433ebd4cfc77d6fb73dfaff9c
Sha1:   701b9f69df90a90570e72da552218fe9695cdf13
Sha256: 6eaa3417104d1fe73f61c14b4f46e5663b7b2a3babd76109ec504681ae280f00
                                        
                                            GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.3 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-15b64"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ogapwyqe2r
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.466402,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 13906
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (43771)
Size:   13906
Md5:    1047dd6779111ec73736abd71a40fef9
Sha1:   e08643922ce9a1a488f2a72c0341807f59f7528e
Sha256: d85287eacda4e97356cf1b53ec765e34c8913558d6fb485b334debf78c89a3bf
                                        
                                            GET /wp-content/plugins/header-footer-elementor/assets/css/header-footer-elementor.css?ver=1.6.13 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Mon, 24 Oct 2022 22:49:39 GMT
etag: W/"63571683-308"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.467096,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 335
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   335
Md5:    844db2405eae764da7a0eff19010ea8e
Sha1:   1fffb2a992d9fa84f0ea5a7afcbbdefbc59e238c
Sha256: 6421a7f673a09c660f6de4c37a4ac770239bac9ad46b87c75fdee466f09553c8
                                        
                                            GET /wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:32 GMT
etag: W/"636147c8-35ed"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.468152,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 967
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (13766)
Size:   967
Md5:    85c186d70976153b68df9fac46944882
Sha1:   ffc8003843cfdb2e6062cf4289d8db213b7497c7
Sha256: 519b04684c2ced5330630bdf9a688c3dfb26c3a9677064a3384c49cc224c2d02
                                        
                                            GET /wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:32 GMT
etag: W/"636147c8-27687"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.468533,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 23565
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65497)
Size:   23565
Md5:    3c3a7fde2c8c53f39bc2291f6abf140d
Sha1:   73ec7f561448784f9776dd954b7e9e0b8b8b82a5
Sha256: da82ebd0bf834cfa45fc99db134763c67f27c4c756201288ae52ea686c4c18df

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.4.2 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:49 GMT
etag: W/"636147d9-d69"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.469350,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 876
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3432)
Size:   876
Md5:    1485a50ba7eb9b0552c47212ac9e1f8d
Sha1:   20114142c5961b11782d0473d7eddbb5ea2fe857
Sha256: 036dc37c7c15dd4c5666eb283a674fe5eab437db700916680cdc59082b40810e
                                        
                                            GET /wp-content/uploads/essential-addons-elementor/eael-3890.css?ver=1631176832 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Mon, 24 Oct 2022 22:58:08 GMT
etag: W/"63571880-43e1"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.469719,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 3026
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (10267)
Size:   3026
Md5:    1ef8868a44fece784ed2780ecaf78d91
Sha1:   17cc90c5114099adf7e697a198376cdb8089297d
Sha256: e9d84688dee5ffb6ae0ae3ed482ba082ee7a710c26b066cd2b977fa27ab2462a

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.16.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-4b4f"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.470349,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 4343
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (19233)
Size:   4343
Md5:    604fd8fa6bb661c05803395e60da945e
Sha1:   5026347d7d843b0cf1d969674dcce39fa798f1f6
Sha256: 1cde42ac7a1ff03a443a2ab4d73fefc03c962aea0f9f3745256d9f3eef2d1d8b

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-29d"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.479742,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 312
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (483)
Size:   312
Md5:    1a5f57a3c279130e5385dc23c63480ca
Sha1:   495d0b9326b42d552932276b815779bbc09d7083
Sha256: 6f5b533f1629e50e5fe7e2e9ede37072b0f9d65e439d0d56d43daa4373d1d745

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-e238"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.479767,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 13975
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (57726)
Size:   13975
Md5:    2f0b07689b34366c1b04e9c84cc2b54c
Sha1:   0a49469573f7add891658c75253a4b68953925e5
Sha256: 6bddc997475f4020265128478b59384b44792a0f986d6a04cd79722b99f2f55f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/th-widget-pack/header-footer/inc/widgets-css/frontend.css?ver=2.1.14 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Mon, 24 Oct 2022 22:49:55 GMT
etag: W/"63571693-13c18"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.479903,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 10454
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (1646)
Size:   10454
Md5:    66108675e6ad3f63704e02654048874c
Sha1:   14c327d135aab85d7a9e0ab0b5873083eca7f0d0
Sha256: f0c5bd1483c4986014973afd3f1fbcb8aaf750a4b560608c7cb8e6a06efd5659

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/uploads/elementor/css/post-3890.css?ver=1667319926 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:25:26 GMT
etag: W/"63614876-c13b"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.479929,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 4867
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (49467), with no line terminators
Size:   4867
Md5:    9dae52c44237edf9b84b46bff73adc4c
Sha1:   97b3af59ccef18bd6674adcf61b285ff1b29f8f0
Sha256: ee1a695e0b5a07871958b3bd1b53aa575fcac14cd0a3a88fe3904c96af0c8285

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/uploads/elementor/css/post-5004.css?ver=1667319981 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:26:21 GMT
etag: W/"636148ad-85b2"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.479867,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 3119
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (11072)
Size:   3119
Md5:    925a76356addac87430f5bbb1a45a575
Sha1:   cf44e04548456d25eb9af9d884a56c072eb1d468
Sha256: e4d6e25f69067d9a972e15e1e39f49b8641d9b236faf99237298f3bef26d115f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/v4-shims.min.css?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-684e"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.479966,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 4632
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (26516)
Size:   4632
Md5:    374f31e96b90b8ae2792847d6f03ad7a
Sha1:   70735fd696d11f13de395e43c81b026d9c86528e
Sha256: 1192a2e289e37356ef9077427b1cd1ca3b950dd95f163459bc9c16f679989088

