Overview

URLclaimwell.com/aqq/docusign/docusign/
IP 151.101.130.159 (United States)
ASN#54113 FASTLY
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-13 12:55:25 UTC
StatusLoading report..
IDS alerts0
Blocklist alert35
urlquery alerts No alerts detected
Tags None

Domain Summary (17)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-13 05:52:25 UTC 34.117.237.239
www.google.com (1) 7 No data No data 142.250.74.164
www.gstatic.com (1) 0 No data No data 142.250.74.163 Domain (gstatic.com) ranked at: 540
www.google-analytics.com (1) 40 2012-10-03 01:04:21 UTC 2022-11-13 11:58:49 UTC 142.250.74.174
ocsp.pki.goog (10) 175 No data No data 142.250.74.3
fonts.googleapis.com (1) 8877 No data No data 142.250.74.10
ocsp.digicert.com (2) 86 No data No data 93.184.220.29
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 54.189.35.180
www.googletagmanager.com (1) 75 2013-05-22 02:07:37 UTC 2022-11-13 11:17:09 UTC 142.250.74.168
fonts.gstatic.com (2) 0 No data No data 216.58.207.195 Domain (gstatic.com) ranked at: 540
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
region1.google-analytics.com (1) 0 2022-03-17 11:26:33 UTC 2022-11-13 12:31:20 UTC 216.239.34.36 Domain (google-analytics.com) ranked at: 8401
claimwell.com (57) 0 No data No data 151.101.130.159 Unknown ranking
r3.o.lencr.org (7) 344 No data No data 23.36.77.32
firefox.settings.services.mozilla.com (2) 867 No data No data 34.102.187.140
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
claimwell.com (57) 0 No data No data Unknown ranking

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-13 2 claimwell.com/aqq/docusign/docusign/ Phishing
2022-11-13 2 claimwell.com/aqq/docusign/docusign/ Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/formidable/css/formidableforms.css?ver=10242250 Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/th-widget-pack/assets/icons/icons.css?ver= (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor- (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.8.0 Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/all. (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/v4-s (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/th-widget-pack/header-footer/assets/css/he (...) Phishing
2022-11-13 2 claimwell.com/wp-content/uploads/elementor/css/post-5004.css?ver=1667319981 Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/th-widget-pack/header-footer/inc/widgets-c (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/header-footer-elementor/inc/widgets-css/fr (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/soli (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-sh (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/font (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/bran (...) Phishing
2022-11-13 2 claimwell.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0 Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/font (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/th-widget-pack/js/themo-foot.js?ver=2.1.14 Phishing
2022-11-13 2 claimwell.com/wp-content/themes/stratusx/assets/js/main.js?ver=1.2 Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/essential-addons-for-elementor-lite/assets (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.j (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery (...) Phishing
2022-11-13 2 claimwell.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9 Phishing
2022-11-13 2 claimwell.com/wp-includes/js/dist/hooks.min.js?ver=c6d64f2cb8f5c6bb49caca37 (...) Phishing
2022-11-13 2 claimwell.com/wp-includes/js/dist/i18n.min.js?ver=ebee46757c6a411e38fd079a7 (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor-pro/assets/js/preloaded-elements (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ve (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/share-link/share-link (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sti (...) Phishing
2022-11-13 2 claimwell.com/wp-content/fonts/raleway/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCI (...) Phishing
2022-11-13 2 claimwell.com/wp-content/fonts/raleway/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVuEorCI (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts (...) Phishing
2022-11-13 2 claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts (...) Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 151.101.130.159
Date UQ / IDS / BL URL IP
2023-02-01 11:59:19 +0000 0 - 6 - 0 www.benningtongreen.co.uk/ 151.101.130.159
2023-01-28 20:01:01 +0000 0 - 2 - 0 www.doktor.se/ 151.101.130.159
2023-01-26 21:20:46 +0000 0 - 3 - 0 toronto.iabc.to/wp-login.php 151.101.130.159
2023-01-22 05:06:45 +0000 0 - 0 - 13 franosbarbershop.com/wp-content/verif.accs.se (...) 151.101.130.159
2023-01-14 22:19:11 +0000 0 - 0 - 2 infusetheplanet.com/wp-content/themes/twentys (...) 151.101.130.159


Last 5 reports on ASN: FASTLY
Date UQ / IDS / BL URL IP
2023-02-08 10:43:54 +0000 0 - 4 - 0 dev.to/intesar/ethicalcheckdev-free-api-secur (...) 151.101.2.217
2023-02-08 07:59:53 +0000 0 - 0 - 0 bio.site/antman2023bgsub 151.101.194.132
2023-02-08 07:55:47 +0000 0 - 0 - 0 bio.site/antman3subbg 151.101.194.132
2023-02-08 07:50:36 +0000 0 - 0 - 0 bio.site/2023antmanandthewaspbgsubub 151.101.130.132
2023-02-08 07:41:47 +0000 0 - 0 - 2 dev-bancolombiaaactualizacionnueva.pantheonsi (...) 23.185.0.1


Last 5 reports on domain: claimwell.com
Date UQ / IDS / BL URL IP
2022-11-13 21:55:20 +0000 0 - 0 - 44 www.claimwell.com/ 151.101.130.159
2022-11-13 21:54:31 +0000 0 - 0 - 44 claimwell.com/ 151.101.130.159
2022-11-13 21:53:30 +0000 0 - 0 - 44 www.claimwell.com/ 151.101.130.159
2022-11-13 21:49:53 +0000 0 - 0 - 36 claimwell.com/demo/auto/ 151.101.130.159
2022-11-13 12:57:54 +0000 0 - 0 - 36 claimwell.com/aqq/docusign/docusign/ 151.101.130.159


Last 2 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-11-13 12:57:54 +0000 0 - 0 - 36 claimwell.com/aqq/docusign/docusign/ 151.101.130.159
2022-11-13 21:49:53 +0000 0 - 0 - 36 claimwell.com/demo/auto/ 151.101.130.159

JavaScript

Executed Scripts (37)

