Overview

URLwww.claimwell.com/
IP 151.101.130.159 (United States)
ASN#54113 FASTLY
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-13 21:53:30 UTC
StatusLoading report..
IDS alerts0
Blocklist alert44
urlquery alerts No alerts detected
Tags None

Domain Summary (21)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
ocsp.pki.goog (13) 175 2018-07-01 06:43:07 UTC 2020-05-02 20:58:16 UTC 142.250.74.35
player.vimeo.com (1) 1858 2013-09-26 03:16:08 UTC 2020-01-28 05:29:01 UTC 162.159.138.60
f.vimeocdn.com (4) 3234 2014-04-09 18:24:34 UTC 2020-02-02 07:43:43 UTC 151.101.86.109
www.gstatic.com (1) 0 2016-07-26 09:37:06 UTC 2022-11-13 05:50:11 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
r3.o.lencr.org (6) 344 No data No data 23.36.76.226
www.claimwell.com (1) 0 2021-06-08 19:43:15 UTC 2022-11-13 12:54:17 UTC 151.101.130.159 Unknown ranking
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
www.googletagmanager.com (1) 75 2013-05-22 02:07:37 UTC 2022-11-13 11:17:09 UTC 142.250.74.168
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-13 05:52:25 UTC 34.117.237.239
region1.google-analytics.com (1) 0 2022-03-17 11:26:33 UTC 2022-11-13 19:38:44 UTC 216.239.32.36 Domain (google-analytics.com) ranked at: 8401
fresnel.vimeocdn.com (2) 3128 2014-12-13 09:04:00 UTC 2022-11-13 14:11:21 UTC 34.120.202.204
www.google-analytics.com (2) 40 2012-10-03 01:04:21 UTC 2022-11-13 20:17:24 UTC 142.250.74.174
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-13 05:53:05 UTC 34.102.187.140
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 54.148.77.40
claimwell.com (67) 0 2017-06-19 07:43:26 UTC 2022-11-13 12:58:34 UTC 151.101.130.159 Unknown ranking
fonts.gstatic.com (2) 0 2014-09-09 00:40:21 UTC 2022-11-13 19:00:44 UTC 216.58.207.195 Domain (gstatic.com) ranked at: 540
i.vimeocdn.com (2) 3126 2014-03-27 22:24:57 UTC 2020-02-27 02:30:52 UTC 151.101.86.109
import.themovation.com (1) 0 2015-06-27 11:11:33 UTC 2022-11-10 01:52:42 UTC 174.138.58.92 Domain (themovation.com) ranked at: 516006
fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-11-13 12:57:37 UTC 142.250.74.10
ocsp.digicert.com (3) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-13 2 www.claimwell.com/ Phishing
2022-11-13 2 claimwell.com/ Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/formidable/css/formidableforms.css?ver=10242250 Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/th-widget-pack/assets/icons/icons.css?ver= (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.8.0 Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor- (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/v4-s (...) Phishing
2022-11-13 2 claimwell.com/wp-content/uploads/elementor/css/post-3890.css?ver=1667319926 Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/th-widget-pack/header-footer/inc/widgets-c (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/header-footer-elementor/inc/widgets-css/fr (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/th-widget-pack/header-footer/assets/css/he (...) Phishing
2022-11-13 2 claimwell.com/wp-content/uploads/elementor/css/post-5004.css?ver=1667319981 Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/all. (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/font (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/bran (...) Phishing
2022-11-13 2 claimwell.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0 Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/font (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/soli (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.j (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/th-widget-pack/js/themo-foot.js?ver=2.1.14 Phishing
2022-11-13 2 claimwell.com/wp-content/themes/stratusx/assets/js/main.js?ver=1.2 Phishing
2022-11-13 2 claimwell.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4 Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/essential-addons-for-elementor-lite/assets (...) Phishing
2022-11-13 2 claimwell.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/jquery-numerator/jque (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-sh (...) Phishing
2022-11-13 2 claimwell.com/wp-content/uploads/essential-addons-elementor/eael-3890.js?ve (...) Phishing
2022-11-13 2 claimwell.com/wp-content/uploads/2021/03/dollar-sign-circle.svg Phishing
2022-11-13 2 claimwell.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9 Phishing
2022-11-13 2 claimwell.com/wp-includes/js/dist/hooks.min.js?ver=c6d64f2cb8f5c6bb49caca37 (...) Phishing
2022-11-13 2 claimwell.com/wp-includes/js/dist/i18n.min.js?ver=ebee46757c6a411e38fd079a7 (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ve (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/share-link/share-link (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sti (...) Phishing
2022-11-13 2 claimwell.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3 Phishing
2022-11-13 2 claimwell.com/wp-content/uploads/essential-addons-elementor/eael-3890.css?v (...) Phishing
2022-11-13 2 claimwell.com/wp-content/fonts/raleway/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVs9pbCI (...) Phishing
2022-11-13 2 claimwell.com/wp-content/fonts/raleway/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCI (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts (...) Phishing
2022-11-13 2 claimwell.com/wp-content/fonts/raleway/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVuEorCI (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts (...) Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 151.101.130.159
Date UQ / IDS / BL URL IP
2023-02-01 11:59:19 +0000 0 - 6 - 0 www.benningtongreen.co.uk/ 151.101.130.159
2023-01-28 20:01:01 +0000 0 - 2 - 0 www.doktor.se/ 151.101.130.159
2023-01-26 21:20:46 +0000 0 - 3 - 0 toronto.iabc.to/wp-login.php 151.101.130.159
2023-01-22 05:06:45 +0000 0 - 0 - 13 franosbarbershop.com/wp-content/verif.accs.se (...) 151.101.130.159
2023-01-14 22:19:11 +0000 0 - 0 - 2 infusetheplanet.com/wp-content/themes/twentys (...) 151.101.130.159


Last 5 reports on ASN: FASTLY
Date UQ / IDS / BL URL IP
2023-02-03 10:24:18 +0000 0 - 0 - 5 links.vip/scheduleproject 199.36.158.100
2023-02-03 10:20:53 +0000 0 - 0 - 6 remondremeret.firebaseapp.com/ 199.36.158.100
2023-02-03 10:07:13 +0000 0 - 0 - 2 raw.githubusercontent.com/Shinyenigma/XSudo-w (...) 185.199.109.133
2023-02-03 09:55:33 +0000 0 - 0 - 2 mcvehil.com/wp-content/cache/qur/login.php 151.101.2.159
2023-02-03 09:26:10 +0000 0 - 0 - 2 newadobeee.firebaseapp.com/ 199.36.158.100


Last 5 reports on domain: claimwell.com
Date UQ / IDS / BL URL IP
2022-11-13 21:55:20 +0000 0 - 0 - 44 www.claimwell.com/ 151.101.130.159
2022-11-13 21:54:31 +0000 0 - 0 - 44 claimwell.com/ 151.101.130.159
2022-11-13 21:53:30 +0000 0 - 0 - 44 www.claimwell.com/ 151.101.130.159
2022-11-13 21:49:53 +0000 0 - 0 - 36 claimwell.com/demo/auto/ 151.101.130.159
2022-11-13 12:57:54 +0000 0 - 0 - 36 claimwell.com/aqq/docusign/docusign/ 151.101.130.159


Last 2 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-11-13 21:55:20 +0000 0 - 0 - 44 www.claimwell.com/ 151.101.130.159
2022-11-13 21:54:31 +0000 0 - 0 - 44 claimwell.com/ 151.101.130.159

JavaScript

Executed Scripts (49)