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/th-widget-pack/header-footer/assets/css/header-footer-elementor.css?ver=2.1.14 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Mon, 24 Oct 2022 22:49:55 GMT
etag: W/"63571693-4c6"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.479872,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 456
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   456
Md5:    ed50d0b8f686c12f99af00f219a76b85
Sha1:   fab2c67ea39365dde11acbeda939187db4eedb8b
Sha256: 98c0713ed54c191d8a0868b6a6f103b133a81c2593758ed71cabcbb700423106

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/header-footer-elementor/inc/widgets-css/frontend.css?ver=1.6.13 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Mon, 24 Oct 2022 22:49:39 GMT
etag: W/"63571683-127a4"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.479880,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 9576
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (1646)
Size:   9576
Md5:    eedfe054bcb463863781057ab6f69abb
Sha1:   448c2e7bab71dc8312c51536855e702b0eb9c515
Sha256: 88d7bd229f33e561df4a16846334228f0183334ab25813ee8022bd4fdb045867

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-7917"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.479856,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 7780
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (30837)
Size:   7780
Md5:    73e38ca778aab03265ab5c8c5922b3d3
Sha1:   d55aa22c1227719a6a5239b5f2c0251fc563d7e0
Sha256: 0d49cde3035dbb3baf30ac0e801b8a21175072224f0192675dabeda3b7159814

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/stratusx/assets/css/app.css?ver=1 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Mon, 22 Nov 2021 21:02:06 GMT
etag: W/"619c054e-44269"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.479811,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 54340
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (64784)
Size:   54340
Md5:    b2a3c4cd86a0bb706664510786d694e9
Sha1:   a7a2630965f395757ed0103d2567277947475b03
Sha256: 70f9fc283cde3260f98401c7aea5dafa6dba243a6b9f6fa6131f611a430c3f27
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/regular.min.css?ver=5.15.3 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-2a5"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.480156,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 310
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (491)
Size:   310
Md5:    c62d5dcd85da44a1dfb134f50da09157
Sha1:   7ad9087d70136a8e584331db02048d13f8b95e82
Sha256: ab305466b8f11236d52c021823260b82c195c627e6323e7079a8a7c733335f03
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-e7d0"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.479978,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 14284
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (59158)
Size:   14284
Md5:    25b37bc500e807c9f09d41f36d06a3ad
Sha1:   008541e3bc221a9e0cfa873248ee4dc05b563d8e
Sha256: 1033a30450338e77b9c322f9ae9ad68b50f801272bef293933d6135f9126aa13

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/uploads/elementor/css/post-465.css?ver=1667319843 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:24:03 GMT
etag: W/"63614823-6be"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.480016,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 473
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1726), with no line terminators
Size:   473
Md5:    2c31fb561e68949df39926d64829cbc0
Sha1:   1708a86fd4b7a328222cc257e0152a4b4c52acd4
Sha256: 5fbd8f2754092f0c96ddf8c4df98a2f4b303ef07fa7cb3f197d1b0a195127847
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-2a3"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.480537,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 311
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (489)
Size:   311
Md5:    c58b23e189e3c7cf45cb7014e704d05b
Sha1:   e6850968edf763aafe862a226a0a3380f4827488
Sha256: 6ba81ab0941a10e6bb1a48b83f30ddaedba974c6609bec7210d9a27e4b3ef38d

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:42 GMT
etag: W/"636147d2-78bee"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.480039,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 53064
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65493)
Size:   53064
Md5:    43cb961ce14b870c73851b62422e1969
Sha1:   796c81ab818410e4f123d7791c869bb4f091c5a3
Sha256: 6abf269f3316b1f09660d9408aafd7601f07d987ea20156fe7f1db5396745ed4
                                        
                                            GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-15db1"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ogapwyqe2r
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.481342,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 34060
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65447)
Size:   34060
Md5:    22b0253c0ecce70e41e296d176b0d972
Sha1:   a161c363d2092739db21bfeb2cf23c980ec71580
Sha256: 181967b7928e133789c8edbb8bdcb73d44a0328d884b613f8ebfb182b4c3c52e

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-2bd8"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ogapwyqe2r
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.483409,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 4405
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (11126)
Size:   4405
Md5:    24957bc8161f979c6e661f46fdc3974f
Sha1:   fa1237ffe8b3745baa78ac481239038e133fcc17
Sha256: 46acf87c90961d413ac24eace25b77a8d5236daf38799fec2daf0bc350cc6ebe

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-3acf"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.484420,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 4631
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (14869)
Size:   4631
Md5:    499ded81ca80920c1b3521598e259548
Sha1:   d6b47dce6475ee2b47e16ee211efab0e65b665ca
Sha256: b7e9f78215fd2ffd092c2c5c456ade5e3f293b6411f6279caf40e3fb247b8fe1

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:32 GMT
etag: W/"636147c8-4824"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.491692,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 2945
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (10019)
Size:   2945
Md5:    6a41a891222b20ffa888a263dadd9541
Sha1:   0a60e8f24954286903a61455c3b5dee0aed7893e
Sha256: 66f99b0608e47e9e1ecd50287f529a11b830d7e561b52da7f697fd91d7995db0
                                        
                                            GET /wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.4.2 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:49 GMT
etag: W/"636147d9-1f4e"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.491776,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 3000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (8014), with no line terminators
Size:   3000
Md5:    44cf56521abf6feb68df54afd572fba9
Sha1:   a5ba5bfd8c5fef35992d180830102c2e208713fb
Sha256: 8c5ab0acb7b0de7851ab139751ca2b8f2c3a042d1b74eeb593047199c0e5d0fb

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/uploads/essential-addons-elementor/eael-3890.js?ver=1631176832 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Mon, 24 Oct 2022 22:58:08 GMT
etag: W/"63571880-838"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.492532,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 868
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2104), with no line terminators
Size:   868
Md5:    bec8f4b34456c4c3dcbf4937bbda8d8a
Sha1:   7f2093800079cf133a01ed4bd2684328582ea59b
Sha256: 1bee1a4a3c209617ad7f3cf6170a5fba8357e4f70ad621423a8c534dc0e22714