Executed Evals (5)
#1 JavaScript::Eval (size: 15598) - SHA256: 5e98214e0abbdd815117694f4ba8fa352052ada859b5f327e5d5f65a3166d9a4
/* Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29t */
(function() {
    var T = this || self,
        n = function(D, A) {
            if ((A = (D = null, T.trustedTypes), !A) || !A.createPolicy) return D;
            try {
                D = A.createPolicy("bg", {
                    createHTML: e,
                    createScript: e,
                    createScriptURL: e
                })
            } catch (I) {
                T.console && T.console.error(I.message)
            }
            return D
        },
        e = function(D) {
            return D
        };
    (0, eval)(function(D, A) {
        return (A = n()) && 1 === D.eval(A.createScript("1")) ? function(I) {
            return A.createScript(I)
        } : function(I) {
            return "" + I
        }
    }(T)(Array(7824 * Math.random() | 0).join("\n") + '(function(){var u=function(A,I,D,n,M,T,e,g,h){if((D.J+=(((g=(M=(e=(h=(A||D.v++,0<D.R&&D.W&&D.FY&&1>=D.O&&!D.D&&!D.T&&(!A||1<D.Y-I))&&0==document.hidden,T=4==D.v)||h?D.H():D.u,e-D.u),M)>>14,D).I&&(D.I^=g*(M<<2)),D).h=g||D.h,g),T)||h)D.u=e,D.v=0;if(!h||e-D.C<D.R-(n?255:A?5:2))return false;return(d(D,411,(n=B(D,(D.Y=I,A?415:411)),D.A)),D.G).push([DG,n,A?I+1:I]),D.T=p,true},X,j0=function(A,I){return A[I]<<24|A[(I|0)+1]<<16|A[(I|0)+2]<<8|A[(I|0)+3]},B=function(A,I){if(A=A.U[I],void 0===A)throw[w,30,I];if(A.value)return A.create();return A.create(5*I*I+-98*I+-22),A.prototype},I3=function(A,I){if((I=q.trustedTypes,A=null,!I)||!I.createPolicy)return A;try{A=I.createPolicy("bg",{createHTML:Au,createScript:Au,createScriptURL:Au})}catch(D){q.console&&q.console.error(D.message)}return A},U=function(A,I,D){D[d(A,I,D),TH]=2796},gn=function(A,I,D,n){return B((d(D,((n=B(D,411),D.s)&&n<D.A?(d(D,411,D.A),e0(D,A)):d(D,411,A),ng(D,I),411),n),D),141)},hu=function(A,I,D,n,M,T){for(M=((D=(n=A[sL]||{},c(A)),n.qK=c(A),n).g=[],A).h==A?(P(A)|0)-1:1,I=c(A),T=0;T<M;T++)n.g.push(c(A));for(n.P=B(A,D);M--;)n.g[M]=B(A,n.g[M]);return n.UH=B(A,I),n},MO=function(A,I){(I.push(A[0]<<24|A[1]<<16|A[2]<<8|A[3]),I).push(A[4]<<24|A[5]<<16|A[6]<<8|A[7]),I.push(A[8]<<24|A[9]<<16|A[10]<<8|A[11])},Bh=function(A,I,D,n){function M(){}return n=a3(A,(D=void 0,function(T){M&&(I&&p(I),D=T,M(),M=void 0)}),!!I)[0],{invoke:function(T,e,g,h){function a(){D(function(Y){p(function(){T(Y)})},g)}if(!e)return e=n(g),T&&T(e),e;D?a():(h=M,M=function(){p((h(),a))})}}},Y0=function(A,I,D){if(3==A.length){for(D=0;3>D;D++)I[D]+=A[D];for(D=(A=[13,8,13,12,16,5,3,10,15],0);9>D;D++)I[3](I,D%3,A[D])}},e0=function(A,I){d(((A.fe.push(A.U.slice()),A).U[411]=void 0,A),411,I)},pg=function(A,I){return x[A](x.prototype,{floor:I,call:I,pop:I,propertyIsEnumerable:I,console:I,parent:I,length:I,document:I,prototype:I,replace:I,splice:I,stack:I})},E=function(A,I,D){D=this;try{ul(A,I,this)}catch(n){k(this,n),I(function(M){M(D.F)})}},q=this||self,o3=function(A,I){return(I=I.create().shift(),A.D).create().length||A.j.create().length||(A.D=void 0,A.j=void 0),I},a3=function(A,I,D,n){return(n=l[A.substring(0,3)+"_"])?n(A.substring(3),I,D):y1(A,I)},GH=function(A,I,D){if((D=typeof A,"object")==D)if(A){if(A instanceof Array)return"array";if(A instanceof Object)return D;if(I=Object.prototype.toString.call(A),"[object Window]"==I)return"object";if("[object Array]"==I||"number"==typeof A.length&&"undefined"!=typeof A.splice&&"undefined"!=typeof A.propertyIsEnumerable&&!A.propertyIsEnumerable("splice"))return"array";if("[object Function]"==I||"undefined"!=typeof A.call&&"undefined"!=typeof A.propertyIsEnumerable&&!A.propertyIsEnumerable("call"))return"function"}else return"null";else if("function"==D&&"undefined"==typeof A.call)return"object";return D},mt=function(A,I){return I=P(A),I&128&&(I=I&127|P(A)<<7),I},Wh=function(A,I,D,n,M,T){function e(){if(D.h==D){if(D.U){var g=[r,n,A,void 0,M,T,arguments];if(2==I)var h=C(D,false,(F(D,g),false));else if(1==I){var a=!D.G.length;F(D,g),a&&C(D,false,false)}else h=Xy(g,D);return h}M&&T&&M.removeEventListener(T,e,O)}}return e},c=function(A,I){if(A.D)return o3(A,A.j);return(I=z(A,8,true),I)&128&&(I^=128,A=z(A,2,true),I=(I<<2)+(A|0)),I},Xy=function(A,I,D,n,M){if((D=A[0],D)==J)I.X=25,I.i(A);else if(D==v){M=A[1];try{n=I.F||I.i(A)}catch(T){k(I,T),n=I.F}M(n)}else if(D==DG)I.i(A);else if(D==K)I.i(A);else if(D==Q1){try{for(n=0;n<I.N.length;n++)try{M=I.N[n],M[0][M[1]](M[2])}catch(T){}}catch(T){}(0,A[1])(function(T,e){I.o(T,true,e)},(I.N=[],function(T){F(I,(T=!I.G.length,[wn])),T&&C(I,false,true)}))}else{if(D==r)return n=A[2],d(I,103,A[6]),d(I,141,n),I.i(A);D==wn?(I.U=null,I.K=[],I.s=[]):D==TH&&"loading"===q.document.readyState&&(I.T=function(T,e){function g(){e||(e=true,T())}q.document.addEventListener("DOMContentLoaded",g,(e=false,O)),q.addEventListener("load",g,O)})}},P=function(A){return A.D?o3(A,A.j):z(A,8,true)},ng=function(A,I,D,n,M,T){if(!A.F){A.O++;try{for(T=void 0,D=0,M=A.A;--I;)try{if(n=void 0,A.D)T=o3(A,A.D);else{if(D=B(A,411),D>=M)break;T=B(A,(n=c((d(A,415,D),A)),n))}u(false,(T&&T[wn]&2048?T(A,I):V(A,[w,21,n],0),I),A,false)}catch(e){B(A,27)?V(A,e,22):d(A,27,e)}if(!I){if(A.Da){ng(A,(A.O--,342722082906));return}V(A,[w,33],0)}}catch(e){try{V(A,e,22)}catch(g){k(A,g)}}A.O--}},k=function(A,I){A.F=((A.F?A.F+"~":"E:")+I.message+":"+I.stack).slice(0,2048)},il=function(A,I,D,n,M){for(M=I=(A=A.replace(/\\r\\n/g,"\\n"),0),n=[];I<A.length;I++)D=A.charCodeAt(I),128>D?n[M++]=D:(2048>D?n[M++]=D>>6|192:(55296==(D&64512)&&I+1<A.length&&56320==(A.charCodeAt(I+1)&64512)?(D=65536+((D&1023)<<10)+(A.charCodeAt(++I)&1023),n[M++]=D>>18|240,n[M++]=D>>12&63|128):n[M++]=D>>12|224,n[M++]=D>>6&63|128),n[M++]=D&63|128);return n},Au=function(A){return A},qO=function(A,I,D){return(D=x[A.V](A.AG),D)[A.V]=function(){return I},D.concat=function(n){I=n},D},UL=function(A,I,D,n){for(n=(D=c(I),0);0<A;A--)n=n<<8|P(I);d(I,D,n)},ZG=function(A,I,D,n){S(L(A,(n=(D=c(I),c(I)),B(I,D))),I,n)},Hh=function(A,I,D){return I.o(function(n){D=n},false,A),D},L=function(A,I,D,n){for(D=(n=(A|0)-1,[]);0<=n;n--)D[(A|0)-1-(n|0)]=I>>8*n&255;return D},$0=function(A,I,D,n,M){for(n=0,M=A[2]|0,A=A[3]|0;14>n;n++)D=D>>>8|D<<24,D+=I|0,D^=M+2229,A=A>>>8|A<<24,I=I<<3|I>>>29,I^=D,A+=M|0,A^=n+2229,M=M<<3|M>>>29,M^=A;return[I>>>24&255,I>>>16&255,I>>>8&255,I>>>0&255,D>>>24&255,D>>>16&255,D>>>8&255,D>>>0&255]},S=function(A,I,D,n,M,T){if(I.h==I)for(T=B(I,D),114==D?(D=function(e,g,h,a){if(T.ne!=(h=(a=T.length,(a|0)-4>>3),h)){g=(h=(T.ne=h,h<<3)-4,[0,0,M[1],M[2]]);try{T.VZ=$0(g,j0(T,h),j0(T,(h|0)+4))}catch(Y){throw Y;}}T.push(T.VZ[a&7]^e)},M=B(I,352)):D=function(e){T.push(e)},n&&D(n&255),I=0,n=A.length;I<n;I++)D(A[I])},f=function(A,I){for(I=[];A--;)I.push(255*Math.random()|0);return I},C=function(A,I,D,n,M,T){if(A.G.length){A.W=!(A.FY=(A.W&&0(),D),0);try{n=A.H(),A.u=n,A.C=n,A.v=0,T=ch(A,D),M=A.H()-A.C,A.Z+=M,M<(I?0:10)||0>=A.X--||(M=Math.floor(M),A.K.push(254>=M?M:254))}finally{A.W=false}return T}},x0=function(A,I,D,n,M,T,e,g){return((T=x[(n=[10,(e=(M=Ph,A&7),-98),54,77,21,-31,n,51,-77,74],I).V](I.hG),T)[I.V]=function(h){e+=(g=h,6+7*A),e&=7},T).concat=function(h){return(h=(g=(h=+e- -5390*(h=D%16+1,D)*g+55*g*g-275*D*D*g- -1210*g+(M()|0)*h+n[e+19&7]*D*h-h*g+5*D*D*h,void 0),n[h]),n)[(e+45&7)+(A&2)]=h,n[e+(A&2)]=-98,h},T},z=function(A,I,D,n,M,T,e,g,h,a,Y,y,Q,m){if((h=B(A,411),h)>=A.A)throw[w,31];for(Q=(m=h,Y=(y=0,I),A.S5.length);0<Y;)n=m%8,e=m>>3,T=8-(n|0),T=T<Y?T:Y,M=A.s[e],D&&(g=A,g.S!=m>>6&&(g.S=m>>6,a=B(g,394),g.L=$0([0,0,a[1],a[2]],g.I,g.S)),M^=A.L[e&Q]),y|=(M>>8-(n|0)-(T|0)&(1<<T)-1)<<(Y|0)-(T|0),Y-=T,m+=T;return d(A,411,(h|(D=y,0))+(I|0)),D},ch=function(A,I,D,n){for(;A.G.length;){D=(A.T=null,A.G.pop());try{n=Xy(D,A)}catch(M){k(A,M)}if(I&&A.T){(I=A.T,I)(function(){C(A,true,true)});break}}return n},p=q.requestIdleCallback?function(A){requestIdleCallback(function(){A()},{timeout:4})}:q.setImmediate?function(A){setImmediate(A)}:function(A){setTimeout(A,0)},l,y1=function(A,I){return[(I(function(D){D(A)}),function(){return A})]},d=function(A,I,D){if(411==I||415==I)A.U[I]?A.U[I].concat(D):A.U[I]=qO(A,D);else{if(A.B&&394!=I)return;161==I||114==I||437==I||261==I||352==I?A.U[I]||(A.U[I]=x0(118,A,I,D)):A.U[I]=x0(121,A,I,D)}394==I&&(A.I=z(A,32,false),A.S=void 0)},F=function(A,I){A.G.splice(0,0,I)},ul=function(A,I,D,n,M){for(n=(M=((D.hG=pg((D.by=k0,D.kb=(D.S5=D[v],bl),D.V),{get:function(){return this.concat()}}),D).AG=x[D.V](D.hG,{value:{value:{}}}),[]),0);289>n;n++)M[n]=String.fromCharCode(n);C(D,(F(D,(F((F(D,(U(D,(d(D,239,(U(D,331,(U(D,(U(D,144,(U(D,(U(D,17,(U(D,(U(D,325,(d(D,161,[160,(d(D,(U(D,(D.sH=(U(D,(U(D,223,(d(D,424,(d(D,143,(U(D,(d(D,434,(d(D,352,(U(D,(U(D,194,(U(D,370,(d(D,437,(U(D,95,((U(D,154,(U((U(D,21,(U(D,(U(D,175,(U(D,129,(U(D,280,(d((d(D,100,(D.iy=(d(D,141,(U((U(D,(D.j5=(d(D,(d(D,(D.T=(D.FY=false,(D.O=0,D.G=[],D.D=(D.zX=function(T){this.h=T},D.B=false,D.C=0,void 0),(D.fe=[],D).j=(D.R=((D.F=void 0,D).J=1,0),n=(D.W=false,D.X=25,window.performance||{}),D.N=[],(D.h=D,D).L=void 0,(D.QZ=0,D.Z=0,D.s=[],D).S=((D.Y=8001,D).v=void 0,void 0),D.U=[],void 0),D.A=(D.u=(D.K=[],0),0),D).I=void 0,D.Hn=n.timeOrigin||(n.timing||{}).navigationStart||0,null),411),0),415),0),0),U(D,483,function(){}),360),function(T,e,g,h){h=(e=B(T,(g=(h=(e=c(T),c(T)),c(T)),e)),B(T,h)),d(T,g,e in h|0)}),D),202,function(T,e,g,h){d(T,(g=B(T,(h=B(T,(e=(h=c((g=c(T),T)),c(T)),h)),g))==h,e),+g)}),{})),0),0)),D),27,438),function(T,e,g,h,a){for(h=c(T),g=mt(T),a=[],e=0;e<g;e++)a.push(P(T));d(T,h,a)})),function(T,e,g,h,a,Y){u(true,e,T,false)||(g=hu(T.h),e=g.qK,h=g.UH,Y=g.g,a=Y.length,g=g.P,h=0==a?new h[g]:1==a?new h[g](Y[0]):2==a?new h[g](Y[0],Y[1]):3==a?new h[g](Y[0],Y[1],Y[2]):4==a?new h[g](Y[0],Y[1],Y[2],Y[3]):2(),d(T,e,h))})),function(T,e,g,h){if(e=T.fe.pop()){for(g=P(T);0<g;g--)h=c(T),e[h]=T.U[h];T.U=(e[424]=(e[261]=T.U[261],T.U)[424],e)}else d(T,411,T.A)})),127),function(T,e,g,h){!u(true,e,T,false)&&(e=hu(T),g=e.P,h=e.UH,T.h==T||g==T.zX&&h==T)&&(d(T,e.qK,g.apply(h,e.g)),T.u=T.H())}),function(T,e,g,h,a,Y,y){for(Y=(h=(g=mt((e=c(T),T)),a="",y=B(T,322),y.length),0);g--;)Y=((Y|0)+(mt(T)|0))%h,a+=M[y[Y]];d(T,e,a)})),D),336,function(T){ll(4,T)}),function(T,e){e0((e=B(T,c(T)),T.h),e)})),U(D,69,function(T){ll(3,T)}),U)(D,6,function(T,e,g){d(T,(g=GH((g=B(T,(g=c(T),e=c(T),g)),g)),e),g)}),function(T,e,g,h,a){d(T,(e=B(T,(h=B((a=B(T,(a=(e=c((h=c((g=c(T),T)),T)),c(T)),a)),T),h),e)),g),Wh(e,a,T,h))})),[])),function(T){ZG(1,T)})),function(T,e,g,h){(h=c((e=(g=c(T),P(T)),T)),d)(T,h,B(T,g)>>>e)})),201),function(T,e,g,h){d(T,(g=B(T,(e=B(T,(e=c(T),h=c(T),e)),h)),h),g+e)}),[0,0,0])),0)),151),function(T,e,g,h){(h=(e=c(T),c)(T),g=c(T),T).h==T&&(g=B(T,g),h=B(T,h),B(T,e)[h]=g,394==e&&(T.S=void 0,2==h&&(T.I=z(T,32,false),T.S=void 0)))}),q)),2048)),function(T,e,g,h){d(T,(e=(h=c((g=c(T),T)),c(T)),e),B(T,g)||B(T,h))})),215),function(T,e,g){u(true,e,T,false)||(e=c(T),g=c(T),d(T,g,function(h){return eval(h)}(EL(B(T.h,e)))))}),0),86),function(T,e,g,h){g=B(T,(e=c((g=c(T),T)),h=c(T),g)),e=B(T,e),d(T,h,g[e])}),261),[]),0),0]),function(T,e){T=B((e=c(T),T).h,e),T[0].removeEventListener(T[1],T[2],O)})),145),function(T){UL(4,T)}),function(T,e,g,h,a,Y){if(!u(true,e,T,true)){if("object"==GH((T=(g=B((Y=(e=(e=(Y=c(T),g=c(T),c(T)),a=c(T),B(T,e)),B(T,Y)),T),g),B(T,a)),Y))){for(h in a=[],Y)a.push(h);Y=a}for(a=(e=0<e?e:1,h=0,Y).length;h<a;h+=e)g(Y.slice(h,(h|0)+(e|0)),T)}})),171),function(T,e,g,h,a,Y,y,Q,m,Z,W,G){function N(H,b){for(;y<H;)m|=P(T)<<y,y+=8;return b=m&(y-=H,(1<<H)-1),m>>=H,b}for(G=(W=(Z=(h=(y=(g=c(T),m=0),(N(3)|0)+1),N)(5),0),Q=[],0);G<Z;G++)Y=N(1),Q.push(Y),W+=Y?0:1;for(G=(e=(W=((W|0)-1).toString(2).length,[]),0);G<Z;G++)Q[G]||(e[G]=N(W));for(W=0;W<Z;W++)Q[W]&&(e[W]=c(T));for(a=[];h--;)a.push(B(T,c(T)));U(T,g,function(H,b,t,R,dn){for(b=(dn=(t=[],[]),0);b<Z;b++){if(!Q[R=e[b],b]){for(;R>=t.length;)t.push(c(H));R=t[R]}dn.push(R)}H.j=qO(H,(H.D=qO(H,a.slice()),dn))})}),function(T,e,g,h,a){(h=(e=B(T,(a=(h=c((g=c(T),T)),e=c(T),c)(T),g=B(T.h,g),a=B(T,a),e)),B(T,h)),0!