Executed Evals (5)
#1 JavaScript::Eval (size: 15396) - SHA256: 1cbce1215ed045aae217898b645ba59613cd25194f4db744cd48d04346073fb9
(function() {
    var y, nv = function(n, E, I, e) {
            for (e = (I = a(E), 0); 0 < n; n--) e = e << 8 | z(E);
            Z(I, E, e)
        },
        c = function(n, E, I, e, X, L) {
            if (n.N.length) {
                (n.R = (n.R && 0(), true), n).rY = E;
                try {
                    e = n.Z(), n.G = e, n.I = 0, n.Y = e, L = Ia(E, n), X = n.Z() - n.Y, n.D += X, X < (I ? 0 : 10) || 0 >= n.l-- || (X = Math.floor(X), n.F.push(254 >= X ? X : 254))
                } finally {
                    n.R = false
                }
                return L
            }
        },
        iN = function(n, E, I) {
            if ((I = typeof n, "object") == I)
                if (n) {
                    if (n instanceof Array) return "array";
                    if (n instanceof Object) return I;
                    if ((E = Object.prototype.toString.call(n), "[object Window]") == E) return "object";
                    if ("[object Array]" == E || "number" == typeof n.length && "undefined" != typeof n.splice && "undefined" != typeof n.propertyIsEnumerable && !n.propertyIsEnumerable("splice")) return "array";
                    if ("[object Function]" == E || "undefined" != typeof n.call && "undefined" != typeof n.propertyIsEnumerable && !n.propertyIsEnumerable("call")) return "function"
                } else return "null";
            else if ("function" == I && "undefined" == typeof n.call) return "object";
            return I
        },
        m = function(n, E) {
            n.N.splice(0, 0, E)
        },
        Lv = function(n, E) {
            return (n = n.create().shift(), E.S).create().length || E.v.create().length || (E.v = void 0, E.S = void 0), n
        },
        P = function(n, E, I, e, X, L) {
            if (!E.U) {
                if (3 < (I = (0 == ((L = void 0, I && I[0] === r) && (n = I[1], L = I[2], I = void 0), X = Q(19, E), X).length && (e = Q(117, E) >> 3, X.push(n, e >> 8 & 255, e & 255), void 0 != L && X.push(L & 255)), n = "", I && (I.message && (n += I.message), I.stack && (n += ":" + I.stack)), Q(504, E)), I)) {
                    E.L = (L = (n = (I -= (n = n.slice(0, (I | 0) - 3), n.length | 0) + 3, EK(n)), E.L), E);
                    try {
                        G(E, 446, f(2, n.length).concat(n), 9)
                    } finally {
                        E.L = L
                    }
                }
                Z(504, E, I)
            }
        },
        b = function(n, E, I) {
            n[Z(I, E, n), ev] = 2796
        },
        Tl = function(n, E) {
            (E.push(n[0] << 24 | n[1] << 16 | n[2] << 8 | n[3]), E.push(n[4] << 24 | n[5] << 16 | n[6] << 8 | n[7]), E).push(n[8] << 24 | n[9] << 16 | n[10] << 8 | n[11])
        },
        gN = function(n, E, I, e) {
            G(n, (I = (e = a(n), a(n)), I), f(E, Q(e, n)))
        },
        Xn = function(n, E) {
            if (E = (n = q.trustedTypes, null), !n || !n.createPolicy) return E;
            try {
                E = n.createPolicy("bg", {
                    createHTML: x0,
                    createScript: x0,
                    createScriptURL: x0
                })
            } catch (I) {
                q.console && q.console.error(I.message)
            }
            return E
        },
        aa = function(n, E, I, e) {
            return (e = O[n.substring(0, 3) + "_"]) ? e(n.substring(3), E, I) : wN(E, n)
        },
        DU = function(n, E, I, e) {
            try {
                e = n[((E | 0) + 2) % 3], n[E] = (n[E] | 0) - (n[((E | 0) + 1) % 3] | 0) - (e | 0) ^ (1 == E ? e << I : e >>> I)
            } catch (X) {
                throw X;
            }
        },
        Q = function(n, E) {
            if (void 0 === (E = E.K[n], E)) throw [r, 30, n];
            if (E.value) return E.create();
            return E.create(1 * n * n + -43 * n + -56), E.prototype
        },
        ZU = function(n, E, I, e, X, L) {
            for (e = (L = (I = ((X = a((E = n[zl] || {}, n)), E.TW = a(n), E).P = [], n.L == n) ? (z(n) | 0) - 1 : 1, a(n)), 0); e < I; e++) E.P.push(a(n));
            for (E.A = Q(X, n); I--;) E.P[I] = Q(E.P[I], n);
            return E.Kv = Q(L, n), E
        },
        Mi = function(n, E, I, e, X) {
            G(n, (((e = Q((X = a((e = (I = E & 4, E &= 3, a(n)), n)), e), n), I) && (e = EK("" + e)), E) && G(n, X, f(2, e.length)), X), e)
        },
        EK = function(n, E, I, e, X) {
            for (X = E = (n = n.replace(/\r\n/g, "\n"), I = [], 0); X < n.length; X++) e = n.charCodeAt(X), 128 > e ? I[E++] = e : (2048 > e ? I[E++] = e >> 6 | 192 : (55296 == (e & 64512) && X + 1 < n.length && 56320 == (n.charCodeAt(X + 1) & 64512) ? (e = 65536 + ((e & 1023) << 10) + (n.charCodeAt(++X) & 1023), I[E++] = e >> 18 | 240, I[E++] = e >> 12 & 63 | 128) : I[E++] = e >> 12 | 224, I[E++] = e >> 6 & 63 | 128), I[E++] = e & 63 | 128);
            return I
        },
        O, a = function(n, E) {
            if (n.S) return Lv(n.v, n);
            return (E = h(8, n, true), E & 128) && (E ^= 128, n = h(2, n, true), E = (E << 2) + (n | 0)), E
        },
        A = function(n, E) {
            E.T = ((E.T ? E.T + "~" : "E:") + n.message + ":" + n.stack).slice(0, 2048)
        },
        mC = function(n, E, I, e, X) {
            if ((I = n[0], I) == N) E.l = 25, E.u(n);
            else if (I == k) {
                X = n[1];
                try {
                    e = E.T || E.u(n)
                } catch (L) {
                    A(L, E), e = E.T
                }
                X(e)
            } else if (I == uN) E.u(n);
            else if (I == l) E.u(n);
            else if (I == WU) {
                try {
                    for (e = 0; e < E.C.length; e++) try {
                        X = E.C[e], X[0][X[1]](X[2])
                    } catch (L) {}
                } catch (L) {}(0, n[1])(function(L, T) {
                    E.o(L, true, T)
                }, (E.C = [], function(L) {
                    (m(E, (L = !E.N.length, [cU])), L) && c(E, true, false)
                }))
            } else {
                if (I == H) return e = n[2], Z(264, E, n[6]), Z(98, E, e), E.u(n);
                I == cU ? (E.F = [], E.K = null, E.X = []) : I == ev && "loading" === q.document.readyState && (E.h = function(L, T) {
                    function g() {
                        T || (T = true, L())
                    }
                    q.document.addEventListener("DOMContentLoaded", (T = false, g), F), q.addEventListener("load", g, F)
                })
            }
        },
        F = {
            passive: true,
            capture: true
        },
        wN = function(n, E) {
            return n(function(I) {
                I(E)
            }), [function() {
                return E
            }]
        },
        x0 = function(n) {
            return n
        },
        sK = function(n, E) {
            Z(169, n, (n.mu.push(n.K.slice()), n.K[169] = void 0, E))
        },
        v = function(n, E, I, e, X, L, T, g, x) {
            if (I.L = (T = (x = (g = (L = 0 < (E || I.I++, I).W && I.R && I.rY && 1 >= I.B && !I.S && !I.h && (!E || 1 < I.J - e) && 0 == document.hidden, (X = 4 == I.I) || L) ? I.Z() : I.G, g) - I.G, x >> 14), I.H && (I.H ^= T * (x << 2)), I.j += T, T) || I.L, X || L) I.I = 0, I.G = g;
            if (!L || g - I.Y < I.W - (n ? 255 : E ? 5 : 2)) return false;
            return I.h = ((Z((n = Q(E ? 117 : 169, (I.J = e, I)), 169), I, I.O), I).N.push([uN, n, E ? e + 1 : e]), B), true
        },
        Ia = function(n, E, I, e) {
            for (; E.N.length;) {
                e = (E.h = null, E).N.pop();
                try {
                    I = mC(e, E)
                } catch (X) {
                    A(X, E)
                }
                if (n && E.h) {
                    n = E.h, n(function() {
                        c(E, true, true)
                    });
                    break
                }
            }
            return I
        },
        Q6 = function(n, E, I, e) {
            return Q((Z(169, (rN(n, (e = Q(169, n), n.X && e < n.O ? (Z(169, n, n.O), sK(n, E)) : Z(169, n, E), I)), n), e), 98), n)
        },
        bN = function(n, E, I, e, X) {
            for (e = (I.xv = ((I.uV = ((I.aN = I[k], I).zW = V6, tI), I).Lv = Y0({get: function() {
                        return this.concat()
                    }
                }, I.g), J[I.g](I.Lv, {
                    value: {
                        value: {}
                    }
                })), 0), X = []; 128 > e; e++) X[e] = String.fromCharCode(e);
            c(I, true, (m(I, (m(I, (m(I, (Z(6, (b(function(L, T, g, x, w, D) {
                v(false, true, L, T) || (w = ZU(L.L), T = w.P, D = w.A, g = T.length, x = w.Kv, w = w.TW, T = 0 == g ? new x[D] : 1 == g ? new x[D](T[0]) : 2 == g ? new x[D](T[0], T[1]) : 3 == g ? new x[D](T[0], T[1], T[2]) : 4 == g ? new x[D](T[0], T[1], T[2], T[3]) : 2(), Z(w, L, T))
            }, (Z(446, I, R((b(function(L, T, g, x, w, D) {
                if (!v(true, true, L, T)) {
                    if ((D = (w = Q((T = (g = (D = a(L), T = a(L), a(L)), w = a(L), Q)(T, L), w), L), Q(D, L)), L = Q(g, L), "object") == iN(D)) {
                        for (x in g = [], D) g.push(x);
                        D = g
                    }
                    for (x = 0, g = D.length, L = 0 < L ? L : 1; x < g; x += L) T(D.slice(x, (x | 0) + (L | 0)), w)
                }
            }, I, ((b(function(L) {
                nv(4, L)
            }, (b(function(L, T, g, x, w, D, M) {
                for (x = (T = (g = Q((D = a(L), w = dN(L), M = "", 157), L), g.length), 0); w--;) x = ((x | 0) + (dN(L) | 0)) % T, M += X[g[x]];
                Z(D, L, M)
            }, I, (Z(409, (I.cV = (Z(373, I, [160, (b(function(L, T, g, x) {
                Z((x = Q((g = (T = a((g = (x = a(L), a(L)), L)), Q(g, L)), x), L), T), L, x[g])
            }, (b(function(L, T, g, x, w) {
                Z((w = (g = (g = a((x = (T = a(L), a(L)), L)), w = a(L), Q)(g, L), x = Q(x, L), Q(w, L)), T), L, PU(x, w, L, g))
            }, I, (b(function(L, T, g, x, w) {
                for (x = (w = (g = dN((T = a(L), L)), []), 0); x < g; x++) w.push(z(L));
                Z(T, L, w)
            }, I, (b(function(L) {
                gN(L, 1)
            }, (b(function(L, T, g, x) {
                !v(false, true, L, T) && (T = ZU(L), x = T.Kv, g = T.A, L.L == L || g == L.S0 && x == L) && (Z(T.TW, L, g.apply(x, T.P)), L.G = L.Z())
            }, (b(function(L, T, g, x) {
                Z((g = Q((T = a((g = a(L), L)), x = Q(T, L), g), L), T), L, x + g)
            }, (Z(19, I, (b(function(L, T, g) {
                Z((g = (T = a(L), a(L)), T = Q(T, L), T = iN(T), g), L, T)
            }, I, (b(function(L, T, g, x) {
                Z((T = a((x = (g = a(L), a(L)), L)), T), L, Q(g, L) || Q(x, L))
            }, I, (b(function(L, T) {
                L = (T = a(L), Q)(T, L.L), L[0].removeEventListener(L[1], L[2], F)
            }, (b(function(L, T, g) {
                v(false, true, L, T) || (T = a(L), g = a(L), Z(g, L, function(x) {
                    return eval(x)
                }(Gl(Q(T, L.L)))))
            }, I, (b(function(L) {
                Mi(L, 3)
            }, I, (b(function(L, T, g) {
                0 != (g = (g = (T = a(L), a(L)), Q)(g, L), Q(T, L)) && Z(169, L, g)
            }, (Z(426, I, (b(function(L, T, g, x, w) {
                x = (T = Q((g = (w = (T = (x = a(L), g = a(L), a)(L), a(L)), Q(g, L)), w = Q(w, L), T), L), Q)(x, L.L), 0 !== x && (T = PU(T, 1, L, w, x, g), x.addEventListener(g, T, F), Z(426, L, [x, g, T]))
            }, (Z((b(function(L) {
                gN(L, 4)
            }, (b(function(L, T, g, x) {
                Z((x = (T = (x = a(L), a(L)), g = a(L), T = Q(T, L), Q(x, L)), g), L, x in T | 0)
            }, (Z(258, (Z(504, (Z(98, I, (b(function() {}, I, (b(function(L, T, g, x) {
                Z((T = z((x = a(L), L)), g = a(L), g), L, Q(x, L) >>> T)
            }, I, (b(function(L, T, g) {
                Z((g = (T = a(L), a(L)), g), L, "" + Q(T, L))
            }, I, (b(function(L, T) {
                sK((T = Q(a(L), L), L.L), T)
            }, I, (b(function(L, T, g, x, w, D, M, W, t, p, V, u) {
                function U(Y, d) {
                    for (; g < Y;) u |= z(L) << g, g += 8;
                    return u >>= (d = u & (1 << (g -= Y, Y)) - 1, Y), d
                }
                for (w = (x = (g = (V = a(L), u = 0), M = (U(3) | 0) + 1, U(5)), []), D = T = 0; D < x; D++) W = U(1), w.push(W), T += W ? 0 : 1;
                for (p = (D = (T = ((T | 0) - 1).toString(2).length, 0), []); D < x; D++) w[D] || (p[D] = U(T));
                for (T = 0; T < x; T++) w[T] && (p[T] = a(L));
                for (t = []; M--;) t.push(Q(a(L), L));
                b(function(Y, d, y6, C, S) {
                    for (C = (y6 = [], S = [], 0); C < x; C++) {
                        if (d = p[C], !w[C]) {
                            for (; d >= S.length;) S.push(a(Y));
                            d = S[d]
                        }
                        y6.push(d)
                    }(Y.S = fv(t.slice(), Y), Y).v = fv(y6, Y)
                }, L, V)
            }, I, (b(function(L, T, g, x) {
                if (x = L.mu.pop()) {
                    for (g = z(L); 0 < g; g--) T = a(L), x[T] = L.K[T];
                    L.K = (x[504] = (x[19] = L.K[19], L).K[504], x)
                } else Z(169, L, L.O)
            }, (b(function(L) {
                Mi(L, 4)
            }, I, (b(function(L, T, g, x) {
                (x = (g = a((T = a(L), L)), a(L)), L.L == L) && (g = Q(g, L), x = Q(x, L), Q(T, L)[g] = x, 226 == T && (L.i = void 0, 2 == g && (L.H = h(32, L, false), L.i = void 0)))
            }, I, (b(function(L, T, g, x) {
                T = (g = a((T = (x = a(L), a(L)), L)), x = Q(x, L), Q)(T, L), Z(g, L, +(x == T))
            }, I, (Z(90, ((Z(117, (((I.l = 25, (I.T = void 0, (e = window.performance || {}, (I.v = (I.XU = 0, void 0), I.K = [], I).rY = (I.X = [], (I.O = 0, I.W = 0, I).N = [], I.H = (I.mu = [], I.R = false, void 0), I.B = 0, false), I).S = void 0, I.F = [], I).j = (I.Y = 0, I.V = void 0, I.G = 0, I.D = 0, 1), I).pv = (I.J = 8001, (I.I = void 0, I.h = (I.S0 = function(L) {
                this.L = L
            }, null), I.L = (I.C = [], I), I).U = false, (I.i = void 0, e).timeOrigin || (e.timing || {}).navigationStart || 0), Z)(169, I, 0), I), 0), I).Yv = 0, I), []), 111)), 292)), Z(184, I, 353), 170)), I), 382), 286)), 390)), 281)), 7)), 326)), {})), I), 2048), I), [0, 0, 0]), I), 44), I), 84), 207), I, q), I), 396), 0)), I), 323), 177)), 442)), I), 81), 376)), 433)), [])), I), 14), I), 222), I), 347), 287)), 50)), I), 123), 0), 0]), 0), I), I), 205)), I), 432), I).vV = 0, 215)), 4))), I), 228), I), 0), [ev])), [l, n])), [WU, E])), true))
        },
        R = function(n, E) {
            for (E = []; n--;) E.push(255 * Math.random() | 0);
            return E
        },
        f = function(n, E, I, e) {
            for (e = (I = (n | 0) - 1, []); 0 <= I; I--) e[(n | 0) - 1 - (I | 0)] = E >> 8 * I & 255;
            return e
        },
        Y0 = function(n, E) {
            return J[E](J.prototype, {
                splice: n,
                floor: n,
                pop: n,
                stack: n,
                document: n,
                call: n,
                length: n,
                prototype: n,
                parent: n,
                console: n,
                propertyIsEnumerable: n,
                replace: n
            })
        },
        Z = function(n, E, I) {
            if (169 == n || 117 == n) E.K[n] ? E.K[n].concat(I) : E.K[n] = fv(I, E);
            else {
                if (E.U && 226 != n) return;
                373 == n || 446 == n || 90 == n || 19 == n || 258 == n ? E.K[n] || (E.K[n] = pv(118, E, I, n)) : E.K[n] = pv(81, E, I, n)
            }
            226 == n && (E.H = h(32, E, false), E.i = void 0)
        },
        qi = function(n, E, I, e) {
            function X() {}
            return {
                invoke: (e = aa((I = void 0, n), function(L) {
                    X && (E && B(E), I = L, X(), X = void 0)
                }, !!E)[0], function(L, T, g, x) {
                    function w() {
                        I(function(D) {
                            B(function() {
                                L(D)
                            })
                        }, g)
                    }
                    if (!T) return T = e(g), L && L(T), T;
                    I ? w() : (x = X, X = function() {
                        (x(), B)(w)
                    })
                })
            }
        },
        OK = function(n, E, I) {
            if (3 == n.length) {
                for (I = 0; 3 > I; I++) E[I] += n[I];
                for (I = [13, 8, 13, 12, 16, (n = 0, 5), 3, 10, 15]; 9 > n; n++) E[3](E, n % 3, I[n])
            }
        },
        K = function(n, E, I) {
            I = this;
            try {
                bN(E, n, this)
            } catch (e) {
                A(e, this), n(function(X) {
                    X(I.T)
                })
            }
        },
        dN = function(n, E) {
            return E = z(n), E & 128 && (E = E & 127 | z(n) << 7), E
        },
        UK = function(n, E, I, e, X) {
            for (X = (I = I[e = I[2] | 0, 3] | 0, 0); 14 > X; X++) n = n >>> 8 | n << 24, n += E | 0, n ^= e + 2298, I = I >>> 8 | I << 24, E = E << 3 | E >>> 29, I += e | 0, I ^= X + 2298, E ^= n, e = e << 3 | e >>> 29, e ^= I;
            return [E >>> 24 & 255, E >>> 16 & 255, E >>> 8 & 255, E >>> 0 & 255, n >>> 24 & 255, n >>> 16 & 255, n >>> 8 & 255, n >>> 0 & 255]
        },
        hI = function(n, E, I) {
            return E.o(function(e) {
                I = e
            }, false, n), I
        },
        z = function(n) {
            return n.S ? Lv(n.v, n) : h(8, n, true)
        },
        jv = function(n, E) {
            return E[n] << 24 | E[(n | 0) + 1] << 16 | E[(n | 0) + 2] << 8 | E[(n | 0) + 3]
        },
        rN = function(n, E, I, e, X, L) {
            if (!n.T) {
                n.B++;
                try {
                    for (X = (L = 0, n.O), e = void 0; --E;) try {
                        if (I = void 0, n.S) e = Lv(n.S, n);
                        else {
                            if ((L = Q(169, n), L) >= X) break;
                            e = Q((Z(117, n, L), I = a(n), I), n)
                        }
                        v(false, false, (e && e[cU] & 2048 ? e(n, E) : P(0, n, [r, 21, I]), n), E)
                    } catch (T) {
                        Q(184, n) ? P(22, n, T) : Z(184, n, T)
                    }
                    if (!E) {
                        if (n.gY) {
                            rN(n, (n.B--, 168668240895));
                            return
                        }
                        P(0, n, [r, 33])
                    }
                } catch (T) {
                    try {
                        P(22, n, T)
                    } catch (g) {
                        A(g, n)
                    }
                }
                n.B--
            }
        },
        G = function(n, E, I, e, X, L) {
            if (n.L == n)
                for (L = Q(E, n), 446 == E ? (E = function(T, g, x, w) {
                        if ((w = (x = L.length, (x | 0) - 4 >> 3), L.q7) != w) {
                            g = [0, (w = (w << 3) - (L.q7 = w, 4), 0), X[1], X[2]];
                            try {
                                L.O$ = UK(jv((w | 0) + 4, L), jv(w, L), g)
                            } catch (D) {
                                throw D;
                            }
                        }
                        L.push(L.O$[x & 7] ^ T)
                    }, X = Q(258, n)) : E = function(T) {
                        L.push(T)
                    }, e && E(e & 255), n = 0, e = I.length; n < e; n++) E(I[n])
        },
        fv = function(n, E, I) {
            return ((I = J[E.g](E.xv), I)[E.g] = function() {
                return n
            }, I).concat = function(e) {
                n = e
            }, I
        },
        h = function(n, E, I, e, X, L, T, g, x, w, D, M, W, t) {
            if ((g = Q(169, E), g) >= E.O) throw [r, 31];
            for (w = (e = (D = E.aN.length, n), 0), x = g; 0 < e;) T = x >> 3, t = x % 8, W = 8 - (t | 0), L = E.X[T], W = W < e ? W : e, I && (X = E, X.i != x >> 6 && (X.i = x >> 6, M = Q(226, X), X.V = UK(X.i, X.H, [0, 0, M[1], M[2]])), L ^= E.V[T & D]), x += W, w |= (L >> 8 - (t | 0) - (W | 0) & (1 << W) - 1) << (e | 0) - (W | 0), e -= W;
            return Z(169, E, (I = w, (g | 0) + (n | 0))), I
        },
        q = this || self,
        B = q.requestIdleCallback ? function(n) {
            requestIdleCallback(function() {
                n()
            }, {
                timeout: 4
            })
        } : q.setImmediate ? function(n) {
            setImmediate(n)
        } : function(n) {
            setTimeout(n, 0)
        },
        PU = function(n, E, I, e, X, L) {
            function T() {
                if (I.L == I) {
                    if (I.K) {
                        var g = [H, n, e, void 0, X, L, arguments];
                        if (2 == E) var x = c(I, (m(I, g), false), false);
                        else if (1 == E) {
                            var w = !I.N.length;
                            (m(I, g), w) && c(I, false, false)
                        } else x = mC(g, I);
                        return x
                    }
                    X && L && X.removeEventListener(L, T, F)
                }
            }
            return T
        },
        pv = function(n, E, I, e, X, L, T, g) {
            return ((L = (T = n & (X = $0, I = [89, -43, 5, 1, 4, 91, I, 75, 51, -20], 7), J[E.g](E.Lv)), L)[E.g] = function(x) {
                T += 6 + 7 * n, g = x, T &= 7