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/uploads/2021/03/dollar-sign-circle.svg HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: image/svg+xml
                                        
last-modified: Mon, 22 Nov 2021 21:01:41 GMT
etag: W/"619c0535-5f5"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.491328,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
access-control-allow-origin: *
x-fw-type: VISIT
content-length: 801
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1525), with no line terminators
Size:   801
Md5:    e055afed172f07444a8754dd14ead516
Sha1:   3e6a2e9cb46e8f5ab04b1059b99ad8d04e43606e
Sha256: 5c5aaad0fbd414b6f7e5cd22ea20529c63ecd827c019f5675d6b1ff9de8e8205

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-2fa6"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.493233,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 3281
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (12198), with no line terminators
Size:   3281
Md5:    e7e06a56acbe48a5e94540829d446734
Sha1:   a62e3d7ea0dbd0a3e771f419377882aee5512e67
Sha256: 42ba07f11715edb58a365296c32ae85230bb28f164a34f561f295cbceb1f5981
                                        
                                            GET /wp-content/uploads/2020/12/RRE-Ventures.png HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: image/png
                                        
last-modified: Mon, 22 Nov 2021 21:02:00 GMT
etag: W/"619c0548-1e6d"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.490844,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 6770
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 900 x 600, 8-bit colormap, non-interlaced\012- data
Size:   6770
Md5:    ca7f4f0b097551d79d49369a5f034f1a
Sha1:   d3875cc8c88a254cc544fe0da10d4f9eea096376
Sha256: cfbe866f18aa9783cf6ee684d887e71292bff73f50fa73329a0a559a0bd621fc
                                        
                                            GET /wp-content/uploads/2020/12/Claimwell-Logo-Transparent-Large-1.png HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: image/png
                                        
last-modified: Mon, 22 Nov 2021 21:02:00 GMT
etag: W/"619c0548-1bcee"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376508.490791,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 104230
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 2306 x 424, 8-bit/color RGBA, non-interlaced\012- data
Size:   104230
Md5:    f7e79308d3875abb64a47fc691a973af
Sha1:   eefa4db91c9cb04f7c0cf7b484a4c915b7dd1cac
Sha256: e07c06550c47f509ce42913360241e96cfddb1c085cbb7a9133e4e8b742a7c58
                                        
                                            GET /wp-content/plugins/th-widget-pack/header-footer/inc/js/frontend.js?ver=2.1.14 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Mon, 24 Oct 2022 22:49:55 GMT
etag: W/"63571693-6384"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376509.558081,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 4154
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   4154
Md5:    fcddc76226a5d9daa33fa13cfd81a0dc
Sha1:   8204598ef91c5dd506ea28b13b2ee1826b115b3d
Sha256: 439623cc1a6b45a494093b92c6a5ae0a85cb7e2bbb46f7573ddf9a89a8161e18
                                        
                                            GET /wp-content/plugins/th-widget-pack/js/themo-foot.js?ver=2.1.14 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Mon, 24 Oct 2022 22:49:55 GMT
etag: W/"63571693-2b02"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376509.560349,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 3261
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   3261
Md5:    aa423480c0248f90c164e37b73c1b1a5
Sha1:   ceb372bc26ddb3bd72a3a3beb5f6bf8f91df15da
Sha256: d87417f4e43bd80bbe3f6ed9973ebe7b7e25c5d425b479e088f767099cb43d3b

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/stratusx/assets/js/vendor/vendor_footer.js?ver=1.2 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Mon, 22 Nov 2021 21:02:06 GMT
etag: W/"619c054e-1d211"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376509.560440,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 35932
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   35932
Md5:    8fabaacc1c210aec94b2224eb0434878
Sha1:   54e630b5711d880f85b9640f04df89d9d200cef9
Sha256: a2f4874e50eee01e2623ed6f20737b3e9207627d45a5ba16977ccdedd65d96f3
                                        
                                            GET /wp-content/themes/stratusx/assets/js/main.js?ver=1.2 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Mon, 22 Nov 2021 21:02:06 GMT
etag: W/"619c054e-2a55"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376509.560601,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 3808
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text
Size:   3808
Md5:    c72620fb8f97d6bcf2e405ed3e3e6ab7
Sha1:   eb51b8f6f793f0e19996870943f7a7933e2ee6a6
Sha256: 582b18057eb11108c5082817e9f3a6857afb6f6d7e76f92407a1d94df5e0b06d

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/jquery-numerator/jquery-numerator.min.js?ver=0.2.1 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-709"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376509.560705,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 766
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1801), with no line terminators
Size:   766
Md5:    d050f456fb3f3eca90330ceb0589fdb8
Sha1:   4ef5b7af377ec4750713019e9fd07a618805971e
Sha256: d8ff1d2961e2c14d53dc5c32541e9ee2cd0addd6aa84958d6f24a6bd3c3d8d2d

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/imagesloaded.min.js?ver=4.1.4 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-15fd"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ogapwyqe2r
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376509.560820,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 1946
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (5477)
Size:   1946
Md5:    fcf12c7d3f5778470877aff26bdb3040
Sha1:   b8cc6b30eb49ef014651e6f22e4a33b74a3fde1e
Sha256: 2b6a1c6d97acd8b8f1460d8e4acbac8f911aa950c482ab794888f40c63fb2d6f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.min.js?ver=1.0.1 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:43 GMT
etag: W/"636147d3-6272"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376509.561415,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 7921
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (25115)
Size:   7921
Md5:    980e80ed6ddbdc9807aea533c70bb286
Sha1:   5740cc3f4f32e6c07083b160e5e729ddca90b634
Sha256: 4a8490c04d4be66e5bb053e8f9483484cb5c798f93ef06f9f94aade11aa47533