==g)&&(e=Wh(a,1,T,e,g,h),g.addEventListener(h,e,O),d(T,434,[g,h,e]))})),102),function(T,e,g){(g=B(T,(g=c((e=c(T),T)),g)),0!=B(T,e))&&d(T,411,g)}),d(D,114,f(4)),function(T,e,g){d(T,(e=c((g=c(T),T)),e),""+B(T,g))})),D)),15),function(T){ZG(4,T)}),[TH])),D),[K,A]),[Q1,I])),true),true)},V=function(A,I,D,n,M,T){if(!A.B){if(3<(I=B(A,(D=(M=B((n=void 0,I&&I[0]===w&&(D=I[1],n=I[2],I=void 0),A),261),0==M.length&&(T=B(A,415)>>3,M.push(D,T>>8&255,T&255),void 0!=n&&M.push(n&255)),""),I&&(I.message&&(D+=I.message),I.stack&&(D+=":"+I.stack)),424)),I)){A.h=(n=(D=il((I-=(D=D.slice(0,(I|0)-3),(D.length|0)+3),D)),A).h,A);try{S(L(2,D.length).concat(D),A,114,9)}finally{A.h=n}}d(A,424,I)}},ll=function(A,I,D,n,M){(n=(D=c((M=A&3,A&=4,I)),c(I)),D=B(I,D),A)&&(D=il(""+D)),M&&S(L(2,D.length),I,n),S(D,I,n)},NO=function(A,I,D,n){try{n=A[((I|0)+2)%3],A[I]=(A[I]|0)-(A[((I|0)+1)%3]|0)-(n|0)^(1==I?n<<D:n>>>D)}catch(M){throw M;}},O={passive:true,capture:true},sL=String.fromCharCode(105,110,116,101,103,67,104,101,99,107,66,121,112,97,115,115),K=[],r=[],DG=((E.prototype.uy=void 0,E.prototype).l="toString",[]),J=[],v=[],TH=[],w=(E.prototype.Ce=void 0,{}),Q1=(E.prototype.Da=false,[]),wn=[],Ph=(((((MO,function(){})(f),function(){})(NO),function(){})(Y0),E).prototype.V="create",void 0),x=w.constructor,bl=(((((((X=E.prototype,X.Iz=function(){return Math.floor(this.Z+(this.H()-this.C))},X.yZ=function(A,I,D,n,M,T){for(T=[],D=n=0;n<A.length;n++)for(M=M<<I|A[n],D+=I;7<D;)D-=8,T.push(M>>D&255);return T},X).H=(window.performance||{}).now?function(){return this.Hn+window.performance.now()}:function(){return+new Date},X).gd=function(A,I,D,n,M){for(M=n=0;n<A.length;n++)M+=A.charCodeAt(n),M+=M<<10,M^=M>>6;return n=(A=(M+=M<<3,M^=M>>11,M)+(M<<15)>>>0,new Number(A&(1<<I)-1)),n[0]=(A>>>I)%D,n},X).o=function(A,I,D,n,M){if(D="array"===GH(D)?D:[D],this.F)A(this.F);else try{M=!this.G.length,n=[],F(this,[J,n,D]),F(this,[v,A,n]),I&&!M||C(this,true,I)}catch(T){k(this,T),A(this.F)}},X.TX=function(){return Math.floor(this.H())},X.MK=function(A,I,D){return((I^=I<<13,I^=I>>17,I=(I^I<<5)&D)||(I=1),A)^I},E).prototype.i=function(A,I){return Ph=(A=(I={},{}),function(){return I==A?-22:-12}),function(D,n,M,T,e,g,h,a,Y,y,Q,m,Z,W,G){I=(T=I,A);try{if(a=D[0],a==K){g=D[1];try{for(G=Q=(e=(m=[],atob)(g),0);G<e.length;G++)W=e.charCodeAt(G),255<W&&(m[Q++]=W&255,W>>=8),m[Q++]=W;(this.A=(this.s=m,this).s.length<<3,d)(this,394,[0,0,0])}catch(N){V(this,N,17);return}ng(this,8001)}else if(a==J)D[1].push(B(this,161).length,B(this,437).length,B(this,114).length,B(this,424)),d(this,141,D[2]),this.U[307]&&gn(B(this,307),8001,this);else{if(a==v){M=L(2,((m=D[2],B(this,161).length)|0)+2),y=this.h,this.h=this;try{h=B(this,261),0<h.length&&S(L(2,h.length).concat(h),this,161,10),S(L(1,this.J),this,161,109),S(L(1,this[v].length),this,161),e=0,n=B(this,114),e-=(B(this,161).length|0)+5,e+=B(this,100)&2047,4<n.length&&(e-=(n.length|0)+3),0<e&&S(L(2,e).concat(f(e)),this,161,15),4<n.length&&S(L(2,n.length).concat(n),this,161,156)}finally{this.h=y}if(((G=f(2).concat(B(this,161)),G)[1]=G[0]^6,G)[3]=G[1]^M[0],G[4]=G[1]^M[1],Z=this.GX(G))Z="!"+Z;else for(e=0,Z="";e<G.length;e++)Y=G[e][this.l](16),1==Y.length&&(Y="0"+Y),Z+=Y;return d(this,424,(B(this,(B(((Q=Z,B)(this,161).length=m.shift(),this),437).length=m.shift(),114)).length=m.shift(),m.shift())),Q}if(a==DG)gn(D[1],D[2],this);else if(a==r)return gn(D[1],8001,this)}}finally{I=T}}}(),E.prototype).OH=0,E.prototype.EH=0,E.prototype).GX=function(A,I,D,n){if(D=window.btoa){for(I="",n=0;n<A.length;n+=8192)I+=String.fromCharCode.apply(null,A.slice(n,n+8192));A=D(I).replace(/\\+/g,"-").replace(/\\//g,"_").replace(/=/g,"")}else A=void 0;return A},/./),k0,rn=K.pop.bind((E.prototype[Q1]=[0,0,1,1,0,1,1],E.prototype[J])),EL=((k0=pg(E.prototype.V,(bl[E.prototype.l]=rn,{get:rn})),E.prototype).e5=void 0,function(A,I){return(I=I3())&&1===A.eval(I.createScript("1"))?function(D){return I.createScript(D)}:function(D){return""+D}})(q);40<(l=q.botguard||(q.botguard={}),l.m)||(l.m=41,l.bg=Bh,l.a=a3),l.yDq_=function(A,I,D){return[(D=new E(A,I),function(n){return Hh(n,D)})]};}).call(this);'));
}).call(this);
#2 JavaScript::Eval (size: 60) - SHA256: dcbc8087c9f3488411409f0a3c9069e6a40b27851598c7a72361e97785aa874d
0,
function(T, e, g) {
    d(T, (g = c(T), e = c(T), g = T.U[g] && B(T, g), e), g)
}
#3 JavaScript::Eval (size: 17553) - SHA256: b07d2b65360ee35f58da52d48094d6f71a5dd4a946773fd72a5270fcce42014c
(function() {
    var u = function(A, I, D, n, M, T, e, g, h) {
            if ((D.J += (((g = (M = (e = (h = (A || D.v++, 0 < D.R && D.W && D.FY && 1 >= D.O && !D.D && !D.T && (!A || 1 < D.Y - I)) && 0 == document.hidden, T = 4 == D.v) || h ? D.H() : D.u, e - D.u), M) >> 14, D).I && (D.I ^= g * (M << 2)), D).h = g || D.h, g), T) || h) D.u = e, D.v = 0;
            if (!h || e - D.C < D.R - (n ? 255 : A ? 5 : 2)) return false;
            return (d(D, 411, (n = B(D, (D.Y = I, A ? 415 : 411)), D.A)), D.G).push([DG, n, A ? I + 1 : I]), D.T = p, true
        },
        X, j0 = function(A, I) {
            return A[I] << 24 | A[(I | 0) + 1] << 16 | A[(I | 0) + 2] << 8 | A[(I | 0) + 3]
        },
        B = function(A, I) {
            if (A = A.U[I], void 0 === A) throw [w, 30, I];
            if (A.value) return A.create();
            return A.create(5 * I * I + -98 * I + -22), A.prototype
        },
        I3 = function(A, I) {
            if ((I = q.trustedTypes, A = null, !I) || !I.createPolicy) return A;
            try {
                A = I.createPolicy("bg", {
                    createHTML: Au,
                    createScript: Au,
                    createScriptURL: Au
                })
            } catch (D) {
                q.console && q.console.error(D.message)
            }
            return A
        },
        U = function(A, I, D) {
            D[d(A, I, D), TH] = 2796
        },
        gn = function(A, I, D, n) {
            return B((d(D, ((n = B(D, 411), D.s) && n < D.A ? (d(D, 411, D.A), e0(D, A)) : d(D, 411, A), ng(D, I), 411), n), D), 141)
        },
        hu = function(A, I, D, n, M, T) {
            for (M = ((D = (n = A[sL] || {}, c(A)), n.qK = c(A), n).g = [], A).h == A ? (P(A) | 0) - 1 : 1, I = c(A), T = 0; T < M; T++) n.g.push(c(A));
            for (n.P = B(A, D); M--;) n.g[M] = B(A, n.g[M]);
            return n.UH = B(A, I), n
        },
        MO = function(A, I) {
            (I.push(A[0] << 24 | A[1] << 16 | A[2] << 8 | A[3]), I).push(A[4] << 24 | A[5] << 16 | A[6] << 8 | A[7]), I.push(A[8] << 24 | A[9] << 16 | A[10] << 8 | A[11])
        },
        Bh = function(A, I, D, n) {
            function M() {}
            return n = a3(A, (D = void 0, function(T) {
                M && (I && p(I), D = T, M(), M = void 0)
            }), !!I)[0], {
                invoke: function(T, e, g, h) {
                    function a() {
                        D(function(Y) {
                            p(function() {
                                T(Y)
                            })
                        }, g)
                    }
                    if (!e) return e = n(g), T && T(e), e;
                    D ? a() : (h = M, M = function() {
                        p((h(), a))
                    })
                }
            }
        },
        Y0 = function(A, I, D) {
            if (3 == A.length) {
                for (D = 0; 3 > D; D++) I[D] += A[D];
                for (D = (A = [13, 8, 13, 12, 16, 5, 3, 10, 15], 0); 9 > D; D++) I[3](I, D % 3, A[D])
            }
        },
        e0 = function(A, I) {
            d(((A.fe.push(A.U.slice()), A).U[411] = void 0, A), 411, I)
        },
        pg = function(A, I) {
            return x[A](x.prototype, {
                floor: I,
                call: I,
                pop: I,
                propertyIsEnumerable: I,
                console: I,
                parent: I,
                length: I,
                document: I,
                prototype: I,
                replace: I,
                splice: I,
                stack: I
            })
        },
        E = function(A, I, D) {
            D = this;
            try {
                ul(A, I, this)
            } catch (n) {
                k(this, n), I(function(M) {
                    M(D.F)
                })
            }
        },
        q = this || self,
        o3 = function(A, I) {
            return (I = I.create().shift(), A.D).create().length || A.j.create().length || (A.D = void 0, A.j = void 0), I
        },
        a3 = function(A, I, D, n) {
            return (n = l[A.substring(0, 3) + "_"]) ? n(A.substring(3), I, D) : y1(A, I)
        },
        GH = function(A, I, D) {
            if ((D = typeof A, "object") == D)
                if (A) {
                    if (A instanceof Array) return "array";
                    if (A instanceof Object) return D;
                    if (I = Object.prototype.toString.call(A), "[object Window]" == I) return "object";
                    if ("[object Array]" == I || "number" == typeof A.length && "undefined" != typeof A.splice && "undefined" != typeof A.propertyIsEnumerable && !A.propertyIsEnumerable("splice")) return "array";
                    if ("[object Function]" == I || "undefined" != typeof A.call && "undefined" != typeof A.propertyIsEnumerable && !A.propertyIsEnumerable("call")) return "function"
                } else return "null";
            else if ("function" == D && "undefined" == typeof A.call) return "object";
            return D
        },
        mt = function(A, I) {
            return I = P(A), I & 128 && (I = I & 127 | P(A) << 7), I
        },
        Wh = function(A, I, D, n, M, T) {
            function e() {
                if (D.h == D) {
                    if (D.U) {
                        var g = [r, n, A, void 0, M, T, arguments];
                        if (2 == I) var h = C(D, false, (F(D, g), false));
                        else if (1 == I) {
                            var a = !D.G.length;
                            F(D, g), a && C(D, false, false)
                        } else h = Xy(g, D);
                        return h
                    }
                    M && T && M.removeEventListener(T, e, O)
                }
            }
            return e
        },
        c = function(A, I) {
            if (A.D) return o3(A, A.j);