            }, L).concat = function(x) {
                return (g = (x = (x = e % 16 + 1, -40 * e * e * g - x * g - -2240 * g + I[T + 51 & 7] * e * x + 40 * g * g + T + 1 * e * e * x - -1720 * e * g + (X() | 0) * x), void 0), x = I[x], I[(T + 13 & 7) + (n & 2)] = x, I)[T + (n & 2)] = -43, x
            }, L
        },
        zl = String.fromCharCode(105, 110, 116, 101, 103, 67, 104, 101, 99, 107, 66, 121, 112, 97, 115, 115),
        cU = ((K.prototype.gY = false, K.prototype.dY = void 0, K).prototype.s = "toString", K.prototype.BV = void 0, []),
        H = [],
        l = [],
        k = [],
        ev = [],
        WU = [],
        r = {},
        N = [],
        uN = [],
        $0 = ((y = (((Tl, function() {})(R), DU, function() {})(OK), K.prototype.g = "create", K.prototype), y).bV = function(n, E, I) {
            return n ^ ((E = ((E ^= E << 13, E ^= E >> 17, E) ^ E << 5) & I) || (E = 1), E)
        }, void 0),
        J = (y.o = (y.HV = function() {
            return Math.floor(this.D + (this.Z() - this.Y))
        }, ((y.GW = function(n, E, I, e, X, L) {
            for (X = (e = L = 0, []); L < n.length; L++)
                for (I = I << E | n[L], e += E; 7 < e;) e -= 8, X.push(I >> e & 255);
            return X
        }, y).Z = (y.he = function() {
            return Math.floor(this.Z())
        }, (window.performance || {}).now) ? function() {
            return this.pv + window.performance.now()
        } : function() {
            return +new Date
        }, y).PV = function(n, E, I, e, X) {
            for (e = X = 0; X < n.length; X++) e += n.charCodeAt(X), e += e << 10, e ^= e >> 6;
            return X = new Number((n = (e += e << 3, e ^= e >> 11, e + (e << 15) >>> 0), n & (1 << E) - 1)), X[0] = (n >>> E) % I, X
        }, function(n, E, I, e, X) {
            if (I = "array" === iN(I) ? I : [I], this.T) n(this.T);
            else try {
                e = [], X = !this.N.length, m(this, [N, e, I]), m(this, [k, n, e]), E && !X || c(this, E, true)
            } catch (L) {
                A(L, this), n(this.T)
            }
        }), r).constructor;
    (K.prototype.u = function(n, E) {
        return $0 = function() {
                return n == E ? -56 : -98
            }, E = {}, n = {},
            function(I, e, X, L, T, g, x, w, D, M, W, t, p, V, u) {
                n = (t = n, E);
                try {
                    if (e = I[0], e == l) {
                        p = I[1];
                        try {
                            for (x = (u = (V = [], L = 0, atob(p)), 0); L < u.length; L++) T = u.charCodeAt(L), 255 < T && (V[x++] = T & 255, T >>= 8), V[x++] = T;
                            Z(226, this, (this.O = (this.X = V, this).X.length << 3, [0, 0, 0]))
                        } catch (U) {
                            P(17, this, U);
                            return
                        }
                        rN(this, 8001)
                    } else if (e == N) I[1].push(Q(373, this).length, Q(504, this), Q(446, this).length, Q(90, this).length), Z(98, this, I[2]), this.K[67] && Q6(this, Q(67, this), 8001);
                    else {
                        if (e == k) {
                            (w = (V = I[2], f(2, (Q(373, this).length | 0) + 2)), X = this.L, this).L = this;
                            try {
                                W = Q(19, this), 0 < W.length && G(this, 373, f(2, W.length).concat(W), 10), G(this, 373, f(1, this.j), 109), G(this, 373, f(1, this[k].length)), u = 0, u += Q(6, this) & 2047, u -= (Q(373, this).length | 0) + 5, D = Q(446, this), 4 < D.length && (u -= (D.length | 0) + 3), 0 < u && G(this, 373, f(2, u).concat(R(u)), 15), 4 < D.length && G(this, 373, f(2, D.length).concat(D), 156)
                            } finally {
                                this.L = X
                            }
                            if (g = ((x = R(2).concat(Q(373, this)), x[1] = x[0] ^ 6, x)[3] = x[1] ^ w[0], x[4] = x[1] ^ w[1], this).N7(x)) g = "!" + g;
                            else
                                for (u = 0, g = ""; u < x.length; u++) M = x[u][this.s](16), 1 == M.length && (M = "0" + M), g += M;
                            return Q(((Z(504, this, ((L = g, Q)(373, this).length = V.shift(), V.shift())), Q(446, this)).length = V.shift(), 90), this).length = V.shift(), L
                        }
                        if (e == uN) Q6(this, I[1], I[2]);
                        else if (e == H) return Q6(this, I[1], 8001)
                    }
                } finally {
                    n = t
                }
            }
    }(), K.prototype.yC = 0, K.prototype).N7 = function(n, E, I, e) {
        if (I = window.btoa) {
            for (e = "", E = 0; E < n.length; E += 8192) e += String.fromCharCode.apply(null, n.slice(E, E + 8192));
            n = I(e).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "")
        } else n = void 0;
        return n
    }, K.prototype.Z4 = 0;
    var V6, tI = /./,
        AI = (K.prototype[WU] = [0, 0, 1, 1, 0, 1, 1], l.pop.bind(K.prototype[N])),
        Gl = function(n, E) {
            return (E = Xn()) && 1 === n.eval(E.createScript("1")) ? function(I) {
                return E.createScript(I)
            } : function(I) {
                return "" + I
            }
        }(((V6 = Y0({get: AI
        }, (tI[K.prototype.s] = AI, K.prototype.g)), K).prototype.iV = void 0, q));
    (O = q.botguard || (q.botguard = {}), 40 < O.m) || (O.m = 41, O.bg = qi, O.a = aa), O.kDL_ = function(n, E, I) {
        return [(I = new K(E, n), function(e) {
            return hI(e, I)
        })]
    };
}).call(this);
#2 JavaScript::Eval (size: 64) - SHA256: 9908576f4e1cce70106175d94488f9071022d3485f8a8ccf0655b399b318a7c4
0,
function(L, T, g) {
    (T = (g = a((T = a(L), L)), L).K[T] && Q(T, L), Z)(g, L, T)
}
#3 JavaScript::Eval (size: 22) - SHA256: 662748d1507b16ab56d1bceff58b8302eb43f21ce0de70b24b21b8ef39aeff35
0,
function(L) {
    nv(2, L)
}
#4 JavaScript::Eval (size: 15576) - SHA256: d4be0587aacd19697ae508209e99aa30536e2b75393db507b1cd329131d8e19c
/* Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29t */
(function() {
    var E = function(n) {
            return n
        },
        T = function(n, I) {
            if ((I = (n = null, e.trustedTypes), !I) || !I.createPolicy) return n;
            try {
                n = I.createPolicy("bg", {
                    createHTML: E,
                    createScript: E,
                    createScriptURL: E
                })
            } catch (L) {
                e.console && e.console.error(L.message)
            }
            return n
        },
        e = this || self;
    (0, eval)(function(n, I) {
        return (I = T()) && 1 === n.eval(I.createScript("1")) ? function(L) {
            return I.createScript(L)
        } : function(L) {
            return "" + L
        }
    }(e)(Array(7824 * Math.random() | 0).join("\n") + '(function(){var y,nv=function(n,E,I,e){for(e=(I=a(E),0);0<n;n--)e=e<<8|z(E);Z(I,E,e)},c=function(n,E,I,e,X,L){if(n.N.length){(n.R=(n.R&&0(),true),n).rY=E;try{e=n.Z(),n.G=e,n.I=0,n.Y=e,L=Ia(E,n),X=n.Z()-n.Y,n.D+=X,X<(I?0:10)||0>=n.l--||(X=Math.floor(X),n.F.push(254>=X?X:254))}finally{n.R=false}return L}},iN=function(n,E,I){if((I=typeof n,"object")==I)if(n){if(n instanceof Array)return"array";if(n instanceof Object)return I;if((E=Object.prototype.toString.call(n),"[object Window]")==E)return"object";if("[object Array]"==E||"number"==typeof n.length&&"undefined"!=typeof n.splice&&"undefined"!=typeof n.propertyIsEnumerable&&!n.propertyIsEnumerable("splice"))return"array";if("[object Function]"==E||"undefined"!=typeof n.call&&"undefined"!=typeof n.propertyIsEnumerable&&!n.propertyIsEnumerable("call"))return"function"}else return"null";else if("function"==I&&"undefined"==typeof n.call)return"object";return I},m=function(n,E){n.N.splice(0,0,E)},Lv=function(n,E){return(n=n.create().shift(),E.S).create().length||E.v.create().length||(E.v=void 0,E.S=void 0),n},P=function(n,E,I,e,X,L){if(!E.U){if(3<(I=(0==((L=void 0,I&&I[0]===r)&&(n=I[1],L=I[2],I=void 0),X=Q(19,E),X).length&&(e=Q(117,E)>>3,X.push(n,e>>8&255,e&255),void 0!=L&&X.push(L&255)),n="",I&&(I.message&&(n+=I.message),I.stack&&(n+=":"+I.stack)),Q(504,E)),I)){E.L=(L=(n=(I-=(n=n.slice(0,(I|0)-3),n.length|0)+3,EK(n)),E.L),E);try{G(E,446,f(2,n.length).concat(n),9)}finally{E.L=L}}Z(504,E,I)}},b=function(n,E,I){n[Z(I,E,n),ev]=2796},Tl=function(n,E){(E.push(n[0]<<24|n[1]<<16|n[2]<<8|n[3]),E.push(n[4]<<24|n[5]<<16|n[6]<<8|n[7]),E).push(n[8]<<24|n[9]<<16|n[10]<<8|n[11])},gN=function(n,E,I,e){G(n,(I=(e=a(n),a(n)),I),f(E,Q(e,n)))},Xn=function(n,E){if(E=(n=q.trustedTypes,null),!n||!n.createPolicy)return E;try{E=n.createPolicy("bg",{createHTML:x0,createScript:x0,createScriptURL:x0})}catch(I){q.console&&q.console.error(I.message)}return E},aa=function(n,E,I,e){return(e=O[n.substring(0,3)+"_"])?e(n.substring(3),E,I):wN(E,n)},DU=function(n,E,I,e){try{e=n[((E|0)+2)%3],n[E]=(n[E]|0)-(n[((E|0)+1)%3]|0)-(e|0)^(1==E?e<<I:e>>>I)}catch(X){throw X;}},Q=function(n,E){if(void 0===(E=E.K[n],E))throw[r,30,n];if(E.value)return E.create();return E.create(1*n*n+-43*n+-56),E.prototype},ZU=function(n,E,I,e,X,L){for(e=(L=(I=((X=a((E=n[zl]||{},n)),E.TW=a(n),E).P=[],n.L==n)?(z(n)|0)-1:1,a(n)),0);e<I;e++)E.P.push(a(n));for(E.A=Q(X,n);I--;)E.P[I]=Q(E.P[I],n);return E.Kv=Q(L,n),E},Mi=function(n,E,I,e,X){G(n,(((e=Q((X=a((e=(I=E&4,E&=3,a(n)),n)),e),n),I)&&(e=EK(""+e)),E)&&G(n,X,f(2,e.length)),X),e)},EK=function(n,E,I,e,X){for(X=E=(n=n.replace(/\\r\\n/g,"\\n"),I=[],0);X<n.length;X++)e=n.charCodeAt(X),128>e?I[E++]=e:(2048>e?I[E++]=e>>6|192:(55296==(e&64512)&&X+1<n.length&&56320==(n.charCodeAt(X+1)&64512)?(e=65536+((e&1023)<<10)+(n.charCodeAt(++X)&1023),I[E++]=e>>18|240,I[E++]=e>>12&63|128):I[E++]=e>>12|224,I[E++]=e>>6&63|128),I[E++]=e&63|128);return I},O,a=function(n,E){if(n.S)return Lv(n.v,n);return(E=h(8,n,true),E&128)&&(E^=128,n=h(2,n,true),E=(E<<2)+(n|0)),E},A=function(n,E){E.T=((E.T?E.T+"~":"E:")+n.message+":"+n.stack).slice(0,2048)},mC=function(n,E,I,e,X){if((I=n[0],I)==N)E.l=25,E.u(n);else if(I==k){X=n[1];try{e=E.T||E.u(n)}catch(L){A(L,E),e=E.T}X(e)}else if(I==uN)E.u(n);else if(I==l)E.u(n);else if(I==WU){try{for(e=0;e<E.C.length;e++)try{X=E.C[e],X[0][X[1]](X[2])}catch(L){}}catch(L){}(0,n[1])(function(L,T){E.o(L,true,T)},(E.C=[],function(L){(m(E,(L=!E.N.length,[cU])),L)&&c(E,true,false)}))}else{if(I==H)return e=n[2],Z(264,E,n[6]),Z(98,E,e),E.u(n);I==cU?(E.F=[],E.K=null,E.X=[]):I==ev&&"loading"===q.document.readyState&&(E.h=function(L,T){function g(){T||(T=true,L())}q.document.addEventListener("DOMContentLoaded",(T=false,g),F),q.addEventListener("load",g,F)})}},F={passive:true,capture:true},wN=function(n,E){return n(function(I){I(E)}),[function(){return E}]},x0=function(n){return n},sK=function(n,E){Z(169,n,(n.mu.push(n.K.slice()),n.K[169]=void 0,E))},v=function(n,E,I,e,X,L,T,g,x){if(I.L=(T=(x=(g=(L=0<(E||I.I++,I).W&&I.R&&I.rY&&1>=I.B&&!I.S&&!I.h&&(!E||1<I.J-e)&&0==document.hidden,(X=4==I.I)||L)?I.Z():I.G,g)-I.G,x>>14),I.H&&(I.H^=T*(x<<2)),I.j+=T,T)||I.L,X||L)I.I=0,I.G=g;if(!L||g-I.Y<I.W-(n?255:E?5:2))return false;return I.h=((Z((n=Q(E?117:169,(I.J=e,I)),169),I,I.O),I).N.push([uN,n,E?e+1:e]),B),true},Ia=function(n,E,I,e){for(;E.N.length;){e=(E.h=null,E).N.pop();try{I=mC(e,E)}catch(X){A(X,E)}if(n&&E.h){n=E.h,n(function(){c(E,true,true)});break}}return I},Q6=function(n,E,I,e){return Q((Z(169,(rN(n,(e=Q(169,n),n.X&&e<n.O?(Z(169,n,n.O),sK(n,E)):Z(169,n,E),I)),n),e),98),n)},bN=function(n,E,I,e,X){for(e=(I.xv=((I.uV=((I.aN=I[k],I).zW=V6,tI),I).Lv=Y0({get:function(){return this.concat()}},I.g),J[I.g](I.Lv,{value:{value:{}}})),0),X=[];128>e;e++)X[e]=String.fromCharCode(e);c(I,true,(m(I,(m(I,(m(I,(Z(6,(b(function(L,T,g,x,w,D){v(false,true,L,T)||(w=ZU(L.L),T=w.P,D=w.A,g=T.length,x=w.Kv,w=w.TW,T=0==g?new x[D]:1==g?new x[D](T[0]):2==g?new x[D](T[0],T[1]):3==g?new x[D](T[0],T[1],T[2]):4==g?new x[D](T[0],T[1],T[2],T[3]):2(),Z(w,L,T))},(Z(446,I,R((b(function(L,T,g,x,w,D){if(!v(true,true,L,T)){if((D=(w=Q((T=(g=(D=a(L),T=a(L),a(L)),w=a(L),Q)(T,L),w),L),Q(D,L)),L=Q(g,L),"object")==iN(D)){for(x in g=[],D)g.push(x);D=g}for(x=0,g=D.length,L=0<L?L:1;x<g;x+=L)T(D.slice(x,(x|0)+(L|0)),w)}},I,((b(function(L){nv(4,L)},(b(function(L,T,g,x,w,D,M){for(x=(T=(g=Q((D=a(L),w=dN(L),M="",157),L),g.length),0);w--;)x=((x|0)+(dN(L)|0))%T,M+=X[g[x]];Z(D,L,M)},I,(Z(409,(I.cV=(Z(373,I,[160,(b(function(L,T,g,x){Z((x=Q((g=(T=a((g=(x=a(L),a(L)),L)),Q(g,L)),x),L),T),L,x[g])},(b(function(L,T,g,x,w){Z((w=(g=(g=a((x=(T=a(L),a(L)),L)),w=a(L),Q)(g,L),x=Q(x,L),Q(w,L)),T),L,PU(x,w,L,g))},I,(b(function(L,T,g,x,w){for(x=(w=(g=dN((T=a(L),L)),[]),0);x<g;x++)w.push(z(L));Z(T,L,w)},I,(b(function(L){gN(L,1)},(b(function(L,T,g,x){!v(false,true,L,T)&&(T=ZU(L),x=T.Kv,g=T.A,L.L==L||g==L.S0&&x==L)&&(Z(T.TW,L,g.apply(x,T.P)),L.G=L.Z())},(b(function(L,T,g,x){Z((g=Q((T=a((g=a(L),L)),x=Q(T,L),g),L),T),L,x+g)},(Z(19,I,(b(function(L,T,g){Z((g=(T=a(L),a(L)),T=Q(T,L),T=iN(T),g),L,T)},I,(b(function(L,T,g,x){Z((T=a((x=(g=a(L),a(L)),L)),T),L,Q(g,L)||Q(x,L))},I,(b(function(L,T){L=(T=a(L),Q)(T,L.L),L[0].removeEventListener(L[1],L[2],F)},(b(function(L,T,g){v(false,true,L,T)||(T=a(L),g=a(L),Z(g,L,function(x){return eval(x)}(Gl(Q(T,L.L)))))},I,(b(function(L){Mi(L,3)},I,(b(function(L,T,g){0!=(g=(g=(T=a(L),a(L)),Q)(g,L),Q(T,L))&&Z(169,L,g)},(Z(426,I,(b(function(L,T,g,x,w){x=(T=Q((g=(w=(T=(x=a(L),g=a(L),a)(L),a(L)),Q(g,L)),w=Q(w,L),T),L),Q)(x,L.L),0!==x&&(T=PU(T,1,L,w,x,g),x.addEventListener(g,T,F),Z(426,L,[x,g,T]))},(Z((b(function(L){gN(L,4)},(b(function(L,T,g,x){Z((x=(T=(x=a(L),a(L)),g=a(L),T=Q(T,L),Q(x,L)),g),L,x in T|0)},(Z(258,(Z(504,(Z(98,I,(b(function(){},I,(b(function(L,T,g,x){Z((T=z((x=a(L),L)),g=a(L),g),L,Q(x,L)>>>T)},I,(b(function(L,T,g){Z((g=(T=a(L),a(L)),g),L,""+Q(T,L))},I,(b(function(L,T){sK((T=Q(a(L),L),L.L),T)},I,(b(function(L,T,g,x,w,D,M,W,t,p,V,u){function U(Y,d){for(;g<Y;)u|=z(L)<<g,g+=8;return u>>=(d=u&(1<<(g-=Y,Y))-1,Y),d}for(w=(x=(g=(V=a(L),u=0),M=(U(3)|0)+1,U(5)),[]),D=T=0;D<x;D++)W=U(1),w.push(W),T+=W?0:1;for(p=(D=(T=((T|0)-1).toString(2).length,0),[]);D<x;D++)w[D]||(p[D]=U(T));for(T=0;T<x;T++)w[T]&&(p[T]=a(L));for(t=[];M--;)t.push(Q(a(L),L));b(function(Y,d,y6,C,S){for(C=(y6=[],S=[],0);C<x;C++){if(d=p[C],!w[C]){for(;d>=S.length;)S.push(a(Y));d=S[d]}y6.push(d)}(Y.S=fv(t.slice(),Y),Y).v=fv(y6,Y)},L,V)},I,(b(function(L,T,g,x){if(x=L.mu.pop()){for(g=z(L);0<g;g--)T=a(L),x[T]=L.K[T];L.K=(x[504]=(x[19]=L.K[19],L).K[504],x)}else Z(169,L,L.O)},(b(function(L){Mi(L,4)},I,(b(function(L,T,g,x){(x=(g=a((T=a(L),L)),a(L)),L.L==L)&&(g=Q(g,L),x=Q(x,L),Q(T,L)[g]=x,226==T&&(L.i=void 0,2==g&&(L.H=h(32,L,false),L.i=void 0)))},I,(b(function(L,T,g,x){T=(g=a((T=(x=a(L),a(L)),L)),x=Q(x,L),Q)(T,L),Z(g,L,+(x==T))},I,(Z(90,((Z(117,(((I.l=25,(I.T=void 0,(e=window.performance||{},(I.v=(I.XU=0,void 0),I.K=[],I).rY=(I.X=[],(I.O=0,I.W=0,I).N=[],I.H=(I.mu=[],I.R=false,void 0),I.B=0,false),I).S=void 0,I.F=[],I).j=(I.Y=0,I.V=void 0,I.G=0,I.D=0,1),I).pv=(I.J=8001,(I.I=void 0,I.h=(I.S0=function(L){this.L=L},null),I.L=(I.C=[],I),I).U=false,(I.i=void 0,e).timeOrigin||(e.timing||{}).navigationStart||0),Z)(169,I,0),I),0),I).Yv=0,I),[]),111)),292)),Z(184,I,353),170)),I),382),286)),390)),281)),7)),326)),{})),I),2048),I),[0,0,0]),I),44),I),84),207),I,q),I),396),0)),I),323),177)),442)),I),81),376)),433)),[])),I),14),I),222),I),347),287)),50)),I),123),0),0]),0),I),I),205)),I),432),I).vV=0,215)),4))),I),228),I),0),[ev])),[l,n])),[WU,E])),true))},R=function(n,E){for(E=[];n--;)E.push(255*Math.random()|0);return E},f=function(n,E,I,e){for(e=(I=(n|0)-1,[]);0<=I;I--)e[(n|0)-1-(I|0)]=E>>8*I&255;return e},Y0=function(n,E){return J[E](J.prototype,{splice:n,floor:n,pop:n,stack:n,document:n,call:n,length:n,prototype:n,parent:n,console:n,propertyIsEnumerable:n,replace:n})},Z=function(n,E,I){if(169==n||117==n)E.K[n]?E.K[n].concat(I):E.K[n]=fv(I,E);else{if(E.U&&226!=n)return;373==n||446==n||90==n||19==n||258==n?E.K[n]||(E.K[n]=pv(118,E,I,n)):E.K[n]=pv(81,E,I,n)}226==n&&(E.H=h(32,E,false),E.i=void 0)},qi=function(n,E,I,e){function X(){}return{invoke:(e=aa((I=void 0,n),function(L){X&&(E&&B(E),I=L,X(),X=void 0)},!!E)[0],function(L,T,g,x){function w(){I(function(D){B(function(){L(D)})},g)}if(!T)return T=e(g),L&&L(T),T;I?w():(x=X,X=function(){(x(),B)(w)})})}},OK=function(n,E,I){if(3==n.length){for(I=0;3>I;I++)E[I]+=n[I];for(I=[13,8,13,12,16,(n=0,5),3,10,15];9>n;n++)E[3](E,n%3,I[n])}},K=function(n,E,I){I=this;try{bN(E,n,this)}catch(e){A(e,this),n(function(X){X(I.T)})}},dN=function(n,E){return E=z(n),E&128&&(E=E&127|z(n)<<7),E},UK=function(n,E,I,e,X){for(X=(I=I[e=I[2]|0,3]|0,0);14>X;X++)n=n>>>8|n<<24,n+=E|0,n^=e+2298,I=I>>>8|I<<24,E=E<<3|E>>>29,I+=e|0,I^=X+2298,E^=n,e=e<<3|e>>>29,e^=I;return[E>>>24&255,E>>>16&255,E>>>8&255,E>>>0&255,n>>>24&255,n>>>16&255,n>>>8&255,n>>>0&255]},hI=function(n,E,I){return E.o(function(e){I=e},false,n),I},z=function(n){return n.S?Lv(n.v,n):h(8,n,true)},jv=function(n,E){return E[n]<<24|E[(n|0)+1]<<16|E[(n|0)+2]<<8|E[(n|0)+3]},rN=function(n,E,I,e,X,L){if(!n.T){n.B++;try{for(X=(L=0,n.O),e=void 0;--E;)try{if(I=void 0,n.S)e=Lv(n.S,n);else{if((L=Q(169,n),L)>=X)break;e=Q((Z(117,n,L),I=a(n),I),n)}v(false,false,(e&&e[cU]&2048?e(n,E):P(0,n,[r,21,I]),n),E)}catch(T){Q(184,n)?P(22,n,T):Z(184,n,T)}if(!E){if(n.gY){rN(n,(n.B--,168668240895));return}P(0,n,[r,33])}}catch(T){try{P(22,n,T)}catch(g){A(g,n)}}n.B--}},G=function(n,E,I,e,X,L){if(n.L==n)for(L=Q(E,n),446==E?(E=function(T,g,x,w){if((w=(x=L.length,(x|0)-4>>3),L.q7)!=w){g=[0,(w=(w<<3)-(L.q7=w,4),0),X[1],X[2]];try{L.O$=UK(jv((w|0)+4,L),jv(w,L),g)}catch(D){throw D;}}L.push(L.O$[x&7]^T)},X=Q(258,n)):E=function(T){L.push(T)},e&&E(e&255),n=0,e=I.length;n<e;n++)E(I[n])},fv=function(n,E,I){return((I=J[E.g](E.xv),I)[E.g]=function(){return n},I).concat=function(e){n=e},I},h=function(n,E,I,e,X,L,T,g,x,w,D,M,W,t){if((g=Q(169,E),g)>=E.O)throw[r,31];for(w=(e=(D=E.aN.length,n),0),x=g;0<e;)T=x>>3,t=x%8,W=8-(t|0),L=E.X[T],W=W<e?W:e,I&&(X=E,X.i!=x>>6&&(X.i=x>>6,M=Q(226,X),X.V=UK(X.i,X.H,[0,0,M[1],M[2]])),L^=E.V[T&D]),x+=W,w|=(L>>8-(t|0)-(W|0)&(1<<W)-1)<<(e|0)-(W|0),e-=W;return Z(169,E,(I=w,(g|0)+(n|0))),I},q=this||self,B=q.requestIdleCallback?function(n){requestIdleCallback(function(){n()},{timeout:4})}:q.setImmediate?function(n){setImmediate(n)}:function(n){setTimeout(n,0)},PU=function(n,E,I,e,X,L){function T(){if(I.L==I){if(I.K){var g=[H,n,e,void 0,X,L,arguments];if(2==E)var x=c(I,(m(I,g),false),false);else if(1==E){var w=!I.N.length;(m(I,g),w)&&c(I,false,false)}else x=mC(g,I);return x}X&&L&&X.removeEventListener(L,T,F)}}return T},pv=function(n,E,I,e,X,L,T,g){return((L=(T=n&(X=$0,I=[89,-43,5,1,4,91,I,75,51,-20],7),J[E.g](E.Lv)),L)[E.g]=function(x){T+=6+7*n,g=x,T&=7},L).concat=function(x){return(g=(x=(x=e%16+1,-40*e*e*g-x*g- -2240*g+I[T+51&7]*e*x+40*g*g+T+1*e*e*x- -1720*e*g+(X()|0)*x),void 0),x=I[x],I[(T+13&7)+(n&2)]=x,I)[T+(n&2)]=-43,x},L},zl=String.fromCharCode(105,110,116,101,103,67,104,101,99,107,66,121,112,97,115,115),cU=((K.prototype.gY=false,K.prototype.dY=void 0,K).prototype.s="toString",K.prototype.BV=void 0,[]),H=[],l=[],k=[],ev=[],WU=[],r={},N=[],uN=[],$0=((y=(((Tl,function(){})(R),DU,function(){})(OK),K.prototype.g="create",K.prototype),y).bV=function(n,E,I){return n^((E=((E^=E<<13,E^=E>>17,E)^E<<5)&I)||(E=1),E)},void 0),J=(y.o=(y.HV=function(){return Math.floor(this.D+(this.Z()-this.Y))},((y.GW=function(n,E,I,e,X,L){for(X=(e=L=0,[]);L<n.length;L++)for(I=I<<E|n[L],e+=E;7<e;)e-=8,X.push(I>>e&255);return X},y).Z=(y.he=function(){return Math.floor(this.Z())},(window.performance||{}).now)?function(){return this.pv+window.performance.now()}:function(){return+new Date},y).PV=function(n,E,I,e,X){for(e=X=0;X<n.length;X++)e+=n.charCodeAt(X),e+=e<<10,e^=e>>6;return X=new Number((n=(e+=e<<3,e^=e>>11,e+(e<<15)>>>0),n&(1<<E)-1)),X[0]=(n>>>E)%I,X},function(n,E,I,e,X){if(I="array"===iN(I)?I:[I],this.T)n(this.T);else try{e=[],X=!this.N.length,m(this,[N,e,I]),m(this,[k,n,e]),E&&!X||c(this,E,true)}catch(L){A(L,this),n(this.T)}}),r).constructor;(K.prototype.u=function(n,E){return $0=function(){return n==E?-56:-98},E={},n={},function(I,e,X,L,T,g,x,w,D,M,W,t,p,V,u){n=(t=n,E);try{if(e=I[0],e==l){p=I[1];try{for(x=(u=(V=[],L=0,atob(p)),0);L<u.length;L++)T=u.charCodeAt(L),255<T&&(V[x++]=T&255,T>>=8),V[x++]=T;Z(226,this,(this.O=(this.X=V,this).X.length<<3,[0,0,0]))}catch(U){P(17,this,U);return}rN(this,8001)}else if(e==N)I[1].push(Q(373,this).length,Q(504,this),Q(446,this).length,Q(90,this).length),Z(98,this,I[2]),this.K[67]&&Q6(this,Q(67,this),8001);else{if(e==k){(w=(V=I[2],f(2,(Q(373,this).length|0)+2)),X=this.L,this).L=this;try{W=Q(19,this),0<W.length&&G(this,373,f(2,W.length).concat(W),10),G(this,373,f(1,this.j),109),G(this,373,f(1,this[k].length)),u=0,u+=Q(6,this)&2047,u-=(Q(373,this).length|0)+5,D=Q(446,this),4<D.length&&(u-=(D.length|0)+3),0<u&&G(this,373,f(2,u).concat(R(u)),15),4<D.length&&G(this,373,f(2,D.length).concat(D),156)}finally{this.L=X}if(g=((x=R(2).concat(Q(373,this)),x[1]=x[0]^6,x)[3]=x[1]^w[0],x[4]=x[1]^w[1],this).N7(x))g="!"+g;else for(u=0,g="";u<x.length;u++)M=x[u][this.s](16),1==M.length&&(M="0"+M),g+=M;return Q(((Z(504,this,((L=g,Q)(373,this).length=V.shift(),V.shift())),Q(446,this)).length=V.shift(),90),this).length=V.shift(),L}if(e==uN)Q6(this,I[1],I[2]);else if(e==H)return Q6(this,I[1],8001)}}finally{n=t}}}(),K.prototype.yC=0,K.prototype).N7=function(n,E,I,e){if(I=window.btoa){for(e="",E=0;E<n.length;E+=8192)e+=String.fromCharCode.apply(null,n.slice(E,E+8192));n=I(e).replace(/\\+/g,"-").replace(/\\//g,"_").replace(/=/g,"")}else n=void 0;return n},K.prototype.Z4=0;var V6,tI=/./,AI=(K.prototype[WU]=[0,0,1,1,0,1,1],l.pop.bind(K.prototype[N])),Gl=function(n,E){return(E=Xn())&&1===n.eval(E.createScript("1"))?function(I){return E.createScript(I)}:function(I){return""+I}}(((V6=Y0({get:AI},(tI[K.prototype.s]=AI,K.prototype.g)),K).prototype.iV=void 0,q));(O=q.botguard||(q.botguard={}),40<O.m)||(O.m=41,O.bg=qi,O.a=aa),O.kDL_=function(n,E,I){return[(I=new K(E,n),function(e){return hI(e,I)})]};}).call(this);'));
}).call(this);
#5 JavaScript::Eval (size: 22) - SHA256: 355b9b382781cde432ccca7627a8fdecad5040be2910428d5fc5b4b57fed949b
0,
function(L) {
    nv(1, L)
}