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:43 GMT
etag: W/"636147d3-1472"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376509.561572,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 2439
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (5191)
Size:   2439
Md5:    9a1f831972cf36eee6e2db70b9700bc4
Sha1:   0b5cbaed4bbae8e325a10b66afb502d025f7a297
Sha256: fdfd0da5acc22a7dae57774bbee36b0c85ba3c7a6f4fab18a1773ccb1e17fe89
                                        
                                            GET /wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:32 GMT
etag: W/"636147c8-135d"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376509.561645,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 2252
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (4918)
Size:   2252
Md5:    9f4f8167378b3647579db7fdcd32222c
Sha1:   f39aed2f852126793181def8995a2f775b01e909
Sha256: 6e6e245457169f9ef416988e1569a55f965c750dda363ae567bd285a076ea6c9

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:32 GMT
etag: W/"636147c8-80b3"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376509.561717,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 11599
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (32907)
Size:   11599
Md5:    85b9957cfe29d6b964ee7d5fe7a721e5
Sha1:   2a7ceee62c538ed2cf691c1a63c1b39e86f45642
Sha256: eb64e609ea8c352fee372f74c1cea32033a25051f1d3fd41d0dd57a6f199f786

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-194b"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ogapwyqe2r
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376509.561946,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 2581
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (6475), with no line terminators
Size:   2581
Md5:    cba765ca076cb13c7678f0293fb8a3da
Sha1:   98430a0a3db9c19a16f6940750a6738c4d00f962
Sha256: f68a3fba394baf3508e7987049a6037d9f3e212dc9698976df9fbeb5703379ab

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-4ac6"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ogapwyqe2r
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376509.562078,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 7559
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (19138), with no line terminators
Size:   7559
Md5:    2059fe073bfc62ce84fe8fc1f42d35a9
Sha1:   68038ff5383ffde15542f57782d7a53c8de8bb48
Sha256: 543dbc6a5dd60032fb9d74beef1f7ac5f6cee543b6422b1f0928b9001d050eb8
                                        
                                            GET /wp-includes/js/dist/hooks.min.js?ver=c6d64f2cb8f5c6bb49caca37f8828ce3 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-132e"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ogapwyqe2r
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 12
x-timer: S1668376509.563014,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 1736
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (4875)
Size:   1736
Md5:    13d536181f99675ef7d13d91c86c24dd
Sha1:   c30ec279027b1dc05df149f3953b384f50a72a05
Sha256: 1192c8ec0e73df274d3ffb2302091f67d2a4fc15200a6fd138661dfd7cc2f222

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/dist/i18n.min.js?ver=ebee46757c6a411e38fd079a7ac71d94 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-27ee"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ogapwyqe2r
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 12
x-timer: S1668376509.564282,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 4059
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   4059
Md5:    feb20fa17603ebf83bd29bb99298c82f
Sha1:   1944c6bf9ad5f4283fcb221ada39438b8528f5a2
Sha256: eeffaf3cad83f30cadd4a89d66fcc4ea8e929330625ab40c6ac8a651e41eb595

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 21:55:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 21:55:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 21:55:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:42 GMT
etag: W/"636147d2-54a3"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376509.570582,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 6308
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (21624)
Size:   6308
Md5:    327334f1610e7beca3db87254e141ede
Sha1:   88aad29b5322ece8aa9c63c72d8a25e4744acf3c
Sha256: cecef52015c8fd37983e2e1afab16a577ebd4c1c0fbd6b073a58be6f43c46c52

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.1 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-50eb"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ogapwyqe2r
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376509.570656,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 7442
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (8189)
Size:   7442
Md5:    7070cf6c839a09af2a84f926dd2f95e1
Sha1:   2ac5f6312b4cc85f39804d4a61eeb00c2cced58e
Sha256: ed584ebba9826c2d9fb5078ca275ce47d05b2a9a1f075e7493526fe7fe458c4c
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-21f91"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376509.645612,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 40188
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65280)
Size:   40188
Md5:    9ed258a936a3d2ce45e94a8db42f9d31
Sha1:   6165e240ceb0f3dffff99e006e4bde5a5039cc9e
Sha256: 2a21ec91e4a5790ad487670a13f80e62d6d17b6725d13d0e23c33e10ddda2311
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-29ba"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376509.655481,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 3713
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (10544)
Size:   3713
Md5:    79154440db11a2fce12d7466816f540b
Sha1:   6936f61c5ec9b0fbb2c22f5b0360144200eee413
Sha256: f380628bae09ae5f189c9a3beadacd7e0f39606d086476bc21f76c8d69fef241
                                        
                                            GET /wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:32 GMT
etag: W/"636147c8-9e41"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376509.675788,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 13240
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (40474)
Size:   13240
Md5:    4f77ab858523d1d3443d76a569cea6d2
Sha1:   eebca9a6d6c00a7f0db1f14678e3d2598de09ab1
Sha256: 11109fd617951d02cbaccfd9cc2773f0161e41d34169102b330051d23d280f25
                                        
                                            GET /wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:43 GMT
etag: W/"636147d3-21fe5"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376509.675874,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 37202
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65493)
Size:   37202
Md5:    02340f930982274cf203bd5faafd5718
Sha1:   8851158863d9a0636a8ced3a5fb4ec60127b4358
Sha256: a8e15d355da011379d9c28885e968aa40da870b1fc3603d96c7e5044a3307da6

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/js/preloaded-modules.min.js?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:32 GMT
etag: W/"636147c8-a884"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376509.681567,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 14251
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (43101)
Size:   14251
Md5:    cc1be579a6292ef0bfc7d812f432b738
Sha1:   5592e611fce34c3936a392d9a879476574569bf2
Sha256: 460826e1e23dda3d67c25eaa1ff89a4054f345cfdc60a6e6aecd433bdca1ba09
                                        