            return (I = z(A, 8, true), I) & 128 && (I ^= 128, A = z(A, 2, true), I = (I << 2) + (A | 0)), I
        },
        Xy = function(A, I, D, n, M) {
            if ((D = A[0], D) == J) I.X = 25, I.i(A);
            else if (D == v) {
                M = A[1];
                try {
                    n = I.F || I.i(A)
                } catch (T) {
                    k(I, T), n = I.F
                }
                M(n)
            } else if (D == DG) I.i(A);
            else if (D == K) I.i(A);
            else if (D == Q1) {
                try {
                    for (n = 0; n < I.N.length; n++) try {
                        M = I.N[n], M[0][M[1]](M[2])
                    } catch (T) {}
                } catch (T) {}(0, A[1])(function(T, e) {
                    I.o(T, true, e)
                }, (I.N = [], function(T) {
                    F(I, (T = !I.G.length, [wn])), T && C(I, false, true)
                }))
            } else {
                if (D == r) return n = A[2], d(I, 103, A[6]), d(I, 141, n), I.i(A);
                D == wn ? (I.U = null, I.K = [], I.s = []) : D == TH && "loading" === q.document.readyState && (I.T = function(T, e) {
                    function g() {
                        e || (e = true, T())
                    }
                    q.document.addEventListener("DOMContentLoaded", g, (e = false, O)), q.addEventListener("load", g, O)
                })
            }
        },
        P = function(A) {
            return A.D ? o3(A, A.j) : z(A, 8, true)
        },
        ng = function(A, I, D, n, M, T) {
            if (!A.F) {
                A.O++;
                try {
                    for (T = void 0, D = 0, M = A.A; --I;) try {
                        if (n = void 0, A.D) T = o3(A, A.D);
                        else {
                            if (D = B(A, 411), D >= M) break;
                            T = B(A, (n = c((d(A, 415, D), A)), n))
                        }
                        u(false, (T && T[wn] & 2048 ? T(A, I) : V(A, [w, 21, n], 0), I), A, false)
                    } catch (e) {
                        B(A, 27) ? V(A, e, 22) : d(A, 27, e)
                    }
                    if (!I) {
                        if (A.Da) {
                            ng(A, (A.O--, 342722082906));
                            return
                        }
                        V(A, [w, 33], 0)
                    }
                } catch (e) {
                    try {
                        V(A, e, 22)
                    } catch (g) {
                        k(A, g)
                    }
                }
                A.O--
            }
        },
        k = function(A, I) {
            A.F = ((A.F ? A.F + "~" : "E:") + I.message + ":" + I.stack).slice(0, 2048)
        },
        il = function(A, I, D, n, M) {
            for (M = I = (A = A.replace(/\r\n/g, "\n"), 0), n = []; I < A.length; I++) D = A.charCodeAt(I), 128 > D ? n[M++] = D : (2048 > D ? n[M++] = D >> 6 | 192 : (55296 == (D & 64512) && I + 1 < A.length && 56320 == (A.charCodeAt(I + 1) & 64512) ? (D = 65536 + ((D & 1023) << 10) + (A.charCodeAt(++I) & 1023), n[M++] = D >> 18 | 240, n[M++] = D >> 12 & 63 | 128) : n[M++] = D >> 12 | 224, n[M++] = D >> 6 & 63 | 128), n[M++] = D & 63 | 128);
            return n
        },
        Au = function(A) {
            return A
        },
        qO = function(A, I, D) {
            return (D = x[A.V](A.AG), D)[A.V] = function() {
                return I
            }, D.concat = function(n) {
                I = n
            }, D
        },
        UL = function(A, I, D, n) {
            for (n = (D = c(I), 0); 0 < A; A--) n = n << 8 | P(I);
            d(I, D, n)
        },
        ZG = function(A, I, D, n) {
            S(L(A, (n = (D = c(I), c(I)), B(I, D))), I, n)
        },
        Hh = function(A, I, D) {
            return I.o(function(n) {
                D = n
            }, false, A), D
        },
        L = function(A, I, D, n) {
            for (D = (n = (A | 0) - 1, []); 0 <= n; n--) D[(A | 0) - 1 - (n | 0)] = I >> 8 * n & 255;
            return D
        },
        $0 = function(A, I, D, n, M) {
            for (n = 0, M = A[2] | 0, A = A[3] | 0; 14 > n; n++) D = D >>> 8 | D << 24, D += I | 0, D ^= M + 2229, A = A >>> 8 | A << 24, I = I << 3 | I >>> 29, I ^= D, A += M | 0, A ^= n + 2229, M = M << 3 | M >>> 29, M ^= A;
            return [I >>> 24 & 255, I >>> 16 & 255, I >>> 8 & 255, I >>> 0 & 255, D >>> 24 & 255, D >>> 16 & 255, D >>> 8 & 255, D >>> 0 & 255]
        },
        S = function(A, I, D, n, M, T) {
            if (I.h == I)
                for (T = B(I, D), 114 == D ? (D = function(e, g, h, a) {
                        if (T.ne != (h = (a = T.length, (a | 0) - 4 >> 3), h)) {
                            g = (h = (T.ne = h, h << 3) - 4, [0, 0, M[1], M[2]]);
                            try {
                                T.VZ = $0(g, j0(T, h), j0(T, (h | 0) + 4))
                            } catch (Y) {
                                throw Y;
                            }
                        }
                        T.push(T.VZ[a & 7] ^ e)
                    }, M = B(I, 352)) : D = function(e) {
                        T.push(e)
                    }, n && D(n & 255), I = 0, n = A.length; I < n; I++) D(A[I])
        },
        f = function(A, I) {
            for (I = []; A--;) I.push(255 * Math.random() | 0);
            return I
        },
        C = function(A, I, D, n, M, T) {
            if (A.G.length) {
                A.W = !(A.FY = (A.W && 0(), D), 0);
                try {
                    n = A.H(), A.u = n, A.C = n, A.v = 0, T = ch(A, D), M = A.H() - A.C, A.Z += M, M < (I ? 0 : 10) || 0 >= A.X-- || (M = Math.floor(M), A.K.push(254 >= M ? M : 254))
                } finally {
                    A.W = false
                }
                return T
            }
        },
        x0 = function(A, I, D, n, M, T, e, g) {
            return ((T = x[(n = [10, (e = (M = Ph, A & 7), -98), 54, 77, 21, -31, n, 51, -77, 74], I).V](I.hG), T)[I.V] = function(h) {
                e += (g = h, 6 + 7 * A), e &= 7
            }, T).concat = function(h) {
                return (h = (g = (h = +e - -5390 * (h = D % 16 + 1, D) * g + 55 * g * g - 275 * D * D * g - -1210 * g + (M() | 0) * h + n[e + 19 & 7] * D * h - h * g + 5 * D * D * h, void 0), n[h]), n)[(e + 45 & 7) + (A & 2)] = h, n[e + (A & 2)] = -98, h
            }, T
        },
        z = function(A, I, D, n, M, T, e, g, h, a, Y, y, Q, m) {
            if ((h = B(A, 411), h) >= A.A) throw [w, 31];
            for (Q = (m = h, Y = (y = 0, I), A.S5.length); 0 < Y;) n = m % 8, e = m >> 3, T = 8 - (n | 0), T = T < Y ? T : Y, M = A.s[e], D && (g = A, g.S != m >> 6 && (g.S = m >> 6, a = B(g, 394), g.L = $0([0, 0, a[1], a[2]], g.I, g.S)), M ^= A.L[e & Q]), y |= (M >> 8 - (n | 0) - (T | 0) & (1 << T) - 1) << (Y | 0) - (T | 0), Y -= T, m += T;
            return d(A, 411, (h | (D = y, 0)) + (I | 0)), D
        },
        ch = function(A, I, D, n) {
            for (; A.G.length;) {
                D = (A.T = null, A.G.pop());
                try {
                    n = Xy(D, A)
                } catch (M) {
                    k(A, M)
                }
                if (I && A.T) {
                    (I = A.T, I)(function() {
                        C(A, true, true)
                    });
                    break
                }
            }
            return n
        },
        p = q.requestIdleCallback ? function(A) {
            requestIdleCallback(function() {
                A()
            }, {
                timeout: 4
            })
        } : q.setImmediate ? function(A) {
            setImmediate(A)
        } : function(A) {
            setTimeout(A, 0)
        },
        l, y1 = function(A, I) {
            return [(I(function(D) {
                D(A)
            }), function() {
                return A
            })]
        },
        d = function(A, I, D) {
            if (411 == I || 415 == I) A.U[I] ? A.U[I].concat(D) : A.U[I] = qO(A, D);
            else {
                if (A.B && 394 != I) return;
                161 == I || 114 == I || 437 == I || 261 == I || 352 == I ? A.U[I] || (A.U[I] = x0(118, A, I, D)) : A.U[I] = x0(121, A, I, D)
            }
            394 == I && (A.I = z(A, 32, false), A.S = void 0)
        },
        F = function(A, I) {
            A.G.splice(0, 0, I)
        },
        ul = function(A, I, D, n, M) {
            for (n = (M = ((D.hG = pg((D.by = k0, D.kb = (D.S5 = D[v], bl), D.V), {get: function() {
                        return this.concat()
                    }
                }), D).AG = x[D.V](D.hG, {
                    value: {
                        value: {}
                    }
                }), []), 0); 289 > n; n++) M[n] = String.fromCharCode(n);
            C(D, (F(D, (F((F(D, (U(D, (d(D, 239, (U(D, 331, (U(D, (U(D, 144, (U(D, (U(D, 17, (U(D, (U(D, 325, (d(D, 161, [160, (d(D, (U(D, (D.sH = (U(D, (U(D, 223, (d(D, 424, (d(D, 143, (U(D, (d(D, 434, (d(D, 352, (U(D, (U(D, 194, (U(D, 370, (d(D, 437, (U(D, 95, ((U(D, 154, (U((U(D, 21, (U(D, (U(D, 175, (U(D, 129, (U(D, 280, (d((d(D, 100, (D.iy = (d(D, 141, (U((U(D, (D.j5 = (d(D, (d(D, (D.T = (D.FY = false, (D.O = 0, D.G = [], D.D = (D.zX = function(T) {
                this.h = T
            }, D.B = false, D.C = 0, void 0), (D.fe = [], D).j = (D.R = ((D.F = void 0, D).J = 1, 0), n = (D.W = false, D.X = 25, window.performance || {}), D.N = [], (D.h = D, D).L = void 0, (D.QZ = 0, D.Z = 0, D.s = [], D).S = ((D.Y = 8001, D).v = void 0, void 0), D.U = [], void 0), D.A = (D.u = (D.K = [], 0), 0), D).I = void 0, D.Hn = n.timeOrigin || (n.timing || {}).navigationStart || 0, null), 411), 0), 415), 0), 0), U(D, 483, function() {}), 360), function(T, e, g, h) {
                h = (e = B(T, (g = (h = (e = c(T), c(T)), c(T)), e)), B(T, h)), d(T, g, e in h | 0)
            }), D), 202, function(T, e, g, h) {
                d(T, (g = B(T, (h = B(T, (e = (h = c((g = c(T), T)), c(T)), h)), g)) == h, e), +g)
            }), {})), 0), 0)), D), 27, 438), function(T, e, g, h, a) {
                for (h = c(T), g = mt(T), a = [], e = 0; e < g; e++) a.push(P(T));
                d(T, h, a)
            })), function(T, e, g, h, a, Y) {
                u(true, e, T, false) || (g = hu(T.h), e = g.qK, h = g.UH, Y = g.g, a = Y.length, g = g.P, h = 0 == a ? new h[g] : 1 == a ? new h[g](Y[0]) : 2 == a ? new h[g](Y[0], Y[1]) : 3 == a ? new h[g](Y[0], Y[1], Y[2]) : 4 == a ? new h[g](Y[0], Y[1], Y[2], Y[3]) : 2(), d(T, e, h))
            })), function(T, e, g, h) {
                if (e = T.fe.pop()) {
                    for (g = P(T); 0 < g; g--) h = c(T), e[h] = T.U[h];
                    T.U = (e[424] = (e[261] = T.U[261], T.U)[424], e)
                } else d(T, 411, T.A)
            })), 127), function(T, e, g, h) {
                !u(true, e, T, false) && (e = hu(T), g = e.P, h = e.UH, T.h == T || g == T.zX && h == T) && (d(T, e.qK, g.apply(h, e.g)), T.u = T.H())
            }), function(T, e, g, h, a, Y, y) {