Executed Writes (0)


HTTP Transactions (119)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D3F75D03561D6A47D19370292E821A86E58381466F0C69386A21175DE55882FF"
Last-Modified: Fri, 11 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9425
Expires: Mon, 14 Nov 2022 00:30:24 GMT
Date: Sun, 13 Nov 2022 21:53:19 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5917
Cache-Control: max-age=137799
Date: Sun, 13 Nov 2022 21:53:19 GMT
Etag: "6370c779-1d7"
Expires: Tue, 15 Nov 2022 12:09:58 GMT
Last-Modified: Sun, 13 Nov 2022 10:31:21 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "00E3B967C579B0CCF709B78D497A43D95646B16EB50925FEF1E2694C58F290B2"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3999
Expires: Sun, 13 Nov 2022 22:59:58 GMT
Date: Sun, 13 Nov 2022 21:53:19 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 13 Nov 2022 21:44:10 GMT
cache-control: public,max-age=3600
age: 549
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    4736bac84ca28f2b1e961159fb4ea098
Sha1:   1319612979f53896fcfeacd4215c2715d4951e4c
Sha256: 5e81213e111ddf68c7f884f72b4e06fc4dc95eb902c3cf0762236b2418840dba
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: 4YWZlLWpWlMDHFInSKUKuitwjSS5/ZyuZsxKJdI3MJTkg3Zl4U/Ynexwqhn5EL9fTc8TrWB41WY=
x-amz-request-id: 7YP7W2NCR3BN46Q5
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 13 Nov 2022 21:13:35 GMT
age: 2384
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sun, 13 Nov 2022 21:53:19 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET / HTTP/1.1 
Host: www.claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         151.101.130.159
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Connection: keep-alive
Content-Length: 162
Location: https://claimwell.com/
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
X-FW-Server: Flywheel/5.1.0
X-FW-Hash: ogapwyqe2r
X-FW-Version: 5.0.0
Server: Flywheel/5.1.0
Accept-Ranges: bytes
Date: Sun, 13 Nov 2022 21:53:19 GMT
X-Served-By: cache-bma1663-BMA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1668376399.996087,VS0,VE361
X-FW-Serve: TRUE
X-FW-Static: NO
X-FW-Type: VISIT