                                            GET /gtag/js?id=UA-207882829-1 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://claimwell.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.168
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 13 Nov 2022 21:55:08 GMT
expires: Sun, 13 Nov 2022 21:55:08 GMT
cache-control: private, max-age=900
last-modified: Sun, 13 Nov 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43680
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1921)
Size:   43680
Md5:    7946ae6e272e9198e8f3bad80b04a79a
Sha1:   0a5617aedd0a2e206e1ac87850528ef1b501293c
Sha256: 0ecc925a2b0eddbcc7b014ba46853024b24ea7590dfa90d6afc653971e31a32c
                                        
                                            GET /recaptcha/api.js?render=explicit&ver=3.8.0 HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://claimwell.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.164
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
expires: Sun, 13 Nov 2022 21:55:08 GMT
date: Sun, 13 Nov 2022 21:55:08 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 555
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (852), with no line terminators
Size:   555
Md5:    23996c866aead65e33ed090ffb8d81ed
Sha1:   0e3cfe0c25a44d24a8020f559a551affb5338939
Sha256: 33c3b3dbd237e93a7f997c36d8a616623c84fb6eb2f58a59ae999ff452e2d723
                                        
                                            GET /wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:43 GMT
etag: W/"636147d3-ee1"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376509.682901,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 1654
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3808)
Size:   1654
Md5:    3dced5421d2d005599ac20da0c49316f
Sha1:   8cfdfe1cc93dd6be5ad99c901d89e428acf7b051
Sha256: e8554340ba7e8c478bf02d5c81b08bae64cf670b8b8bb2301482b3ac0fce36e2

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.3 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-48b9"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ogapwyqe2r
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:08 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376509.683032,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 5515
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (15660)
Size:   5515
Md5:    17db16eba9de064a60b18a592b36634a
Sha1:   82fc955209623803111e48d5be3cf345315be6f5
Sha256: 1144901adf4e1d54838e6e04a2b75314f3b95518ee654d8c1742af50e355b433

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 21:55:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 21:55:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Cache-Control, Retry-After, Content-Length, Expires, ETag, Pragma, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 13 Nov 2022 21:25:00 GMT
cache-control: public,max-age=3600
age: 1809
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 605
Cache-Control: max-age=153974
Date: Sun, 13 Nov 2022 21:55:09 GMT
Etag: "63711bd6-117"
Expires: Tue, 15 Nov 2022 16:41:23 GMT
Last-Modified: Sun, 13 Nov 2022 16:31:18 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /wp-content/fonts/raleway/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVs9pbCIPrcVIT9d4cw.woff HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/font-woff
                                        
last-modified: Sat, 23 Jul 2022 05:00:47 GMT
etag: "62db807f-5328"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:09 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376509.124447,VS0,VE0
vary: Authorization
x-fw-serve: TRUE
x-fw-static: YES
access-control-allow-origin: *
x-fw-type: VISIT
content-length: 21288
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 21288, version 1.1\012- data
Size:   21288
Md5:    b551d1a78c967fb1e854393a1114520a
Sha1:   211b36882d860210b9f01b4874aa823bcebe01fe
Sha256: 022b648ed96398d5358f30a503535bf52438c841bfcbc573c232fb5fb8d4d45f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/fonts/raleway/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrcVIT9d4cw.woff HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/font-woff
                                        
last-modified: Sat, 23 Jul 2022 05:00:47 GMT
etag: "62db807f-51ec"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:09 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376509.129683,VS0,VE0
vary: Authorization
x-fw-serve: TRUE
x-fw-static: YES
access-control-allow-origin: *
x-fw-type: VISIT
content-length: 20972
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 20972, version 1.1\012- data
Size:   20972
Md5:    a326c47c3038ee95e834af4137354081
Sha1:   328ed7688bb9083e97c264b52d3068a6cf320a53
Sha256: 7b39693e5b25e6747c407920eaf32ace22b70c5753dc45b33e9a2885d297cfb9

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/octet-stream
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: "636147c9-13174"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:09 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376509.138522,VS0,VE0
vary: Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 78196
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 78196, version 331.-31261\012- data
Size:   78196
Md5:    e8a427e15cc502bef99cfd722b37ea98
Sha1:   a9922842a120a7f1eaced667480c5e185a106d69
Sha256: d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-regular-400.woff2 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/regular.min.css?ver=5.15.3
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/octet-stream
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: "636147c9-33dc"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:09 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376509.147148,VS0,VE0
vary: Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 13276
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 13276, version 331.-31261\012- data
Size:   13276
Md5:    f0f8230116992e521526097a28f54066
Sha1:   0447c6b10bbf73f97b23dcfd6e6a48510822cb6e
Sha256: 8afc6e5e842baab16010c2ce6fcf48ec4ded8e1579a37c1f1bc027e120d04951

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/fonts/raleway/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVuEorCIPrcVIT9d4cw.woff HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/font-woff
                                        
last-modified: Sat, 23 Jul 2022 05:00:47 GMT
etag: "62db807f-5180"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:09 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376509.150657,VS0,VE0
vary: Authorization
x-fw-serve: TRUE
x-fw-static: YES
access-control-allow-origin: *
x-fw-type: VISIT
content-length: 20864
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 20864, version 1.1\012- data
Size:   20864
Md5:    d872d08bbb5a11b339c5c14eda86f4de
Sha1:   858a15f9f63acd7c67741fe86f897477290306f1
Sha256: d34f1dad21494ea58feed91aaef8cd744d0797f0fe60154d2c9856939f2be994