                for (Y = (h = (g = mt((e = c(T), T)), a = "", y = B(T, 322), y.length), 0); g--;) Y = ((Y | 0) + (mt(T) | 0)) % h, a += M[y[Y]];
                d(T, e, a)
            })), D), 336, function(T) {
                ll(4, T)
            }), function(T, e) {
                e0((e = B(T, c(T)), T.h), e)
            })), U(D, 69, function(T) {
                ll(3, T)
            }), U)(D, 6, function(T, e, g) {
                d(T, (g = GH((g = B(T, (g = c(T), e = c(T), g)), g)), e), g)
            }), function(T, e, g, h, a) {
                d(T, (e = B(T, (h = B((a = B(T, (a = (e = c((h = c((g = c(T), T)), T)), c(T)), a)), T), h), e)), g), Wh(e, a, T, h))
            })), [])), function(T) {
                ZG(1, T)
            })), function(T, e, g, h) {
                (h = c((e = (g = c(T), P(T)), T)), d)(T, h, B(T, g) >>> e)
            })), 201), function(T, e, g, h) {
                d(T, (g = B(T, (e = B(T, (e = c(T), h = c(T), e)), h)), h), g + e)
            }), [0, 0, 0])), 0)), 151), function(T, e, g, h) {
                (h = (e = c(T), c)(T), g = c(T), T).h == T && (g = B(T, g), h = B(T, h), B(T, e)[h] = g, 394 == e && (T.S = void 0, 2 == h && (T.I = z(T, 32, false), T.S = void 0)))
            }), q)), 2048)), function(T, e, g, h) {
                d(T, (e = (h = c((g = c(T), T)), c(T)), e), B(T, g) || B(T, h))
            })), 215), function(T, e, g) {
                u(true, e, T, false) || (e = c(T), g = c(T), d(T, g, function(h) {
                    return eval(h)
                }(EL(B(T.h, e)))))
            }), 0), 86), function(T, e, g, h) {
                g = B(T, (e = c((g = c(T), T)), h = c(T), g)), e = B(T, e), d(T, h, g[e])
            }), 261), []), 0), 0]), function(T, e) {
                T = B((e = c(T), T).h, e), T[0].removeEventListener(T[1], T[2], O)
            })), 145), function(T) {
                UL(4, T)
            }), function(T, e, g, h, a, Y) {
                if (!u(true, e, T, true)) {
                    if ("object" == GH((T = (g = B((Y = (e = (e = (Y = c(T), g = c(T), c(T)), a = c(T), B(T, e)), B(T, Y)), T), g), B(T, a)), Y))) {
                        for (h in a = [], Y) a.push(h);
                        Y = a
                    }
                    for (a = (e = 0 < e ? e : 1, h = 0, Y).length; h < a; h += e) g(Y.slice(h, (h | 0) + (e | 0)), T)
                }
            })), 171), function(T, e, g, h, a, Y, y, Q, m, Z, W, G) {
                function N(H, b) {
                    for (; y < H;) m |= P(T) << y, y += 8;
                    return b = m & (y -= H, (1 << H) - 1), m >>= H, b
                }
                for (G = (W = (Z = (h = (y = (g = c(T), m = 0), (N(3) | 0) + 1), N)(5), 0), Q = [], 0); G < Z; G++) Y = N(1), Q.push(Y), W += Y ? 0 : 1;
                for (G = (e = (W = ((W | 0) - 1).toString(2).length, []), 0); G < Z; G++) Q[G] || (e[G] = N(W));
                for (W = 0; W < Z; W++) Q[W] && (e[W] = c(T));
                for (a = []; h--;) a.push(B(T, c(T)));
                U(T, g, function(H, b, t, R, dn) {
                    for (b = (dn = (t = [], []), 0); b < Z; b++) {
                        if (!Q[R = e[b], b]) {
                            for (; R >= t.length;) t.push(c(H));
                            R = t[R]
                        }
                        dn.push(R)
                    }
                    H.j = qO(H, (H.D = qO(H, a.slice()), dn))
                })
            }), function(T, e, g, h, a) {
                (h = (e = B(T, (a = (h = c((g = c(T), T)), e = c(T), c)(T), g = B(T.h, g), a = B(T, a), e)), B(T, h)), 0 !== g) && (e = Wh(a, 1, T, e, g, h), g.addEventListener(h, e, O), d(T, 434, [g, h, e]))
            })), 102), function(T, e, g) {
                (g = B(T, (g = c((e = c(T), T)), g)), 0 != B(T, e)) && d(T, 411, g)
            }), d(D, 114, f(4)), function(T, e, g) {
                d(T, (e = c((g = c(T), T)), e), "" + B(T, g))
            })), D)), 15), function(T) {
                ZG(4, T)
            }), [TH])), D), [K, A]), [Q1, I])), true), true)
        },
        V = function(A, I, D, n, M, T) {
            if (!A.B) {
                if (3 < (I = B(A, (D = (M = B((n = void 0, I && I[0] === w && (D = I[1], n = I[2], I = void 0), A), 261), 0 == M.length && (T = B(A, 415) >> 3, M.push(D, T >> 8 & 255, T & 255), void 0 != n && M.push(n & 255)), ""), I && (I.message && (D += I.message), I.stack && (D += ":" + I.stack)), 424)), I)) {
                    A.h = (n = (D = il((I -= (D = D.slice(0, (I | 0) - 3), (D.length | 0) + 3), D)), A).h, A);
                    try {
                        S(L(2, D.length).concat(D), A, 114, 9)
                    } finally {
                        A.h = n
                    }
                }
                d(A, 424, I)
            }
        },
        ll = function(A, I, D, n, M) {
            (n = (D = c((M = A & 3, A &= 4, I)), c(I)), D = B(I, D), A) && (D = il("" + D)), M && S(L(2, D.length), I, n), S(D, I, n)
        },
        NO = function(A, I, D, n) {
            try {
                n = A[((I | 0) + 2) % 3], A[I] = (A[I] | 0) - (A[((I | 0) + 1) % 3] | 0) - (n | 0) ^ (1 == I ? n << D : n >>> D)
            } catch (M) {
                throw M;
            }
        },
        O = {
            passive: true,
            capture: true
        },
        sL = String.fromCharCode(105, 110, 116, 101, 103, 67, 104, 101, 99, 107, 66, 121, 112, 97, 115, 115),
        K = [],
        r = [],
        DG = ((E.prototype.uy = void 0, E.prototype).l = "toString", []),
        J = [],
        v = [],
        TH = [],
        w = (E.prototype.Ce = void 0, {}),
        Q1 = (E.prototype.Da = false, []),
        wn = [],
        Ph = (((((MO, function() {})(f), function() {})(NO), function() {})(Y0), E).prototype.V = "create", void 0),
        x = w.constructor,
        bl = (((((((X = E.prototype, X.Iz = function() {
            return Math.floor(this.Z + (this.H() - this.C))
        }, X.yZ = function(A, I, D, n, M, T) {
            for (T = [], D = n = 0; n < A.length; n++)
                for (M = M << I | A[n], D += I; 7 < D;) D -= 8, T.push(M >> D & 255);
            return T
        }, X).H = (window.performance || {}).now ? function() {
            return this.Hn + window.performance.now()
        } : function() {
            return +new Date
        }, X).gd = function(A, I, D, n, M) {
            for (M = n = 0; n < A.length; n++) M += A.charCodeAt(n), M += M << 10, M ^= M >> 6;
            return n = (A = (M += M << 3, M ^= M >> 11, M) + (M << 15) >>> 0, new Number(A & (1 << I) - 1)), n[0] = (A >>> I) % D, n
        }, X).o = function(A, I, D, n, M) {
            if (D = "array" === GH(D) ? D : [D], this.F) A(this.F);
            else try {
                M = !this.G.length, n = [], F(this, [J, n, D]), F(this, [v, A, n]), I && !M || C(this, true, I)
            } catch (T) {
                k(this, T), A(this.F)
            }
        }, X.TX = function() {
            return Math.floor(this.H())
        }, X.MK = function(A, I, D) {
            return ((I ^= I << 13, I ^= I >> 17, I = (I ^ I << 5) & D) || (I = 1), A) ^ I
        }, E).prototype.i = function(A, I) {
            return Ph = (A = (I = {}, {}), function() {
                    return I == A ? -22 : -12
                }),
                function(D, n, M, T, e, g, h, a, Y, y, Q, m, Z, W, G) {
                    I = (T = I, A);
                    try {
                        if (a = D[0], a == K) {
                            g = D[1];
                            try {
                                for (G = Q = (e = (m = [], atob)(g), 0); G < e.length; G++) W = e.charCodeAt(G), 255 < W && (m[Q++] = W & 255, W >>= 8), m[Q++] = W;
                                (this.A = (this.s = m, this).s.length << 3, d)(this, 394, [0, 0, 0])
                            } catch (N) {
                                V(this, N, 17);
                                return
                            }
                            ng(this, 8001)
                        } else if (a == J) D[1].push(B(this, 161).length, B(this, 437).length, B(this, 114).length, B(this, 424)), d(this, 141, D[2]), this.U[307] && gn(B(this, 307), 8001, this);
                        else {
                            if (a == v) {
                                M = L(2, ((m = D[2], B(this, 161).length) | 0) + 2), y = this.h, this.h = this;
                                try {
                                    h = B(this, 261), 0 < h.length && S(L(2, h.length).concat(h), this, 161, 10), S(L(1, this.J), this, 161, 109), S(L(1, this[v].length), this, 161), e = 0, n = B(this, 114), e -= (B(this, 161).length | 0) + 5, e += B(this, 100) & 2047, 4 < n.length && (e -= (n.length | 0) + 3), 0 < e && S(L(2, e).concat(f(e)), this, 161, 15), 4 < n.length && S(L(2, n.length).concat(n), this, 161, 156)
                                } finally {
                                    this.h = y
                                }
                                if (((G = f(2).concat(B(this, 161)), G)[1] = G[0] ^ 6, G)[3] = G[1] ^ M[0], G[4] = G[1] ^ M[1], Z = this.GX(G)) Z = "!" + Z;
                                else
                                    for (e = 0, Z = ""; e < G.length; e++) Y = G[e][this.l](16), 1 == Y.length && (Y = "0" + Y), Z += Y;
                                return d(this, 424, (B(this, (B(((Q = Z, B)(this, 161).length = m.shift(), this), 437).length = m.shift(), 114)).length = m.shift(), m.shift())), Q
                            }
                            if (a == DG) gn(D[1], D[2], this);
                            else if (a == r) return gn(D[1], 8001, this)
                        }
                    } finally {
                        I = T
                    }
                }
        }(), E.prototype).OH = 0, E.prototype.EH = 0, E.prototype).GX = function(A, I, D, n) {
            if (D = window.btoa) {
                for (I = "", n = 0; n < A.length; n += 8192) I += String.fromCharCode.apply(null, A.slice(n, n + 8192));
                A = D(I).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "")
            } else A = void 0;
            return A
        }, /./),
        k0, rn = K.pop.bind((E.prototype[Q1] = [0, 0, 1, 1, 0, 1, 1], E.prototype[J])),
        EL = ((k0 = pg(E.prototype.V, (bl[E.prototype.l] = rn, {get: rn
        })), E.prototype).e5 = void 0, function(A, I) {
            return (I = I3()) && 1 === A.eval(I.createScript("1")) ? function(D) {
                return I.createScript(D)
            } : function(D) {
                return "" + D
            }
        })(q);
    40 < (l = q.botguard || (q.botguard = {}), l.m) || (l.m = 41, l.bg = Bh, l.a = a3), l.yDq_ = function(A, I, D) {
        return [(D = new E(A, I), function(n) {
            return Hh(n, D)
        })]
    };
}).call(this);
#4 JavaScript::Eval (size: 22) - SHA256: 76fa5194b42930d151e7569cc0b9f77ea02344fef8104bda49d4318b5b438698
0,
function(T) {
    UL(1, T)
}
#5 JavaScript::Eval (size: 22) - SHA256: 94ad18c1a336e08a4bfce57073e3f008391b324ebf524e0e7069827f300b075d
0,
function(T) {
    UL(2, T)
}