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Cache-Control, Retry-After, Content-Length, Expires, ETag, Pragma, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 13 Nov 2022 21:25:00 GMT
cache-control: public,max-age=3600
age: 1699
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5041
Cache-Control: max-age=131854
Date: Sun, 13 Nov 2022 21:53:19 GMT
Etag: "6370b3ac-1d7"
Expires: Tue, 15 Nov 2022 10:30:53 GMT
Last-Modified: Sun, 13 Nov 2022 09:06:52 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: yT2ylWKZfwHjqcW27d52dw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         54.148.77.40
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: hplk0Nq6ZVV4nJnviXSi4M3AvuU=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1F54C0FA57EA62F131E173D4A365D6D2D4D10E0993EB69EAF9E27D3788A5DAF8"
Last-Modified: Sat, 12 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8307
Expires: Mon, 14 Nov 2022 00:11:48 GMT
Date: Sun, 13 Nov 2022 21:53:21 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1F54C0FA57EA62F131E173D4A365D6D2D4D10E0993EB69EAF9E27D3788A5DAF8"
Last-Modified: Sat, 12 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8307
Expires: Mon, 14 Nov 2022 00:11:48 GMT
Date: Sun, 13 Nov 2022 21:53:21 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1F54C0FA57EA62F131E173D4A365D6D2D4D10E0993EB69EAF9E27D3788A5DAF8"
Last-Modified: Sat, 12 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8307
Expires: Mon, 14 Nov 2022 00:11:48 GMT
Date: Sun, 13 Nov 2022 21:53:21 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1F54C0FA57EA62F131E173D4A365D6D2D4D10E0993EB69EAF9E27D3788A5DAF8"
Last-Modified: Sat, 12 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8307
Expires: Mon, 14 Nov 2022 00:11:48 GMT
Date: Sun, 13 Nov 2022 21:53:21 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11715
x-amzn-requestid: 20e508bd-6568-4225-9bee-c683a49d44f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMhUHkpIAMFfJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec13b-7dc726b94a37fc667e2e6646;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:11 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: X3SUo1LP97TxraRav0ftskBhzWkTJInHaS44PW26yloF-dgD-bHBuA==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 13 Nov 2022 21:45:57 GMT
age: 444
etag: "5109c156b180727767fc03c411190ccc0d3fb5fc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11715
Md5:    cd5bdc050716bb76afe8090fc81617e7
Sha1:   5109c156b180727767fc03c411190ccc0d3fb5fc
Sha256: 9b13e7838946c6654dda17886c2ca8d42de934acb93f4bddb1008dfa1bd1ea99
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0f558ca-3fcd-40ca-bb1c-ef126918959d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4122
x-amzn-requestid: 9340162b-fc1e-4f3d-a45e-8ebd9a4875e2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bgfLqHqxoAMFzfQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6370124a-25a4e62a6f8e87d103e35953;Sampled=0
x-amzn-remapped-date: Sat, 12 Nov 2022 21:38:18 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: hmlaoE2J_B_cu-dW_vYP1UWAgnGKgjOtzdNsNfydANBkuc5q4L6_HA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Sat, 12 Nov 2022 22:04:43 GMT
age: 85718
etag: "91e8debd93ce098249d973807859993bd19bff62"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4122
Md5:    69f064e6ea676998a7371ceb25a310ed
Sha1:   91e8debd93ce098249d973807859993bd19bff62
Sha256: 2b12427099bccbdfaeb01104ce99185f91846f7112a4cf201481a300e1851e8a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bfc69f5-02e2-48e4-a7f8-345ee02dd656.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11187
x-amzn-requestid: 475229e1-bbb5-43a0-8733-1140a99b6b6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bEIaqFFrIAMF7KA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364baaa-4261a60e57ae0c4d7a62e5e9;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 07:09:30 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8JN1YNJmiZpeJsUVH5sQhYw2rZbvvzxVrt2IgDxHro9z3CfcFeVCGg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Sun, 13 Nov 2022 06:02:58 GMT
age: 57023
etag: "399ce32b1fdcdef9061bddb840663f35e39b919a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11187
Md5:    4f181df0e475c123b46f016d3c0bbaa5
Sha1:   399ce32b1fdcdef9061bddb840663f35e39b919a
Sha256: ed9ba753f718903cd997c027f58b63f41e32107367b22b03f964d7eecdf9ba16
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a09e7de-c2b9-4cf4-a032-cdce1be83c46.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7394
x-amzn-requestid: 78860ce6-f1ce-40a6-a901-3630dcdd6c3b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bekDRHb6oAMFU_A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636f4d47-1534ce03076a581f5721b4ba;Sampled=0
x-amzn-remapped-date: Sat, 12 Nov 2022 07:37:43 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: s7Qs5JcCh9H0SevsGfU4qw5PrtDxFPsa5o6HPXIuHHY7NzYcn8guAg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sat, 12 Nov 2022 21:54:29 GMT
age: 86332
etag: "32b8ed02d309d66ac642683470d5f799e22afeaf"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7394
Md5:    bed1df7954a5380cf2c090a4a20e3035
Sha1:   32b8ed02d309d66ac642683470d5f799e22afeaf
Sha256: 7a4b252d81b5ee8a8904aeb572110e78d5ecc3e80c11ead3158d863784bcbff1
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa23e03e8-7a4b-473b-801f-39322d374478.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5149
x-amzn-requestid: 394f108e-48b9-4550-ab9f-5b4883792485
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bEIqfHOoIAMFlCw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364bb0f-648124d07e289043410f1dd0;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 07:11:11 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: tW81M1o1m_OdLZJLg7dvgbaugRKYpHzHx-8R1g4YcGH74YnIquTuAQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 13 Nov 2022 04:57:39 GMT
age: 60942
etag: "bf8de6c00f579baa320456bd0e79ab80978008bc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5149
Md5:    31a009393081c25d9afbde558a278ebf
Sha1:   bf8de6c00f579baa320456bd0e79ab80978008bc
Sha256: 90e81f6a10d3dbc56a45e9cfd65dbcd6bddf9e3ab526b4cca270bc2f26404950
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80441337-327d-4d34-9fe8-53269c39ac18.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7867
x-amzn-requestid: e05d4978-6f46-4395-8121-4d969a222328
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bgfLqFWIoAMF01A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6370124a-4033150d0180e56e2965e26e;Sampled=0
x-amzn-remapped-date: Sat, 12 Nov 2022 21:38:18 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: YDkJ7OIcS3FiDPufRTj5VtL5CMxbNN2o2Zq50QQ9UNeDw4uE4j3jrw==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Sat, 12 Nov 2022 21:54:29 GMT
age: 86332
etag: "a9922959c532dd26f21bda4f74ee1fa8496e862e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7867
Md5:    26249508ef18eac51cf62cf6e90339a4
Sha1:   a9922959c532dd26f21bda4f74ee1fa8496e862e
Sha256: 25075ef6337bae8e60412cdca98afbae6aca61d889aadce4cbad4a8522f4c4b1
                                        