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/octet-stream
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: "636147c9-12bdc"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:09 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376509.153153,VS0,VE0
vary: Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 76764
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 76764, version 331.-31261\012- data
Size:   76764
Md5:    f7307680c7fe85959f3ecf122493ea7d
Sha1:   fce0da592a3e536d6d5df5b50cb513398d8c5161
Sha256: 43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 21:55:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://claimwell.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46524
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 07 Nov 2022 21:13:13 GMT
expires: Tue, 07 Nov 2023 21:13:13 GMT
cache-control: public, max-age=31536000
age: 520916
last-modified: Mon, 18 Jul 2022 19:58:01 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 46524, version 1.0\012- data
Size:   46524
Md5:    c1fd378f54921c75e4ae1821e7b8fff6
Sha1:   2ce96e97783b2f154d07f4464ca6f8eb2469f2c1
Sha256: 405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826
                                        
                                            GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://claimwell.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Nov 2022 16:40:18 GMT
expires: Fri, 10 Nov 2023 16:40:18 GMT
cache-control: public, max-age=31536000
age: 278091
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Size:   30928
Md5:    ac0d2859ea5f8fd6bcb3c305c08ec184
Sha1:   7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
Sha256: ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 21:55:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6474
Cache-Control: max-age=133177
Date: Sun, 13 Nov 2022 21:55:09 GMT
Etag: "6370b3ac-1d7"
Expires: Tue, 15 Nov 2022 10:54:46 GMT
Last-Modified: Sun, 13 Nov 2022 09:06:52 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /video/589397769?color&autopause=0&loop=0&muted=0&title=0&portrait=0&byline=0 HTTP/1.1 
Host: player.vimeo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://claimwell.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         162.159.128.61
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Sun, 13 Nov 2022 21:55:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
x-xss-protection: 1; mode=block
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: resource: https://f.vimeocdn.com https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://src.litix.io https://www.gstatic.com https://cdn.streamroot.io https://cdn.kollective.app/ https://wirewax.s3.eu-west-1.amazonaws.com https://edge-assets.wirewax.com https://embedder-sdk.wirewax.com https://embedder-sdk.wirewax.tv https://f.vimeocdn.com; style-src 'self' 'unsafe-inline' https://f.vimeocdn.com https://fonts.googleapis.com https://edge-assets.wirewax.com https://f.vimeocdn.com; connect-src 'self' ws: wss: https://vimeo.com https://vimeo.dev https://api.vimeo.com https://api.vimeo.dev https://*.ci.vimeows.com https://csi.gstatic.com https://fresnel-player-staging.vimeows.com https://fresnel-event-staging.vimeows.com https://player-telemetry.vimeo.com https://*.akamaized.net https://*.akamaized-staging.net https://*.vimeocdn.com https://netflux.cloud.vimeo.com https://lic.staging.drmtoday.com https://lic.drmtoday.com https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://sentry.io https://*.ingest.sentry.io https://storage.googleapis.com https://bam.nr-data.net https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com https://*.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://*.dna-delivery.com https://*.kollective.app/ https://mimir.cloud.vimeo.com https://*.wirewax.com https://*.wirewax.tv https://wirewax.s3.eu-west-1.amazonaws.com https://sqs.us-east-1.amazonaws.com https://sqs.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com; media-src 'self' blob: https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.gvt1.com https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com https://devcaptions.cloud.vimeo.com/; object-src 'self' https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net; default-src 'none'; font-src https://edge-assets.wirewax.com https://player.vimeo.com https://fonts.gstatic.com; img-src 'self' data: https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://player.vimeo.com https://*.ci.vimeows.com https://videoapi-sprites.vimeocdn.com https://i.vimeocdn.com https://wirewax.s3.eu-west-1.amazonaws.com https://studio-media.wirewax.com https://edge-assets.wirewax.com https://maps.googleapis.com https://f.vimeocdn.com; frame-src 'self' https://*
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
link: <https://i.vimeocdn.com>; rel=preconnect; crossorigin, <https://f.vimeocdn.com>; rel=preconnect; crossorigin, <https://fresnel.vimeocdn.com>; rel=preconnect; crossorigin
p3p: CP="This is not a P3P policy! See https://vimeo.com/privacy"
expires: Sun, 13 Nov 2022 22:03:23 GMT
x-host: player-685d5c6dfc-h7bpw
via: 1.1 varnish, 1.1 varnish
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-varnish-cache: 1
x-vserver: playproxy-rollout-prod-varnish-2
x-backend-proxy: playproxy3
x-bapp-server: player-685d5c6dfc-h7bpw
Age: 0
X-Served-By: cache-bma1621-BMA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1668376509.162844,VS0,VE145
Vary: Accept-Encoding
X-Player-Backend: p
CF-Cache-Status: DYNAMIC
Set-Cookie: __cf_bm=9XLKRyDfVBNAx5SGK1hAB2xC0p67EAT8q8Yh2LKeh5E-1668376509-0-Aes879SMe3BcZFq7RmMVUJG9D01mTULZ1uN85k3XqWTr1rcasxf/6hqNCwaaF7fhaJK6lFBslHMI2k5m7q0sbuw=; path=/; expires=Sun, 13-Nov-22 22:25:09 GMT; domain=.vimeo.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 769abffe2d54b4f7-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (19260), with no line terminators
Size:   6051
Md5:    442b1b12328ea6da7d5b881adc31fce3
Sha1:   7a1073d0b05b6bcda70e731aa642500b2e9f4651
Sha256: c48097b962b2c7bc216770ab230ee0724940ccc13ceae1f1db27aa3502648598
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 21:55:09 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 13 Nov 2022 03:13:08 GMT
Expires: Sun, 20 Nov 2022 03:13:07 GMT
Etag: "d1a6a125a11eda3a62d74e544d6bf1fb87e4b13e"
Cache-Control: max-age=536877,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 769abfff3dd7b509-OSL

                                        
                                            GET /p/4.13.5/css/player.css HTTP/1.1 
Host: f.vimeocdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://player.vimeo.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         151.101.86.109
HTTP/2 200 OK
content-type: text/css
                                        