Executed Writes (0)


HTTP Transactions (95)


Request Response
                                        
                                            GET /aqq/docusign/docusign/ HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         151.101.130.159
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Connection: keep-alive
Content-Length: 162
Location: https://claimwell.com/aqq/docusign/docusign/
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
X-FW-Server: Flywheel/5.1.0
X-FW-Hash: ogapwyqe2r
X-FW-Version: 5.0.0
Server: Flywheel/5.1.0
Accept-Ranges: bytes
Date: Sun, 13 Nov 2022 12:55:13 GMT
X-Served-By: cache-bma1672-BMA
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1668344113.188572,VS0,VE2
Vary: Authorization
X-FW-Serve: TRUE
X-FW-Static: NO
X-FW-Type: VISIT


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D3F75D03561D6A47D19370292E821A86E58381466F0C69386A21175DE55882FF"
Last-Modified: Fri, 11 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12966
Expires: Sun, 13 Nov 2022 16:31:19 GMT
Date: Sun, 13 Nov 2022 12:55:13 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3067
Cache-Control: max-age=167235
Date: Sun, 13 Nov 2022 12:55:13 GMT
Etag: "6370c779-1d7"
Expires: Tue, 15 Nov 2022 11:22:28 GMT
Last-Modified: Sun, 13 Nov 2022 10:31:21 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "00E3B967C579B0CCF709B78D497A43D95646B16EB50925FEF1E2694C58F290B2"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6548
Expires: Sun, 13 Nov 2022 14:44:21 GMT
Date: Sun, 13 Nov 2022 12:55:13 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 13 Nov 2022 12:44:20 GMT
cache-control: public,max-age=3600
age: 653
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    d130218d0e2841f39c99610fe1a2ab90
Sha1:   29fbe1e177ee55c7a61ae0a206afff271cf5f945
Sha256: 6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: 2TvEvPrmcKsLGZt0YmFuCNW8okCv5l4hfEA7SPc+ppTuMgXySbYN3IYPY/8j5zWGihcKiGVsOyM=
x-amz-request-id: NH47VDK451Z60317
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 13 Nov 2022 12:50:41 GMT
age: 272
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sun, 13 Nov 2022 12:55:13 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Cache-Control, Pragma, Retry-After, ETag, Alert, Expires, Backoff, Content-Type, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 13 Nov 2022 12:25:00 GMT
cache-control: public,max-age=3600
age: 1813
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2450
Cache-Control: max-age=161549
Date: Sun, 13 Nov 2022 12:55:13 GMT
Etag: "6370b3ac-1d7"
Expires: Tue, 15 Nov 2022 09:47:42 GMT
Last-Modified: Sun, 13 Nov 2022 09:06:52 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /aqq/docusign/docusign/ HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         151.101.130.159
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
                                        
cache-control: no-cache, must-revalidate, max-age=0
link: <https://claimwell.com/wp-json/>; rel="https://api.w.org/"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-dynamic: TRUE
x-fw-hash: ogapwyqe2r
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: NO:Not Cacheable
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1668344113.432662,VS0,VE706
vary: Accept-Encoding
x-fw-serve: TRUE
x-fw-static: NO
x-fw-type: VISIT
content-length: 13706
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8489)
Size:   13706
Md5:    64dafaf7b564406c318df19749d1a56f
Sha1:   ec2404c6d22e5278b3729e523357c478a365da12
Sha256: a956b12f5e58a06e4f19ad9d43f737710d9a7f0c11dd15b3671456193e5ee9e3

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: WAdB23cUaz0kOtHzxZUkHA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         54.189.35.180
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: XY/g82s6tsp7fZUWKrnFnVq18Dk=

                                        
                                            GET /wp-content/plugins/formidable/css/formidableforms.css?ver=10242250 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Mon, 24 Oct 2022 22:50:53 GMT
etag: W/"635716cd-cc9c"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.243523,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 10150
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (52279)
Size:   10150
Md5:    327656c6623189eb218b3a05b4a7ac28
Sha1:   021dce514a3506e9fcb547cbbcb6ceb08df69c4b
Sha256: 6fd36dfdab0fd0e28e65ff4818da4820c6acb6e9597ca17ef6e931ba853cba29

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/th-widget-pack/assets/icons/icons.css?ver=2.1.14 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Mon, 24 Oct 2022 22:49:55 GMT
etag: W/"63571693-d147"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.243502,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 8578
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   8578
Md5:    6dbc0f0655775fc588d0784519520f25
Sha1:   74db90c46ed1888978b16eb4d6505a64d2d29889
Sha256: 96cb95468d35fd20563225b3838ab15c7a12a18f03e8b87d1ce0235b6d722dfb

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/th-widget-pack/css/global.css?ver=1666651795 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Mon, 24 Oct 2022 22:49:55 GMT
etag: W/"63571693-656"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.244127,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 321
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1621)
Size:   321
Md5:    e42d16a433ebd4cfc77d6fb73dfaff9c
Sha1:   701b9f69df90a90570e72da552218fe9695cdf13
Sha256: 6eaa3417104d1fe73f61c14b4f46e5663b7b2a3babd76109ec504681ae280f00
                                        
                                            GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.3 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-15b64"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ogapwyqe2r
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.245019,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 13906
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (43771)
Size:   13906
Md5:    1047dd6779111ec73736abd71a40fef9
Sha1:   e08643922ce9a1a488f2a72c0341807f59f7528e
Sha256: d85287eacda4e97356cf1b53ec765e34c8913558d6fb485b334debf78c89a3bf
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.16.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-4b4f"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.246622,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 4343
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (19233)
Size:   4343
Md5:    604fd8fa6bb661c05803395e60da945e
Sha1:   5026347d7d843b0cf1d969674dcce39fa798f1f6
Sha256: 1cde42ac7a1ff03a443a2ab4d73fefc03c962aea0f9f3745256d9f3eef2d1d8b

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/header-footer-elementor/assets/css/header-footer-elementor.css?ver=1.6.13 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Mon, 24 Oct 2022 22:49:39 GMT
etag: W/"63571683-308"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.245848,VS0,VE3
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 335
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   335
Md5:    844db2405eae764da7a0eff19010ea8e
Sha1:   1fffb2a992d9fa84f0ea5a7afcbbdefbc59e238c
Sha256: 6421a7f673a09c660f6de4c37a4ac770239bac9ad46b87c75fdee466f09553c8
                                        
                                            GET /wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:32 GMT
etag: W/"636147c8-27687"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.248683,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 23565
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65497)
Size:   23565
Md5:    3c3a7fde2c8c53f39bc2291f6abf140d
Sha1:   73ec7f561448784f9776dd954b7e9e0b8b8b82a5
Sha256: da82ebd0bf834cfa45fc99db134763c67f27c4c756201288ae52ea686c4c18df

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:32 GMT
etag: W/"636147c8-35ed"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.247748,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 967
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (13766)
Size:   967
Md5:    85c186d70976153b68df9fac46944882
Sha1:   ffc8003843cfdb2e6062cf4289d8db213b7497c7
Sha256: 519b04684c2ced5330630bdf9a688c3dfb26c3a9677064a3384c49cc224c2d02
                                        
                                            GET /wp-content/uploads/elementor/css/post-465.css?ver=1667319843 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:24:03 GMT
etag: W/"63614823-6be"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.249512,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 473
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1726), with no line terminators
Size:   473
Md5:    2c31fb561e68949df39926d64829cbc0
Sha1:   1708a86fd4b7a328222cc257e0152a4b4c52acd4
Sha256: 5fbd8f2754092f0c96ddf8c4df98a2f4b303ef07fa7cb3f197d1b0a195127847
                                        
                                            GET /wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:42 GMT
etag: W/"636147d2-78bee"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.250411,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 53064
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65493)
Size:   53064
Md5:    43cb961ce14b870c73851b62422e1969
Sha1:   796c81ab818410e4f123d7791c869bb4f091c5a3
Sha256: 6abf269f3316b1f09660d9408aafd7601f07d987ea20156fe7f1db5396745ed4
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-e7d0"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.251122,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 14284
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (59158)
Size:   14284
Md5:    25b37bc500e807c9f09d41f36d06a3ad
Sha1:   008541e3bc221a9e0cfa873248ee4dc05b563d8e
Sha256: 1033a30450338e77b9c322f9ae9ad68b50f801272bef293933d6135f9126aa13

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/v4-shims.min.css?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-684e"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.255711,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 4632
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (26516)
Size:   4632
Md5:    374f31e96b90b8ae2792847d6f03ad7a
Sha1:   70735fd696d11f13de395e43c81b026d9c86528e
Sha256: 1192a2e289e37356ef9077427b1cd1ca3b950dd95f163459bc9c16f679989088

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/th-widget-pack/header-footer/assets/css/header-footer-elementor.css?ver=2.1.14 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Mon, 24 Oct 2022 22:49:55 GMT
etag: W/"63571693-4c6"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.257460,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 456
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   456
Md5:    ed50d0b8f686c12f99af00f219a76b85
Sha1:   fab2c67ea39365dde11acbeda939187db4eedb8b
Sha256: 98c0713ed54c191d8a0868b6a6f103b133a81c2593758ed71cabcbb700423106

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/uploads/elementor/css/post-5004.css?ver=1667319981 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:26:21 GMT
etag: W/"636148ad-85b2"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.258156,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 3119
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (11072)
Size:   3119
Md5:    925a76356addac87430f5bbb1a45a575
Sha1:   cf44e04548456d25eb9af9d884a56c072eb1d468
Sha256: e4d6e25f69067d9a972e15e1e39f49b8641d9b236faf99237298f3bef26d115f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/th-widget-pack/header-footer/inc/widgets-css/frontend.css?ver=2.1.14 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Mon, 24 Oct 2022 22:49:55 GMT
etag: W/"63571693-13c18"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.258715,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 10454
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (1646)
Size:   10454
Md5:    66108675e6ad3f63704e02654048874c
Sha1:   14c327d135aab85d7a9e0ab0b5873083eca7f0d0
Sha256: f0c5bd1483c4986014973afd3f1fbcb8aaf750a4b560608c7cb8e6a06efd5659

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/header-footer-elementor/inc/widgets-css/frontend.css?ver=1.6.13 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Mon, 24 Oct 2022 22:49:39 GMT
etag: W/"63571683-127a4"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.258796,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 9576
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (1646)
Size:   9576
Md5:    eedfe054bcb463863781057ab6f69abb
Sha1:   448c2e7bab71dc8312c51536855e702b0eb9c515
Sha256: 88d7bd229f33e561df4a16846334228f0183334ab25813ee8022bd4fdb045867