                                            GET / HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
link: <https://claimwell.com/wp-json/>; rel="https://api.w.org/", <https://claimwell.com/wp-json/wp/v2/pages/3890>; rel="alternate"; type="application/json", <https://claimwell.com/>; rel=shortlink
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-dynamic: TRUE
x-fw-hash: ogapwyqe2r
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1668376399.442299,VS0,VE2675
vary: Accept-Encoding
x-fw-serve: TRUE
x-fw-static: NO
x-fw-type: VISIT
content-length: 47352
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8489)
Size:   47352
Md5:    6102ac1da6a67ada31d6807ed0e826f8
Sha1:   be4a2a1b6fccde5a76e28239a7970d540957efed
Sha256: 9d18ae13d80d8f9d26a13172baf2821771c6eaf6af0046c094e1acd527e8941c

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/formidable/css/formidableforms.css?ver=10242250 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Mon, 24 Oct 2022 22:50:53 GMT
etag: W/"635716cd-cc9c"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.211801,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 10150
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (52279)
Size:   10150
Md5:    327656c6623189eb218b3a05b4a7ac28
Sha1:   021dce514a3506e9fcb547cbbcb6ceb08df69c4b
Sha256: 6fd36dfdab0fd0e28e65ff4818da4820c6acb6e9597ca17ef6e931ba853cba29

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/th-widget-pack/assets/icons/icons.css?ver=2.1.14 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Mon, 24 Oct 2022 22:49:55 GMT
etag: W/"63571693-d147"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.212077,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 8578
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   8578
Md5:    6dbc0f0655775fc588d0784519520f25
Sha1:   74db90c46ed1888978b16eb4d6505a64d2d29889
Sha256: 96cb95468d35fd20563225b3838ab15c7a12a18f03e8b87d1ce0235b6d722dfb

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/th-widget-pack/css/global.css?ver=1666651795 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Mon, 24 Oct 2022 22:49:55 GMT
etag: W/"63571693-656"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.212651,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 321
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1621)
Size:   321
Md5:    e42d16a433ebd4cfc77d6fb73dfaff9c
Sha1:   701b9f69df90a90570e72da552218fe9695cdf13
Sha256: 6eaa3417104d1fe73f61c14b4f46e5663b7b2a3babd76109ec504681ae280f00
                                        
                                            GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.3 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-15b64"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ogapwyqe2r
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.213416,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 13906
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (43771)
Size:   13906
Md5:    1047dd6779111ec73736abd71a40fef9
Sha1:   e08643922ce9a1a488f2a72c0341807f59f7528e
Sha256: d85287eacda4e97356cf1b53ec765e34c8913558d6fb485b334debf78c89a3bf
                                        
                                            GET /wp-content/plugins/header-footer-elementor/assets/css/header-footer-elementor.css?ver=1.6.13 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Mon, 24 Oct 2022 22:49:39 GMT
etag: W/"63571683-308"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.213951,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 335
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   335
Md5:    844db2405eae764da7a0eff19010ea8e
Sha1:   1fffb2a992d9fa84f0ea5a7afcbbdefbc59e238c
Sha256: 6421a7f673a09c660f6de4c37a4ac770239bac9ad46b87c75fdee466f09553c8
                                        
                                            GET /wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:32 GMT
etag: W/"636147c8-35ed"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.214586,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 967
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (13766)
Size:   967
Md5:    85c186d70976153b68df9fac46944882
Sha1:   ffc8003843cfdb2e6062cf4289d8db213b7497c7
Sha256: 519b04684c2ced5330630bdf9a688c3dfb26c3a9677064a3384c49cc224c2d02
                                        
                                            GET /wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:32 GMT
etag: W/"636147c8-27687"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.215188,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 23565
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65497)
Size:   23565
Md5:    3c3a7fde2c8c53f39bc2291f6abf140d
Sha1:   73ec7f561448784f9776dd954b7e9e0b8b8b82a5
Sha256: da82ebd0bf834cfa45fc99db134763c67f27c4c756201288ae52ea686c4c18df

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.4.2 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:49 GMT
etag: W/"636147d9-d69"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.215712,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 876
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3432)
Size:   876
Md5:    1485a50ba7eb9b0552c47212ac9e1f8d
Sha1:   20114142c5961b11782d0473d7eddbb5ea2fe857
Sha256: 036dc37c7c15dd4c5666eb283a674fe5eab437db700916680cdc59082b40810e
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.16.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-4b4f"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.216857,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 4343
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (19233)
Size:   4343
Md5:    604fd8fa6bb661c05803395e60da945e
Sha1:   5026347d7d843b0cf1d969674dcce39fa798f1f6
Sha256: 1cde42ac7a1ff03a443a2ab4d73fefc03c962aea0f9f3745256d9f3eef2d1d8b

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/uploads/elementor/css/post-465.css?ver=1667319843 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:24:03 GMT
etag: W/"63614823-6be"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.219843,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 473
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1726), with no line terminators
Size:   473
Md5:    2c31fb561e68949df39926d64829cbc0
Sha1:   1708a86fd4b7a328222cc257e0152a4b4c52acd4
Sha256: 5fbd8f2754092f0c96ddf8c4df98a2f4b303ef07fa7cb3f197d1b0a195127847
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/v4-shims.min.css?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-684e"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.219755,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 4632
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (26516)
Size:   4632
Md5:    374f31e96b90b8ae2792847d6f03ad7a
Sha1:   70735fd696d11f13de395e43c81b026d9c86528e
Sha256: 1192a2e289e37356ef9077427b1cd1ca3b950dd95f163459bc9c16f679989088

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:42 GMT
etag: W/"636147d2-78bee"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.219807,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 53064
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65493)
Size:   53064
Md5:    43cb961ce14b870c73851b62422e1969
Sha1:   796c81ab818410e4f123d7791c869bb4f091c5a3
Sha256: 6abf269f3316b1f09660d9408aafd7601f07d987ea20156fe7f1db5396745ed4
                                        
                                            GET /wp-content/uploads/elementor/css/post-3890.css?ver=1667319926 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:25:26 GMT
etag: W/"63614876-c13b"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.219956,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 4867
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (49467), with no line terminators
Size:   4867
Md5:    9dae52c44237edf9b84b46bff73adc4c
Sha1:   97b3af59ccef18bd6674adcf61b285ff1b29f8f0
Sha256: ee1a695e0b5a07871958b3bd1b53aa575fcac14cd0a3a88fe3904c96af0c8285

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/th-widget-pack/header-footer/inc/widgets-css/frontend.css?ver=2.1.14 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Mon, 24 Oct 2022 22:49:55 GMT
etag: W/"63571693-13c18"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.220264,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 10454
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (1646)
Size:   10454
Md5:    66108675e6ad3f63704e02654048874c
Sha1:   14c327d135aab85d7a9e0ab0b5873083eca7f0d0
Sha256: f0c5bd1483c4986014973afd3f1fbcb8aaf750a4b560608c7cb8e6a06efd5659

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/header-footer-elementor/inc/widgets-css/frontend.css?ver=1.6.13 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Mon, 24 Oct 2022 22:49:39 GMT
etag: W/"63571683-127a4"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.220901,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 9576
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (1646)
Size:   9576
Md5:    eedfe054bcb463863781057ab6f69abb
Sha1:   448c2e7bab71dc8312c51536855e702b0eb9c515
Sha256: 88d7bd229f33e561df4a16846334228f0183334ab25813ee8022bd4fdb045867

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/th-widget-pack/header-footer/assets/css/header-footer-elementor.css?ver=2.1.14 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Mon, 24 Oct 2022 22:49:55 GMT
etag: W/"63571693-4c6"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.222006,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 456
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   456
Md5:    ed50d0b8f686c12f99af00f219a76b85
Sha1:   fab2c67ea39365dde11acbeda939187db4eedb8b
Sha256: 98c0713ed54c191d8a0868b6a6f103b133a81c2593758ed71cabcbb700423106

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/uploads/elementor/css/post-5004.css?ver=1667319981 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:26:21 GMT
etag: W/"636148ad-85b2"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.223414,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 3119
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (11072)
Size:   3119
Md5:    925a76356addac87430f5bbb1a45a575
Sha1:   cf44e04548456d25eb9af9d884a56c072eb1d468
Sha256: e4d6e25f69067d9a972e15e1e39f49b8641d9b236faf99237298f3bef26d115f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-e7d0"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.219904,VS0,VE5
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 14284
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (59158)
Size:   14284
Md5:    25b37bc500e807c9f09d41f36d06a3ad
Sha1:   008541e3bc221a9e0cfa873248ee4dc05b563d8e
Sha256: 1033a30450338e77b9c322f9ae9ad68b50f801272bef293933d6135f9126aa13

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-7917"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.224170,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 7780
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (30837)
Size:   7780
Md5:    73e38ca778aab03265ab5c8c5922b3d3
Sha1:   d55aa22c1227719a6a5239b5f2c0251fc563d7e0
Sha256: 0d49cde3035dbb3baf30ac0e801b8a21175072224f0192675dabeda3b7159814

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/stratusx/assets/css/app.css?ver=1 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Mon, 22 Nov 2021 21:02:06 GMT
etag: W/"619c054e-44269"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.224923,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 54340
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (64784)
Size:   54340
Md5:    b2a3c4cd86a0bb706664510786d694e9
Sha1:   a7a2630965f395757ed0103d2567277947475b03
Sha256: 70f9fc283cde3260f98401c7aea5dafa6dba243a6b9f6fa6131f611a430c3f27
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-2a3"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.237544,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 311
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (489)
Size:   311
Md5:    c58b23e189e3c7cf45cb7014e704d05b
Sha1:   e6850968edf763aafe862a226a0a3380f4827488
Sha256: 6ba81ab0941a10e6bb1a48b83f30ddaedba974c6609bec7210d9a27e4b3ef38d

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-15db1"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ogapwyqe2r
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.237501,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 34060
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65447)
Size:   34060
Md5:    22b0253c0ecce70e41e296d176b0d972
Sha1:   a161c363d2092739db21bfeb2cf23c980ec71580
Sha256: 181967b7928e133789c8edbb8bdcb73d44a0328d884b613f8ebfb182b4c3c52e

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-e238"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.237623,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 13975
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (57726)
Size:   13975
Md5:    2f0b07689b34366c1b04e9c84cc2b54c
Sha1:   0a49469573f7add891658c75253a4b68953925e5
Sha256: 6bddc997475f4020265128478b59384b44792a0f986d6a04cd79722b99f2f55f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-29d"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.237587,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 312
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (483)
Size:   312
Md5:    1a5f57a3c279130e5385dc23c63480ca
Sha1:   495d0b9326b42d552932276b815779bbc09d7083
Sha256: 6f5b533f1629e50e5fe7e2e9ede37072b0f9d65e439d0d56d43daa4373d1d745