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:09 GMT
age: 269528
x-served-by: cache-iad-kcgs7200125-IAD, cache-bma1626-BMA
x-cache: HIT, HIT
x-cache-hits: 54, 53750
x-timer: S1668376509.485362,VS0,VE0
vary: Accept-Encoding,x-http-method-override
cache-control: max-age=1209600
access-control-allow-origin: *
content-length: 20765
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65495)
Size:   20765
Md5:    a11050ea930072aae656110ff118f9e1
Sha1:   785248bd4ca0f74d57beaaa380dcc25d37ec3ea7
Sha256: 006a7da32d89a5dd2b7383c0d5c5704b3adb61ff0d94a4c951dbcfa7e1d7de8c
                                        
                                            GET /video/1219014661-b59af950472ff0b4589785bb9aa42f144546b53c9f16bde5838d0dae294e03b5-d.jpg?mw=80&q=85 HTTP/1.1 
Host: i.vimeocdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://player.vimeo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         151.101.86.109
HTTP/2 200 OK
content-type: image/jpeg
                                        
etag: dd2e8d0bcec3ac56770f6d710ff9b0f9
x-viewmaster-lossless-format: lossy
viewmaster-server: viewmaster-us-central1-17wp
cache-control: public, max-age=2592000
via: vvarnish, 1.1 varnish, 1.1 varnish
x-backend-server: varnish
access-control-allow-origin: *
access-control-expose-headers: X-Viewmaster-Status
access-control-max-age: 86400
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:09 GMT
age: 576100
x-served-by: cache-dfw-kdfw8210053-DFW, cache-bma1626-BMA
x-cache: miss, HIT, HIT
x-cache-hits: 26, 1
x-timer: S1668376510.508206,VS0,VE1
content-length: 1638
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 80x45, components 3\012- data
Size:   1638
Md5:    dd2e8d0bcec3ac56770f6d710ff9b0f9
Sha1:   ff8aa2c37f9141b48819e585ca2f6b2f1d8c3671
Sha256: a934a0643457b544605ab7b7f371df5e87a0be328b424b2306c9a060e214c7a2
                                        
                                            GET /wp-content/uploads/2020/10/cropped-fav-copy-192x192.png HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Cookie: _ga_1FHZ4B327M=GS1.1.1668376508.1.0.1668376508.0.0.0; _ga=GA1.1.391954530.1668376508
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: image/png
                                        
last-modified: Mon, 22 Nov 2021 21:01:50 GMT
etag: W/"619c053e-25e6"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:09 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376510.550621,VS0,VE0
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 9704
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size:   9704
Md5:    d3c44e20247335b2179a6171915428e8
Sha1:   f972cd225c17c070f8b1d989845e3fad5b59027e
Sha256: d4fef434ff4efc0aeadeb237305f2beed46354d2eb76d3edcb30bde9cec0e314
                                        
                                            GET /wp-content/uploads/2020/10/cropped-fav-copy-32x32.png HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Cookie: _ga_1FHZ4B327M=GS1.1.1668376508.1.0.1668376508.0.0.0; _ga=GA1.1.391954530.1668376508
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: image/png
                                        
last-modified: Mon, 22 Nov 2021 21:01:48 GMT
etag: W/"619c053c-43a"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:09 GMT
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1668376510.551112,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 1108
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size:   1108
Md5:    c1c1b2b58335b19f77acca96d694e04a
Sha1:   5c8dc142b7c14d84d08327156571ac3ee6edfcb8
Sha256: 3e397180ce16774fc0a814fd3ddfadfd2875bdb0413cfdea17ae80980747687f
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://claimwell.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 13 Nov 2022 20:41:09 GMT
expires: Sun, 13 Nov 2022 22:41:09 GMT
cache-control: public, max-age=7200
age: 4440
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   20039
Md5:    47e6f374ca946fddd5b59871b325736c
Sha1:   baa9282efc8785e84d247c3bff518eaa45f101c4
Sha256: 16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
                                        
                                            GET /recaptcha/releases/jF-AgDWy8ih0GfLx4Semh9UK/recaptcha__en.js HTTP/1.1 
Host: www.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://claimwell.com
Connection: keep-alive
Referer: https://claimwell.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.163
HTTP/2 200 OK
content-type: text/javascript
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162590
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 13 Nov 2022 09:37:41 GMT
expires: Mon, 13 Nov 2023 09:37:41 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 07 Nov 2022 23:32:29 GMT
age: 44248
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (668)
Size:   162590
Md5:    70dc760a0efad09d703883a39f7683b2
Sha1:   2bc70f2a100ff27d27a89d563dfe279590c8336b
Sha256: 2bc59eab94309c59fba62afa40dfd841fb83760714e9ec7248ce3e10ae05fd19
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: MjXjBmatL3tO/YvZ9rEdhQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         54.186.117.16
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: jInUtDy/foND1U8RNslD1ZWrv7c=

                                        
                                            POST /j/collect?v=1&_v=j98&aip=1&a=712104304&t=pageview&_s=1&dl=https%3A%2F%2Fclaimwell.com%2F&ul=en-us&de=UTF-8&dt=Claimwell%20Homepage%20-%20Claimwell%20Technologies%20Inc.&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YCDACUABBAAAACAAI~&jid=579399778&gjid=399777459&cid=391954530.1668376508&tid=UA-207882829-1&_gid=4287032.1668376508&_r=1&gtm=2oub90&did=dZTNiMT&gdid=dZTNiMT&z=1697292720 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://claimwell.com
Connection: keep-alive
Referer: https://claimwell.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: https://claimwell.com
date: Sun, 13 Nov 2022 21:55:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    c4ca4238a0b923820dcc509a6f75849b
Sha1:   356a192b7913b04c54574d18c28d46e6395428ab
Sha256: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
                                        