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.4.2 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:49 GMT
etag: W/"636147d9-d69"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.260711,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 876
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3432)
Size:   876
Md5:    1485a50ba7eb9b0552c47212ac9e1f8d
Sha1:   20114142c5961b11782d0473d7eddbb5ea2fe857
Sha256: 036dc37c7c15dd4c5666eb283a674fe5eab437db700916680cdc59082b40810e
                                        
                                            GET /wp-content/themes/stratusx/assets/css/app.css?ver=1 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Mon, 22 Nov 2021 21:02:06 GMT
etag: W/"619c054e-44269"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.260949,VS0,VE3
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 54340
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (64784)
Size:   54340
Md5:    b2a3c4cd86a0bb706664510786d694e9
Sha1:   a7a2630965f395757ed0103d2567277947475b03
Sha256: 70f9fc283cde3260f98401c7aea5dafa6dba243a6b9f6fa6131f611a430c3f27
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-29d"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.268151,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 312
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (483)
Size:   312
Md5:    1a5f57a3c279130e5385dc23c63480ca
Sha1:   495d0b9326b42d552932276b815779bbc09d7083
Sha256: 6f5b533f1629e50e5fe7e2e9ede37072b0f9d65e439d0d56d43daa4373d1d745

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-3acf"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.268403,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 4631
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (14869)
Size:   4631
Md5:    499ded81ca80920c1b3521598e259548
Sha1:   d6b47dce6475ee2b47e16ee211efab0e65b665ca
Sha256: b7e9f78215fd2ffd092c2c5c456ade5e3f293b6411f6279caf40e3fb247b8fe1

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-e238"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.268072,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 13975
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (57726)
Size:   13975
Md5:    2f0b07689b34366c1b04e9c84cc2b54c
Sha1:   0a49469573f7add891658c75253a4b68953925e5
Sha256: 6bddc997475f4020265128478b59384b44792a0f986d6a04cd79722b99f2f55f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-2a3"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.268300,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 311
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (489)
Size:   311
Md5:    c58b23e189e3c7cf45cb7014e704d05b
Sha1:   e6850968edf763aafe862a226a0a3380f4827488
Sha256: 6ba81ab0941a10e6bb1a48b83f30ddaedba974c6609bec7210d9a27e4b3ef38d

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-15db1"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ogapwyqe2r
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.270168,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 34060
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65447)
Size:   34060
Md5:    22b0253c0ecce70e41e296d176b0d972
Sha1:   a161c363d2092739db21bfeb2cf23c980ec71580
Sha256: 181967b7928e133789c8edbb8bdcb73d44a0328d884b613f8ebfb182b4c3c52e

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-7917"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.259341,VS0,VE13
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 7780
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (30837)
Size:   7780
Md5:    73e38ca778aab03265ab5c8c5922b3d3
Sha1:   d55aa22c1227719a6a5239b5f2c0251fc563d7e0
Sha256: 0d49cde3035dbb3baf30ac0e801b8a21175072224f0192675dabeda3b7159814

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 01 Nov 2022 16:22:32 GMT
etag: W/"636147c8-4824"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.305833,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 2945
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (10019)
Size:   2945
Md5:    6a41a891222b20ffa888a263dadd9541
Sha1:   0a60e8f24954286903a61455c3b5dee0aed7893e
Sha256: 66f99b0608e47e9e1ecd50287f529a11b830d7e561b52da7f697fd91d7995db0
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-2fa6"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.305809,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 3281
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (12198), with no line terminators
Size:   3281
Md5:    e7e06a56acbe48a5e94540829d446734
Sha1:   a62e3d7ea0dbd0a3e771f419377882aee5512e67
Sha256: 42ba07f11715edb58a365296c32ae85230bb28f164a34f561f295cbceb1f5981
                                        
                                            GET /wp-content/plugins/th-widget-pack/js/themo-foot.js?ver=2.1.14 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Mon, 24 Oct 2022 22:49:55 GMT
etag: W/"63571693-2b02"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.306135,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 3261
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   3261
Md5:    aa423480c0248f90c164e37b73c1b1a5
Sha1:   ceb372bc26ddb3bd72a3a3beb5f6bf8f91df15da
Sha256: d87417f4e43bd80bbe3f6ed9973ebe7b7e25c5d425b479e088f767099cb43d3b

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/stratusx/assets/js/main.js?ver=1.2 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Mon, 22 Nov 2021 21:02:06 GMT
etag: W/"619c054e-2a55"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.306589,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 3808
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text
Size:   3808
Md5:    c72620fb8f97d6bcf2e405ed3e3e6ab7
Sha1:   eb51b8f6f793f0e19996870943f7a7933e2ee6a6
Sha256: 582b18057eb11108c5082817e9f3a6857afb6f6d7e76f92407a1d94df5e0b06d

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/stratusx/assets/js/vendor/vendor_footer.js?ver=1.2 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Mon, 22 Nov 2021 21:02:06 GMT
etag: W/"619c054e-1d211"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.306440,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 35932
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   35932
Md5:    8fabaacc1c210aec94b2224eb0434878
Sha1:   54e630b5711d880f85b9640f04df89d9d200cef9
Sha256: a2f4874e50eee01e2623ed6f20737b3e9207627d45a5ba16977ccdedd65d96f3
                                        
                                            GET /wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.4.2 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:49 GMT
etag: W/"636147d9-1f4e"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.306272,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 3000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (8014), with no line terminators
Size:   3000
Md5:    44cf56521abf6feb68df54afd572fba9
Sha1:   a5ba5bfd8c5fef35992d180830102c2e208713fb
Sha256: 8c5ab0acb7b0de7851ab139751ca2b8f2c3a042d1b74eeb593047199c0e5d0fb

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:43 GMT
etag: W/"636147d3-1472"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.306940,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 2439
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (5191)
Size:   2439
Md5:    9a1f831972cf36eee6e2db70b9700bc4
Sha1:   0b5cbaed4bbae8e325a10b66afb502d025f7a297
Sha256: fdfd0da5acc22a7dae57774bbee36b0c85ba3c7a6f4fab18a1773ccb1e17fe89
                                        
                                            GET /wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:32 GMT
etag: W/"636147c8-135d"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.307133,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 2252
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (4918)
Size:   2252
Md5:    9f4f8167378b3647579db7fdcd32222c
Sha1:   f39aed2f852126793181def8995a2f775b01e909
Sha256: 6e6e245457169f9ef416988e1569a55f965c750dda363ae567bd285a076ea6c9

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:32 GMT
etag: W/"636147c8-80b3"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.307320,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 11599
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (32907)
Size:   11599
Md5:    85b9957cfe29d6b964ee7d5fe7a721e5
Sha1:   2a7ceee62c538ed2cf691c1a63c1b39e86f45642
Sha256: eb64e609ea8c352fee372f74c1cea32033a25051f1d3fd41d0dd57a6f199f786

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.min.js?ver=1.0.1 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:43 GMT
etag: W/"636147d3-6272"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.306796,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 7921
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (25115)
Size:   7921
Md5:    980e80ed6ddbdc9807aea533c70bb286
Sha1:   5740cc3f4f32e6c07083b160e5e729ddca90b634
Sha256: 4a8490c04d4be66e5bb053e8f9483484cb5c798f93ef06f9f94aade11aa47533

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 12:55:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 12:55:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-194b"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ogapwyqe2r
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.307481,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 2581
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (6475), with no line terminators
Size:   2581
Md5:    cba765ca076cb13c7678f0293fb8a3da
Sha1:   98430a0a3db9c19a16f6940750a6738c4d00f962
Sha256: f68a3fba394baf3508e7987049a6037d9f3e212dc9698976df9fbeb5703379ab

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/th-widget-pack/header-footer/inc/js/frontend.js?ver=2.1.14 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Mon, 24 Oct 2022 22:49:55 GMT
etag: W/"63571693-6384"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.305998,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 4154
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   4154
Md5:    fcddc76226a5d9daa33fa13cfd81a0dc
Sha1:   8204598ef91c5dd506ea28b13b2ee1826b115b3d
Sha256: 439623cc1a6b45a494093b92c6a5ae0a85cb7e2bbb46f7573ddf9a89a8161e18
                                        
                                            GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         
                                        


--- Additional Info ---
Magic:  gzip compressed data, from Unix\012- data
Size:   7559
Md5:    2059fe073bfc62ce84fe8fc1f42d35a9
Sha1:   68038ff5383ffde15542f57782d7a53c8de8bb48
Sha256: 543dbc6a5dd60032fb9d74beef1f7ac5f6cee543b6422b1f0928b9001d050eb8
                                        
                                            GET /wp-content/uploads/2020/12/Claimwell-Logo-Transparent-Large-1.png HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: image/png
                                        
last-modified: Mon, 22 Nov 2021 21:02:00 GMT
etag: W/"619c0548-1bcee"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.305572,VS0,VE5
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 104230
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 2306 x 424, 8-bit/color RGBA, non-interlaced\012- data
Size:   104230
Md5:    f7e79308d3875abb64a47fc691a973af
Sha1:   eefa4db91c9cb04f7c0cf7b484a4c915b7dd1cac
Sha256: e07c06550c47f509ce42913360241e96cfddb1c085cbb7a9133e4e8b742a7c58
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 12:55:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-includes/js/dist/hooks.min.js?ver=c6d64f2cb8f5c6bb49caca37f8828ce3 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-132e"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ogapwyqe2r
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.309577,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 1736
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (4875)
Size:   1736
Md5:    13d536181f99675ef7d13d91c86c24dd
Sha1:   c30ec279027b1dc05df149f3953b384f50a72a05
Sha256: 1192c8ec0e73df274d3ffb2302091f67d2a4fc15200a6fd138661dfd7cc2f222

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/dist/i18n.min.js?ver=ebee46757c6a411e38fd079a7ac71d94 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-27ee"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ogapwyqe2r
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.330437,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 4059
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   4059
Md5:    feb20fa17603ebf83bd29bb99298c82f
Sha1:   1944c6bf9ad5f4283fcb221ada39438b8528f5a2
Sha256: eeffaf3cad83f30cadd4a89d66fcc4ea8e929330625ab40c6ac8a651e41eb595

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.1 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-50eb"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ogapwyqe2r
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.331771,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 7442
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (8189)
Size:   7442
Md5:    7070cf6c839a09af2a84f926dd2f95e1
Sha1:   2ac5f6312b4cc85f39804d4a61eeb00c2cced58e
Sha256: ed584ebba9826c2d9fb5078ca275ce47d05b2a9a1f075e7493526fe7fe458c4c
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-21f91"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.331748,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 40188
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65280)
Size:   40188
Md5:    9ed258a936a3d2ce45e94a8db42f9d31
Sha1:   6165e240ceb0f3dffff99e006e4bde5a5039cc9e
Sha256: 2a21ec91e4a5790ad487670a13f80e62d6d17b6725d13d0e23c33e10ddda2311
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-29ba"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.335281,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 3713
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (10544)
Size:   3713
Md5:    79154440db11a2fce12d7466816f540b
Sha1:   6936f61c5ec9b0fbb2c22f5b0360144200eee413
Sha256: f380628bae09ae5f189c9a3beadacd7e0f39606d086476bc21f76c8d69fef241
                                        
                                            GET /wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:32 GMT
etag: W/"636147c8-9e41"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.335385,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 13240
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (40474)
Size:   13240
Md5:    4f77ab858523d1d3443d76a569cea6d2
Sha1:   eebca9a6d6c00a7f0db1f14678e3d2598de09ab1
Sha256: 11109fd617951d02cbaccfd9cc2773f0161e41d34169102b330051d23d280f25
                                        
                                            GET /gtag/js?id=UA-207882829-1 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://claimwell.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.168
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 13 Nov 2022 12:55:14 GMT
expires: Sun, 13 Nov 2022 12:55:14 GMT
cache-control: private, max-age=900
last-modified: Sun, 13 Nov 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43680
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1921)
Size:   43680
Md5:    7b528ee290676d73b604c80a3896b0d4
Sha1:   c9b0fba016654582dab2b255e106539b803e65f2
Sha256: f6a34998fe3f1dba5ad0072e4a32bf381c66cafaf5f266c8da1299884be04e65
                                        