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/regular.min.css?ver=5.15.3 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-2a5"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.237562,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 310
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (491)
Size:   310
Md5:    c62d5dcd85da44a1dfb134f50da09157
Sha1:   7ad9087d70136a8e584331db02048d13f8b95e82
Sha256: ab305466b8f11236d52c021823260b82c195c627e6323e7079a8a7c733335f03
                                        
                                            GET /wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:32 GMT
etag: W/"636147c8-135d"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.269949,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 2252
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (4918)
Size:   2252
Md5:    9f4f8167378b3647579db7fdcd32222c
Sha1:   f39aed2f852126793181def8995a2f775b01e909
Sha256: 6e6e245457169f9ef416988e1569a55f965c750dda363ae567bd285a076ea6c9

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:32 GMT
etag: W/"636147c8-80b3"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.269886,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 11599
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (32907)
Size:   11599
Md5:    85b9957cfe29d6b964ee7d5fe7a721e5
Sha1:   2a7ceee62c538ed2cf691c1a63c1b39e86f45642
Sha256: eb64e609ea8c352fee372f74c1cea32033a25051f1d3fd41d0dd57a6f199f786

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:43 GMT
etag: W/"636147d3-1472"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.269956,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 2439
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (5191)
Size:   2439
Md5:    9a1f831972cf36eee6e2db70b9700bc4
Sha1:   0b5cbaed4bbae8e325a10b66afb502d025f7a297
Sha256: fdfd0da5acc22a7dae57774bbee36b0c85ba3c7a6f4fab18a1773ccb1e17fe89
                                        
                                            GET /wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.min.js?ver=1.0.1 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:43 GMT
etag: W/"636147d3-6272"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.269994,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 7921
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (25115)
Size:   7921
Md5:    980e80ed6ddbdc9807aea533c70bb286
Sha1:   5740cc3f4f32e6c07083b160e5e729ddca90b634
Sha256: 4a8490c04d4be66e5bb053e8f9483484cb5c798f93ef06f9f94aade11aa47533

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/th-widget-pack/js/themo-foot.js?ver=2.1.14 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Mon, 24 Oct 2022 22:49:55 GMT
etag: W/"63571693-2b02"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.270129,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 3261
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   3261
Md5:    aa423480c0248f90c164e37b73c1b1a5
Sha1:   ceb372bc26ddb3bd72a3a3beb5f6bf8f91df15da
Sha256: d87417f4e43bd80bbe3f6ed9973ebe7b7e25c5d425b479e088f767099cb43d3b

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/stratusx/assets/js/main.js?ver=1.2 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Mon, 22 Nov 2021 21:02:06 GMT
etag: W/"619c054e-2a55"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.270060,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 3808
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text
Size:   3808
Md5:    c72620fb8f97d6bcf2e405ed3e3e6ab7
Sha1:   eb51b8f6f793f0e19996870943f7a7933e2ee6a6
Sha256: 582b18057eb11108c5082817e9f3a6857afb6f6d7e76f92407a1d94df5e0b06d

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-2fa6"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.270191,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 3281
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (12198), with no line terminators
Size:   3281
Md5:    e7e06a56acbe48a5e94540829d446734
Sha1:   a62e3d7ea0dbd0a3e771f419377882aee5512e67
Sha256: 42ba07f11715edb58a365296c32ae85230bb28f164a34f561f295cbceb1f5981
                                        
                                            GET /wp-includes/js/imagesloaded.min.js?ver=4.1.4 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-15fd"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ogapwyqe2r
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.270011,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 1946
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (5477)
Size:   1946
Md5:    fcf12c7d3f5778470877aff26bdb3040
Sha1:   b8cc6b30eb49ef014651e6f22e4a33b74a3fde1e
Sha256: 2b6a1c6d97acd8b8f1460d8e4acbac8f911aa950c482ab794888f40c63fb2d6f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.4.2 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:49 GMT
etag: W/"636147d9-1f4e"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.270238,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 3000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (8014), with no line terminators
Size:   3000
Md5:    44cf56521abf6feb68df54afd572fba9
Sha1:   a5ba5bfd8c5fef35992d180830102c2e208713fb
Sha256: 8c5ab0acb7b0de7851ab139751ca2b8f2c3a042d1b74eeb593047199c0e5d0fb

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-2bd8"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ogapwyqe2r
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.270408,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 4405
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (11126)
Size:   4405
Md5:    24957bc8161f979c6e661f46fdc3974f
Sha1:   fa1237ffe8b3745baa78ac481239038e133fcc17
Sha256: 46acf87c90961d413ac24eace25b77a8d5236daf38799fec2daf0bc350cc6ebe

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/stratusx/assets/js/vendor/vendor_footer.js?ver=1.2 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Mon, 22 Nov 2021 21:02:06 GMT
etag: W/"619c054e-1d211"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.270101,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 35932
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   35932
Md5:    8fabaacc1c210aec94b2224eb0434878
Sha1:   54e630b5711d880f85b9640f04df89d9d200cef9
Sha256: a2f4874e50eee01e2623ed6f20737b3e9207627d45a5ba16977ccdedd65d96f3
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:32 GMT
etag: W/"636147c8-4824"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.270612,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 2945
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (10019)
Size:   2945
Md5:    6a41a891222b20ffa888a263dadd9541
Sha1:   0a60e8f24954286903a61455c3b5dee0aed7893e
Sha256: 66f99b0608e47e9e1ecd50287f529a11b830d7e561b52da7f697fd91d7995db0
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/jquery-numerator/jquery-numerator.min.js?ver=0.2.1 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-709"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.270044,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 766
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1801), with no line terminators
Size:   766
Md5:    d050f456fb3f3eca90330ceb0589fdb8
Sha1:   4ef5b7af377ec4750713019e9fd07a618805971e
Sha256: d8ff1d2961e2c14d53dc5c32541e9ee2cd0addd6aa84958d6f24a6bd3c3d8d2d

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-3acf"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.270511,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 4631
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (14869)
Size:   4631
Md5:    499ded81ca80920c1b3521598e259548
Sha1:   d6b47dce6475ee2b47e16ee211efab0e65b665ca
Sha256: b7e9f78215fd2ffd092c2c5c456ade5e3f293b6411f6279caf40e3fb247b8fe1

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/th-widget-pack/header-footer/inc/js/frontend.js?ver=2.1.14 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Mon, 24 Oct 2022 22:49:55 GMT
etag: W/"63571693-6384"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.270168,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 4154
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   4154
Md5:    fcddc76226a5d9daa33fa13cfd81a0dc
Sha1:   8204598ef91c5dd506ea28b13b2ee1826b115b3d
Sha256: 439623cc1a6b45a494093b92c6a5ae0a85cb7e2bbb46f7573ddf9a89a8161e18
                                        
                                            GET /wp-content/uploads/essential-addons-elementor/eael-3890.js?ver=1631176832 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Mon, 24 Oct 2022 22:58:08 GMT
etag: W/"63571880-838"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.270233,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 868
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2104), with no line terminators
Size:   868
Md5:    bec8f4b34456c4c3dcbf4937bbda8d8a
Sha1:   7f2093800079cf133a01ed4bd2684328582ea59b
Sha256: 1bee1a4a3c209617ad7f3cf6170a5fba8357e4f70ad621423a8c534dc0e22714

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/uploads/2020/12/RRE-Ventures.png HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: image/png
                                        
last-modified: Mon, 22 Nov 2021 21:02:00 GMT
etag: W/"619c0548-1e6d"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.270723,VS0,VE3
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 6770
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 900 x 600, 8-bit colormap, non-interlaced\012- data
Size:   6770
Md5:    ca7f4f0b097551d79d49369a5f034f1a
Sha1:   d3875cc8c88a254cc544fe0da10d4f9eea096376
Sha256: cfbe866f18aa9783cf6ee684d887e71292bff73f50fa73329a0a559a0bd621fc
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 21:53:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 21:53:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/uploads/2021/03/dollar-sign-circle.svg HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: image/svg+xml
                                        
last-modified: Mon, 22 Nov 2021 21:01:41 GMT
etag: W/"619c0535-5f5"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.270444,VS0,VE10
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
access-control-allow-origin: *
x-fw-type: VISIT
content-length: 801
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1525), with no line terminators
Size:   801
Md5:    e055afed172f07444a8754dd14ead516
Sha1:   3e6a2e9cb46e8f5ab04b1059b99ad8d04e43606e
Sha256: 5c5aaad0fbd414b6f7e5cd22ea20529c63ecd827c019f5675d6b1ff9de8e8205

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-194b"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ogapwyqe2r
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.302974,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 2581
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (6475), with no line terminators
Size:   2581
Md5:    cba765ca076cb13c7678f0293fb8a3da
Sha1:   98430a0a3db9c19a16f6940750a6738c4d00f962
Sha256: f68a3fba394baf3508e7987049a6037d9f3e212dc9698976df9fbeb5703379ab

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-4ac6"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ogapwyqe2r
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.303125,VS0,VE6
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 7559
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (19138), with no line terminators
Size:   7559
Md5:    2059fe073bfc62ce84fe8fc1f42d35a9
Sha1:   68038ff5383ffde15542f57782d7a53c8de8bb48
Sha256: 543dbc6a5dd60032fb9d74beef1f7ac5f6cee543b6422b1f0928b9001d050eb8
                                        
                                            GET /wp-includes/js/dist/hooks.min.js?ver=c6d64f2cb8f5c6bb49caca37f8828ce3 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-132e"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ogapwyqe2r
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.311292,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 1736
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (4875)
Size:   1736
Md5:    13d536181f99675ef7d13d91c86c24dd
Sha1:   c30ec279027b1dc05df149f3953b384f50a72a05
Sha256: 1192c8ec0e73df274d3ffb2302091f67d2a4fc15200a6fd138661dfd7cc2f222

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/dist/i18n.min.js?ver=ebee46757c6a411e38fd079a7ac71d94 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-27ee"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ogapwyqe2r
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.311938,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 4059
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   4059
Md5:    feb20fa17603ebf83bd29bb99298c82f
Sha1:   1944c6bf9ad5f4283fcb221ada39438b8528f5a2
Sha256: eeffaf3cad83f30cadd4a89d66fcc4ea8e929330625ab40c6ac8a651e41eb595

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:42 GMT
etag: W/"636147d2-54a3"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.312026,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 6308
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (21624)
Size:   6308
Md5:    327334f1610e7beca3db87254e141ede
Sha1:   88aad29b5322ece8aa9c63c72d8a25e4744acf3c
Sha256: cecef52015c8fd37983e2e1afab16a577ebd4c1c0fbd6b073a58be6f43c46c52

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.1 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-50eb"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ogapwyqe2r
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.312547,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 7442
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (8189)
Size:   7442
Md5:    7070cf6c839a09af2a84f926dd2f95e1
Sha1:   2ac5f6312b4cc85f39804d4a61eeb00c2cced58e
Sha256: ed584ebba9826c2d9fb5078ca275ce47d05b2a9a1f075e7493526fe7fe458c4c
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-21f91"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.312615,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 40188
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65280)
Size:   40188
Md5:    9ed258a936a3d2ce45e94a8db42f9d31
Sha1:   6165e240ceb0f3dffff99e006e4bde5a5039cc9e
Sha256: 2a21ec91e4a5790ad487670a13f80e62d6d17b6725d13d0e23c33e10ddda2311
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-a3c"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.313274,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 1163
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2620), with no line terminators
Size:   1163
Md5:    155e4f944ca10383b6595411b6dd9b73
Sha1:   7a350878d60b6574dc0b207ff5c40e9e1a833394
Sha256: 9b154543aa75cc39dced26c6e6cbc2e8f694299084b85c5ad35b489e3bcae14c

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 21:53:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-29ba"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.319414,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 3713
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (10544)
Size:   3713
Md5:    79154440db11a2fce12d7466816f540b
Sha1:   6936f61c5ec9b0fbb2c22f5b0360144200eee413
Sha256: f380628bae09ae5f189c9a3beadacd7e0f39606d086476bc21f76c8d69fef241
                                        
                                            GET /wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:32 GMT
etag: W/"636147c8-9e41"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.360945,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 13240
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (40474)
Size:   13240
Md5:    4f77ab858523d1d3443d76a569cea6d2
Sha1:   eebca9a6d6c00a7f0db1f14678e3d2598de09ab1
Sha256: 11109fd617951d02cbaccfd9cc2773f0161e41d34169102b330051d23d280f25
                                        
                                            GET /wp-content/plugins/elementor/assets/js/preloaded-modules.min.js?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:32 GMT
etag: W/"636147c8-a884"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.391292,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 14251
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (43101)
Size:   14251
Md5:    cc1be579a6292ef0bfc7d812f432b738
Sha1:   5592e611fce34c3936a392d9a879476574569bf2
Sha256: 460826e1e23dda3d67c25eaa1ff89a4054f345cfdc60a6e6aecd433bdca1ba09
                                        
                                            GET /gtag/js?id=UA-207882829-1 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://claimwell.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.168
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 13 Nov 2022 21:53:22 GMT
expires: Sun, 13 Nov 2022 21:53:22 GMT
cache-control: private, max-age=900
last-modified: Sun, 13 Nov 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43680
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1921)
Size:   43680
Md5:    7946ae6e272e9198e8f3bad80b04a79a
Sha1:   0a5617aedd0a2e206e1ac87850528ef1b501293c
Sha256: 0ecc925a2b0eddbcc7b014ba46853024b24ea7590dfa90d6afc653971e31a32c
                                        
                                            GET /wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:43 GMT
etag: W/"636147d3-ee1"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.391369,VS0,VE5
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 1654
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3808)
Size:   1654
Md5:    3dced5421d2d005599ac20da0c49316f
Sha1:   8cfdfe1cc93dd6be5ad99c901d89e428acf7b051
Sha256: e8554340ba7e8c478bf02d5c81b08bae64cf670b8b8bb2301482b3ac0fce36e2