                                            GET /stratus/wp-content/uploads/2019/03/Shape3.png HTTP/1.1 
Host: import.themovation.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://claimwell.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         174.138.58.92
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sun, 13 Nov 2022 21:55:09 GMT
Server: Apache/2.4.51
Last-Modified: Tue, 12 Mar 2019 18:02:24 GMT
Accept-Ranges: bytes
Content-Length: 13074
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 1662 x 582, 8-bit/color RGB, non-interlaced\012- data
Size:   13074
Md5:    a7ea4208cc8cced7ff1868df363a71bc
Sha1:   184bf2a31e994a655dbec8c32bc296e44707c0b0
Sha256: 3bdd2bc0689f4818d379dbf1f1c39ab6e63b06a935109349ba03f613465473a2
                                        
                                            GET /p/4.13.5/js/vendor.module.js HTTP/1.1 
Host: f.vimeocdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://player.vimeo.com
Connection: keep-alive
Referer: https://f.vimeocdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         151.101.86.109
HTTP/2 200 OK
content-type: application/javascript
                                        
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:09 GMT
age: 269528
x-served-by: cache-iad-kcgs7200034-IAD, cache-bma1659-BMA
x-cache: HIT, HIT
x-cache-hits: 45, 55277
x-timer: S1668376510.742009,VS0,VE0
vary: Accept-Encoding,x-http-method-override
cache-control: max-age=1209600
access-control-allow-origin: *
content-length: 118007
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65457)
Size:   118007
Md5:    66bced457b2317fba8f2e87d5038d60f
Sha1:   faa24fe9ace29e87fa6c25de87b945567a09a373
Sha256: a398b5002796714bec3f3d1e6602206b1c0697213a65fc73f5fc8ecfdd05fd92
                                        
                                            GET /js_opt/modules/utils/vuid.min.js HTTP/1.1 
Host: f.vimeocdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://player.vimeo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         151.101.86.109
HTTP/2 200 OK
content-type: application/javascript
                                        
content-encoding: gzip
cache-control: public, max-age=2592000
timing-allow-origin: *
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:09 GMT
age: 2176671
x-served-by: cache-iad-kiad7000106-IAD, cache-bma1626-BMA
x-cache: HIT, HIT
x-cache-hits: 139, 277768
x-timer: S1668376510.885347,VS0,VE0
vary: Accept-Encoding,x-http-method-override
content-length: 997
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1839)
Size:   997
Md5:    3d2ec727486c897591d751098283c68f
Sha1:   7b2b2e59063caf74de6bf2c96bffb68b748f257d
Sha256: 10c72391adec6fe62bb10a273adff205864ceafcc63c664bcc4eb7902481ba8b
                                        
                                            GET /video/1219014661-b59af950472ff0b4589785bb9aa42f144546b53c9f16bde5838d0dae294e03b5-d?mw=500&mh=281 HTTP/1.1 
Host: i.vimeocdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://player.vimeo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         151.101.86.109
HTTP/2 200 OK
content-type: image/avif
                                        
etag: 7007955eb22828b5126be01fffd19ba4
x-viewmaster-lossless-format: automatic
viewmaster-server: viewmaster-us-central1-x3mk
cache-control: public, max-age=2592000
via: vvarnish, 1.1 varnish, 1.1 varnish
x-backend-server: varnish
access-control-allow-origin: *
access-control-expose-headers: X-Viewmaster-Status
access-control-max-age: 86400
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:55:09 GMT
age: 423125
x-served-by: cache-dfw-kdfw8210049-DFW, cache-bma1626-BMA
x-cache: miss, HIT, HIT
x-cache-hits: 4, 1
x-timer: S1668376510.904393,VS0,VE1
vary: Accept
content-length: 11973
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ISO Media, AVIF Image\012- data
Size:   11973
Md5:    7007955eb22828b5126be01fffd19ba4
Sha1:   25e67bf0782ac508ab96eda33f92ead55a8d16b5
Sha256: 5a1603bf43f004a9363669f296ad4b5a29b95c0b6c7e7300de39a53c54726eed
                                        
                                            POST /g/collect?v=2&tid=G-1FHZ4B327M&gtm=2oeb90&_p=712104304&gdid=dZTNiMT&cid=391954530.1668376508&ul=en-us&sr=1280x1024&_s=1&sid=1668376508&sct=1&seg=0&dl=https%3A%2F%2Fclaimwell.com%2F&dt=Claimwell%20Homepage%20-%20Claimwell%20Technologies%20Inc.&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1 
Host: region1.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://claimwell.com
Connection: keep-alive
Referer: https://claimwell.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

search
                                         216.239.32.36
HTTP/2 204 No Content
content-type: text/plain
                                        
access-control-allow-origin: https://claimwell.com
date: Sun, 13 Nov 2022 21:55:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            POST /s/gts1d4/QNGijQL5IyE HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 21:55:10 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /s/gts1d4/QNGijQL5IyE HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 21:55:10 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /add/player-test-impression?beacon=1 HTTP/1.1 
Host: fresnel.vimeocdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 116
Origin: https://player.vimeo.com
Connection: keep-alive
Referer: https://player.vimeo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.120.202.204
HTTP/2 200 OK
                                        
access-control-allow-credentials: true
access-control-allow-origin: https://player.vimeo.com
date: Sun, 13 Nov 2022 21:55:10 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

                                        
                                            POST /add/player-stats?beacon=1&session-id=1cc1a3abfb2f8349d76dd7214a6331542904dd601668376509 HTTP/1.1 
Host: fresnel.vimeocdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1423
Origin: https://player.vimeo.com
Connection: keep-alive
Referer: https://player.vimeo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.120.202.204
HTTP/2 200 OK
                                        
access-control-allow-credentials: true
access-control-allow-origin: https://player.vimeo.com
date: Sun, 13 Nov 2022 21:55:10 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

                                        
                                            POST /s/gts1d4/QNGijQL5IyE HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search