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.3 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-48b9"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ogapwyqe2r
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376402.481554,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 5515
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (15660)
Size:   5515
Md5:    17db16eba9de064a60b18a592b36634a
Sha1:   82fc955209623803111e48d5be3cf345315be6f5
Sha256: 1144901adf4e1d54838e6e04a2b75314f3b95518ee654d8c1742af50e355b433

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 21:53:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 21:53:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 21:53:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/uploads/essential-addons-elementor/eael-3890.css?ver=1631176832 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Mon, 24 Oct 2022 22:58:08 GMT
etag: W/"63571880-43e1"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1668376402.216662,VS0,VE482
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 3026
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (10267)
Size:   3026
Md5:    1ef8868a44fece784ed2780ecaf78d91
Sha1:   17cc90c5114099adf7e697a198376cdb8089297d
Sha256: e9d84688dee5ffb6ae0ae3ed482ba082ee7a710c26b066cd2b977fa27ab2462a

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2255
Cache-Control: max-age=155731
Date: Sun, 13 Nov 2022 21:53:22 GMT
Etag: "63711bd6-117"
Expires: Tue, 15 Nov 2022 17:08:53 GMT
Last-Modified: Sun, 13 Nov 2022 16:31:18 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /wp-content/fonts/raleway/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVs9pbCIPrcVIT9d4cw.woff HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/font-woff
                                        
last-modified: Sat, 23 Jul 2022 05:00:47 GMT
etag: "62db807f-5328"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376403.825459,VS0,VE3
vary: Authorization
x-fw-serve: TRUE
x-fw-static: YES
access-control-allow-origin: *
x-fw-type: VISIT
content-length: 21288
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 21288, version 1.1\012- data
Size:   21288
Md5:    b551d1a78c967fb1e854393a1114520a
Sha1:   211b36882d860210b9f01b4874aa823bcebe01fe
Sha256: 022b648ed96398d5358f30a503535bf52438c841bfcbc573c232fb5fb8d4d45f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/fonts/raleway/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrcVIT9d4cw.woff HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/font-woff
                                        
last-modified: Sat, 23 Jul 2022 05:00:47 GMT
etag: "62db807f-51ec"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376403.828293,VS0,VE1
vary: Authorization
x-fw-serve: TRUE
x-fw-static: YES
access-control-allow-origin: *
x-fw-type: VISIT
content-length: 20972
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 20972, version 1.1\012- data
Size:   20972
Md5:    a326c47c3038ee95e834af4137354081
Sha1:   328ed7688bb9083e97c264b52d3068a6cf320a53
Sha256: 7b39693e5b25e6747c407920eaf32ace22b70c5753dc45b33e9a2885d297cfb9

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-regular-400.woff2 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/regular.min.css?ver=5.15.3
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/octet-stream
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: "636147c9-33dc"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376403.829139,VS0,VE1
vary: Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 13276
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 13276, version 331.-31261\012- data
Size:   13276
Md5:    f0f8230116992e521526097a28f54066
Sha1:   0447c6b10bbf73f97b23dcfd6e6a48510822cb6e
Sha256: 8afc6e5e842baab16010c2ce6fcf48ec4ded8e1579a37c1f1bc027e120d04951

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/octet-stream
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: "636147c9-12bdc"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376403.836789,VS0,VE1
vary: Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 76764
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 76764, version 331.-31261\012- data
Size:   76764
Md5:    f7307680c7fe85959f3ecf122493ea7d
Sha1:   fce0da592a3e536d6d5df5b50cb513398d8c5161
Sha256: 43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/fonts/raleway/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVuEorCIPrcVIT9d4cw.woff HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://claimwell.com/
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/font-woff
                                        
last-modified: Sat, 23 Jul 2022 05:00:47 GMT
etag: "62db807f-5180"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376403.834514,VS0,VE7
vary: Authorization
x-fw-serve: TRUE
x-fw-static: YES
access-control-allow-origin: *
x-fw-type: VISIT
content-length: 20864
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 20864, version 1.1\012- data
Size:   20864
Md5:    d872d08bbb5a11b339c5c14eda86f4de
Sha1:   858a15f9f63acd7c67741fe86f897477290306f1
Sha256: d34f1dad21494ea58feed91aaef8cd744d0797f0fe60154d2c9856939f2be994

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/octet-stream
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: "636147c9-13174"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:22 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376403.828531,VS0,VE16
vary: Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 78196
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 78196, version 331.-31261\012- data
Size:   78196
Md5:    e8a427e15cc502bef99cfd722b37ea98
Sha1:   a9922842a120a7f1eaced667480c5e185a106d69
Sha256: d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 21:53:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 21:53:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 21:53:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://claimwell.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46524
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 07 Nov 2022 21:13:13 GMT
expires: Tue, 07 Nov 2023 21:13:13 GMT
cache-control: public, max-age=31536000
age: 520809
last-modified: Mon, 18 Jul 2022 19:58:01 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 46524, version 1.0\012- data
Size:   46524
Md5:    c1fd378f54921c75e4ae1821e7b8fff6
Sha1:   2ce96e97783b2f154d07f4464ca6f8eb2469f2c1
Sha256: 405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826
                                        
                                            GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://claimwell.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Nov 2022 16:40:18 GMT
expires: Fri, 10 Nov 2023 16:40:18 GMT
cache-control: public, max-age=31536000
age: 277984
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Size:   30928
Md5:    ac0d2859ea5f8fd6bcb3c305c08ec184
Sha1:   7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
Sha256: ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 21:53:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /video/589397769?color&autopause=0&loop=0&muted=0&title=0&portrait=0&byline=0 HTTP/1.1 
Host: player.vimeo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://claimwell.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         162.159.138.60
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Sun, 13 Nov 2022 21:53:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
x-xss-protection: 1; mode=block
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: resource: https://f.vimeocdn.com https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://src.litix.io https://www.gstatic.com https://cdn.streamroot.io https://cdn.kollective.app/ https://wirewax.s3.eu-west-1.amazonaws.com https://edge-assets.wirewax.com https://embedder-sdk.wirewax.com https://embedder-sdk.wirewax.tv https://f.vimeocdn.com; style-src 'self' 'unsafe-inline' https://f.vimeocdn.com https://fonts.googleapis.com https://edge-assets.wirewax.com https://f.vimeocdn.com; connect-src 'self' ws: wss: https://vimeo.com https://vimeo.dev https://api.vimeo.com https://api.vimeo.dev https://*.ci.vimeows.com https://csi.gstatic.com https://fresnel-player-staging.vimeows.com https://fresnel-event-staging.vimeows.com https://player-telemetry.vimeo.com https://*.akamaized.net https://*.akamaized-staging.net https://*.vimeocdn.com https://netflux.cloud.vimeo.com https://lic.staging.drmtoday.com https://lic.drmtoday.com https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://sentry.io https://*.ingest.sentry.io https://storage.googleapis.com https://bam.nr-data.net https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com https://*.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://*.dna-delivery.com https://*.kollective.app/ https://mimir.cloud.vimeo.com https://*.wirewax.com https://*.wirewax.tv https://wirewax.s3.eu-west-1.amazonaws.com https://sqs.us-east-1.amazonaws.com https://sqs.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com; media-src 'self' blob: https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.gvt1.com https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com https://devcaptions.cloud.vimeo.com/; object-src 'self' https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net; default-src 'none'; font-src https://edge-assets.wirewax.com https://player.vimeo.com https://fonts.gstatic.com; img-src 'self' data: https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://player.vimeo.com https://*.ci.vimeows.com https://videoapi-sprites.vimeocdn.com https://i.vimeocdn.com https://wirewax.s3.eu-west-1.amazonaws.com https://studio-media.wirewax.com https://edge-assets.wirewax.com https://maps.googleapis.com https://f.vimeocdn.com; frame-src 'self' https://*
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
link: <https://i.vimeocdn.com>; rel=preconnect; crossorigin, <https://f.vimeocdn.com>; rel=preconnect; crossorigin, <https://fresnel.vimeocdn.com>; rel=preconnect; crossorigin
p3p: CP="This is not a P3P policy! See https://vimeo.com/privacy"
expires: Sun, 13 Nov 2022 22:03:23 GMT
x-host: player-685d5c6dfc-h7bpw
via: 1.1 varnish, 1.1 varnish
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-varnish-cache: 0
x-vserver: playproxy-rollout-prod-varnish-2
x-backend-proxy: playproxy3
x-bapp-server: player-685d5c6dfc-h7bpw
Age: 0
X-Served-By: cache-bma1671-BMA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1668376403.830746,VS0,VE264
Vary: Accept-Encoding
X-Player-Backend: p
CF-Cache-Status: DYNAMIC
Set-Cookie: __cf_bm=m8Jk_XwyZMk8V.qWzehM929k8gau.2xwUhL2fzlFVUs-1668376403-0-AWSraad11Ow+FRyEGrFLrHHfnd2EgM3fgm+pDM8fYmQjyOXMmrQ740xrIPD5Ef2b2c0/POCKyOwEr52qJNU5OEA=; path=/; expires=Sun, 13-Nov-22 22:23:23 GMT; domain=.vimeo.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 769abd659b050afa-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (20328), with no line terminators
Size:   6130
Md5:    c9f34deaec7abaa9003509d4b6ba6114
Sha1:   93d8286020edaf7693180df8a6f4dc734349d1bc
Sha256: 41bff0dd1b5ad7ba5937ed933bc861b6fc9f3c1c670ee6d01c5c69c394192cd0
                                        
                                            GET /wp-content/uploads/2020/10/cropped-fav-copy-192x192.png HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Cookie: _ga_1FHZ4B327M=GS1.1.1668376401.1.0.1668376401.0.0.0; _ga=GA1.1.1683895976.1668376402
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: image/png
                                        
last-modified: Mon, 22 Nov 2021 21:01:50 GMT
etag: W/"619c053e-25e6"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:23 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376403.187794,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 9704
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size:   9704
Md5:    d3c44e20247335b2179a6171915428e8
Sha1:   f972cd225c17c070f8b1d989845e3fad5b59027e
Sha256: d4fef434ff4efc0aeadeb237305f2beed46354d2eb76d3edcb30bde9cec0e314
                                        
                                            GET /wp-content/uploads/2020/10/cropped-fav-copy-32x32.png HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/
Connection: keep-alive
Cookie: _ga_1FHZ4B327M=GS1.1.1668376401.1.0.1668376401.0.0.0; _ga=GA1.1.1683895976.1668376402
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: image/png
                                        
last-modified: Mon, 22 Nov 2021 21:01:48 GMT
etag: W/"619c053c-43a"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:23 GMT
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668376403.187745,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 1108
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size:   1108
Md5:    c1c1b2b58335b19f77acca96d694e04a
Sha1:   5c8dc142b7c14d84d08327156571ac3ee6edfcb8
Sha256: 3e397180ce16774fc0a814fd3ddfadfd2875bdb0413cfdea17ae80980747687f
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://claimwell.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 13 Nov 2022 20:41:09 GMT
expires: Sun, 13 Nov 2022 22:41:09 GMT
cache-control: public, max-age=7200
age: 4334
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   20039
Md5:    47e6f374ca946fddd5b59871b325736c
Sha1:   baa9282efc8785e84d247c3bff518eaa45f101c4
Sha256: 16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
                                        
                                            GET /p/4.13.5/css/player.css HTTP/1.1 
Host: f.vimeocdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://player.vimeo.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         151.101.86.109
HTTP/2 200 OK
content-type: text/css
                                        
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sun, 13 Nov 2022 21:53:23 GMT
age: 269422
x-served-by: cache-iad-kcgs7200125-IAD, cache-bma1624-BMA
x-cache: HIT, HIT
x-cache-hits: 54, 56112
x-timer: S1668376403.232066,VS0,VE0
vary: Accept-Encoding,x-http-method-override
cache-control: max-age=1209600
access-control-allow-origin: *
content-length: 20765
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65495)
Size:   20765
Md5:    a11050ea930072aae656110ff118f9e1
Sha1:   785248bd4ca0f74d57beaaa380dcc25d37ec3ea7
Sha256: 006a7da32d89a5dd2b7383c0d5c5704b3adb61ff0d94a4c951dbcfa7e1d7de8c
                                        
                                            GET /recaptcha/releases/jF-AgDWy8ih0GfLx4Semh9UK/recaptcha__en.js HTTP/1.1 
Host: www.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://claimwell.com
Connection: keep-alive
Referer: https://claimwell.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.163
HTTP/2 200 OK
content-type: text/javascript
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162590
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 13 Nov 2022 09:37:41 GMT
expires: Mon, 13 Nov 2023 09:37:41 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 07 Nov 2022 23:32:29 GMT
age: 44142
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (668)
Size:   162590
Md5:    70dc760a0efad09d703883a39f7683b2
Sha1:   2bc70f2a100ff27d27a89d563dfe279590c8336b
Sha256: 2bc59eab94309c59fba62afa40dfd841fb83760714e9ec7248ce3e10ae05fd19
                                        
                                            POST /j/collect?v=1&_v=j98&aip=1&a=1196879566&t=pageview&_s=1&dl=https%3A%2F%2Fclaimwell.com%2F&ul=en-us&de=UTF-8&dt=Claimwell%20Homepage%20-%20Claimwell%20Technologies%20Inc.&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YCDACUABBAAAACAAI~&jid=280578442&gjid=1119738035&cid=1683895976.1668376402&tid=UA-207882829-1&_gid=824422944.1668376402&_r=1&gtm=2oub90&did=dZTNiMT&gdid=dZTNiMT&z=1821345513 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://claimwell.com
Connection: keep-alive
Referer: https://claimwell.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: https://claimwell.com
date: Sun, 13 Nov 2022 21:53:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    c4ca4238a0b923820dcc509a6f75849b
Sha1:   356a192b7913b04c54574d18c28d46e6395428ab
Sha256: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
                                        
                                            GET /p/4.13.5/js/player.module.js HTTP/1.1 
Host: f.vimeocdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0