                                            GET /wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:43 GMT
etag: W/"636147d3-21fe5"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.335987,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 37202
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65493)
Size:   37202
Md5:    02340f930982274cf203bd5faafd5718
Sha1:   8851158863d9a0636a8ced3a5fb4ec60127b4358
Sha256: a8e15d355da011379d9c28885e968aa40da870b1fc3603d96c7e5044a3307da6

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /recaptcha/api.js?render=explicit&ver=3.8.0 HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://claimwell.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.164
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
expires: Sun, 13 Nov 2022 12:55:14 GMT
date: Sun, 13 Nov 2022 12:55:14 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 555
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (852), with no line terminators
Size:   555
Md5:    23996c866aead65e33ed090ffb8d81ed
Sha1:   0e3cfe0c25a44d24a8020f559a551affb5338939
Sha256: 33c3b3dbd237e93a7f997c36d8a616623c84fb6eb2f58a59ae999ff452e2d723
                                        
                                            GET /wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:42 GMT
etag: W/"636147d2-54a3"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.330570,VS0,VE10
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 6308
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (21624)
Size:   6308
Md5:    327334f1610e7beca3db87254e141ede
Sha1:   88aad29b5322ece8aa9c63c72d8a25e4744acf3c
Sha256: cecef52015c8fd37983e2e1afab16a577ebd4c1c0fbd6b073a58be6f43c46c52

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: W/"636147c9-a3c"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.334663,VS0,VE6
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 1163
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2620), with no line terminators
Size:   1163
Md5:    155e4f944ca10383b6595411b6dd9b73
Sha1:   7a350878d60b6574dc0b207ff5c40e9e1a833394
Sha256: 9b154543aa75cc39dced26c6e6cbc2e8f694299084b85c5ad35b489e3bcae14c

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.8.0 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 01 Nov 2022 16:22:43 GMT
etag: W/"636147d3-ee1"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344114.363790,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 1654
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3808)
Size:   1654
Md5:    3dced5421d2d005599ac20da0c49316f
Sha1:   8cfdfe1cc93dd6be5ad99c901d89e428acf7b051
Sha256: e8554340ba7e8c478bf02d5c81b08bae64cf670b8b8bb2301482b3ac0fce36e2

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 12:55:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 12:55:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 12:55:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/fonts/raleway/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrcVIT9d4cw.woff HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/font-woff
                                        
last-modified: Sat, 23 Jul 2022 05:00:47 GMT
etag: "62db807f-51ec"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344115.771005,VS0,VE2
vary: Authorization
x-fw-serve: TRUE
x-fw-static: YES
access-control-allow-origin: *
x-fw-type: VISIT
content-length: 20972
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 20972, version 1.1\012- data
Size:   20972
Md5:    a326c47c3038ee95e834af4137354081
Sha1:   328ed7688bb9083e97c264b52d3068a6cf320a53
Sha256: 7b39693e5b25e6747c407920eaf32ace22b70c5753dc45b33e9a2885d297cfb9

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/fonts/raleway/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVuEorCIPrcVIT9d4cw.woff HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/font-woff
                                        
last-modified: Sat, 23 Jul 2022 05:00:47 GMT
etag: "62db807f-5180"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344115.782924,VS0,VE1
vary: Authorization
x-fw-serve: TRUE
x-fw-static: YES
access-control-allow-origin: *
x-fw-type: VISIT
content-length: 20864
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 20864, version 1.1\012- data
Size:   20864
Md5:    d872d08bbb5a11b339c5c14eda86f4de
Sha1:   858a15f9f63acd7c67741fe86f897477290306f1
Sha256: d34f1dad21494ea58feed91aaef8cd744d0797f0fe60154d2c9856939f2be994

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/octet-stream
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: "636147c9-12bdc"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344115.793951,VS0,VE1
vary: Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 76764
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 76764, version 331.-31261\012- data
Size:   76764
Md5:    f7307680c7fe85959f3ecf122493ea7d
Sha1:   fce0da592a3e536d6d5df5b50cb513398d8c5161
Sha256: 43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2 HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://claimwell.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: application/octet-stream
                                        
last-modified: Tue, 01 Nov 2022 16:22:33 GMT
etag: "636147c9-13174"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344115.796743,VS0,VE1
vary: Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 78196
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 78196, version 331.-31261\012- data
Size:   78196
Md5:    e8a427e15cc502bef99cfd722b37ea98
Sha1:   a9922842a120a7f1eaced667480c5e185a106d69
Sha256: d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 12:55:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/uploads/2020/10/a-1024x241.png HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: image/png
                                        
last-modified: Mon, 22 Nov 2021 21:01:49 GMT
etag: W/"619c053d-aff1"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344115.828343,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 44028
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 1024 x 241, 8-bit/color RGBA, non-interlaced\012- data
Size:   44028
Md5:    3c4ab9e71dc0c051d61bdc3b9e9264ba
Sha1:   625f3545ff4663c169faf38c625db727dc0ddc4e
Sha256: 6a00c8213e237929e425ede6069f75f2b708d7717d6b08fbd1b9fdb1f63c6a3e
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 12:55:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 12:55:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://claimwell.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46524
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 07 Nov 2022 21:13:13 GMT
expires: Tue, 07 Nov 2023 21:13:13 GMT
cache-control: public, max-age=31536000
age: 488521
last-modified: Mon, 18 Jul 2022 19:58:01 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 46524, version 1.0\012- data
Size:   46524
Md5:    c1fd378f54921c75e4ae1821e7b8fff6
Sha1:   2ce96e97783b2f154d07f4464ca6f8eb2469f2c1
Sha256: 405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826
                                        
                                            GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://claimwell.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Nov 2022 16:40:18 GMT
expires: Fri, 10 Nov 2023 16:40:18 GMT
cache-control: public, max-age=31536000
age: 245696
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Size:   30928
Md5:    ac0d2859ea5f8fd6bcb3c305c08ec184
Sha1:   7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
Sha256: ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 13 Nov 2022 12:55:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/uploads/2020/10/cropped-fav-copy-192x192.png HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: image/png
                                        
last-modified: Mon, 22 Nov 2021 21:01:50 GMT
etag: W/"619c053e-25e6"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344115.933881,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 9704
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size:   9704
Md5:    d3c44e20247335b2179a6171915428e8
Sha1:   f972cd225c17c070f8b1d989845e3fad5b59027e
Sha256: d4fef434ff4efc0aeadeb237305f2beed46354d2eb76d3edcb30bde9cec0e314
                                        
                                            GET /wp-content/uploads/2020/10/cropped-fav-copy-32x32.png HTTP/1.1 
Host: claimwell.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://claimwell.com/aqq/docusign/docusign/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: image/png
                                        
last-modified: Mon, 22 Nov 2021 21:01:48 GMT
etag: W/"619c053c-43a"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ogapwyqe2r
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Sun, 13 Nov 2022 12:55:14 GMT
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668344115.934622,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 1108
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size:   1108
Md5:    c1c1b2b58335b19f77acca96d694e04a
Sha1:   5c8dc142b7c14d84d08327156571ac3ee6edfcb8
Sha256: 3e397180ce16774fc0a814fd3ddfadfd2875bdb0413cfdea17ae80980747687f
                                        
                                            GET /recaptcha/releases/jF-AgDWy8ih0GfLx4Semh9UK/recaptcha__en.js HTTP/1.1 
Host: www.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://claimwell.com
Connection: keep-alive
Referer: https://claimwell.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.163
HTTP/2 200 OK
content-type: text/javascript
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162590
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 13 Nov 2022 09:37:41 GMT
expires: Mon, 13 Nov 2023 09:37:41 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 07 Nov 2022 23:32:29 GMT
age: 11853
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (668)
Size:   162590
Md5:    70dc760a0efad09d703883a39f7683b2
Sha1:   2bc70f2a100ff27d27a89d563dfe279590c8336b
Sha256: 2bc59eab94309c59fba62afa40dfd841fb83760714e9ec7248ce3e10ae05fd19
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://claimwell.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 13 Nov 2022 12:41:09 GMT
expires: Sun, 13 Nov 2022 14:41:09 GMT
cache-control: public, max-age=7200
age: 846
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   20039
Md5:    47e6f374ca946fddd5b59871b325736c
Sha1:   baa9282efc8785e84d247c3bff518eaa45f101c4
Sha256: 16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "3C70C27C11AFEAEA96E782A0E7B7AE9C2F3ED35C94673FCD4361CB7406B078A9"
Last-Modified: Sat, 12 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6238
Expires: Sun, 13 Nov 2022 14:39:13 GMT
Date: Sun, 13 Nov 2022 12:55:15 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "3C70C27C11AFEAEA96E782A0E7B7AE9C2F3ED35C94673FCD4361CB7406B078A9"
Last-Modified: Sat, 12 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6238
Expires: Sun, 13 Nov 2022 14:39:13 GMT
Date: Sun, 13 Nov 2022 12:55:15 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "3C70C27C11AFEAEA96E782A0E7B7AE9C2F3ED35C94673FCD4361CB7406B078A9"
Last-Modified: Sat, 12 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6238
Expires: Sun, 13 Nov 2022 14:39:13 GMT
Date: Sun, 13 Nov 2022 12:55:15 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "3C70C27C11AFEAEA96E782A0E7B7AE9C2F3ED35C94673FCD4361CB7406B078A9"
Last-Modified: Sat, 12 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6238
Expires: Sun, 13 Nov 2022 14:39:13 GMT
Date: Sun, 13 Nov 2022 12:55:15 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "3C70C27C11AFEAEA96E782A0E7B7AE9C2F3ED35C94673FCD4361CB7406B078A9"
Last-Modified: Sat, 12 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6238
Expires: Sun, 13 Nov 2022 14:39:13 GMT
Date: Sun, 13 Nov 2022 12:55:15 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bfc69f5-02e2-48e4-a7f8-345ee02dd656.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11187
x-amzn-requestid: 475229e1-bbb5-43a0-8733-1140a99b6b6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bEIaqFFrIAMF7KA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364baaa-4261a60e57ae0c4d7a62e5e9;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 07:09:30 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8JN1YNJmiZpeJsUVH5sQhYw2rZbvvzxVrt2IgDxHro9z3CfcFeVCGg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Sun, 13 Nov 2022 06:02:58 GMT
age: 24737
etag: "399ce32b1fdcdef9061bddb840663f35e39b919a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11187
Md5:    4f181df0e475c123b46f016d3c0bbaa5
Sha1:   399ce32b1fdcdef9061bddb840663f35e39b919a
Sha256: ed9ba753f718903cd997c027f58b63f41e32107367b22b03f964d7eecdf9ba16
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11715
x-amzn-requestid: 20e508bd-6568-4225-9bee-c683a49d44f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMhUHkpIAMFfJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec13b-7dc726b94a37fc667e2e6646;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:11 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ZLWa-RphwZqiAmeqffmEE8Mmfsfs9ZYz0bmANBEc5Ru1--VKDL4Fsw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Sat, 12 Nov 2022 21:45:55 GMT
age: 54560
etag: "5109c156b180727767fc03c411190ccc0d3fb5fc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11715
Md5:    cd5bdc050716bb76afe8090fc81617e7
Sha1:   5109c156b180727767fc03c411190ccc0d3fb5fc
Sha256: 9b13e7838946c6654dda17886c2ca8d42de934acb93f4bddb1008dfa1bd1ea99
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0f558ca-3fcd-40ca-bb1c-ef126918959d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4122
x-amzn-requestid: 9340162b-fc1e-4f3d-a45e-8ebd9a4875e2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bgfLqHqxoAMFzfQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6370124a-25a4e62a6f8e87d103e35953;Sampled=0
x-amzn-remapped-date: Sat, 12 Nov 2022 21:38:18 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: hmlaoE2J_B_cu-dW_vYP1UWAgnGKgjOtzdNsNfydANBkuc5q4L6_HA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Sat, 12 Nov 2022 22:04:43 GMT
age: 53432
etag: "91e8debd93ce098249d973807859993bd19bff62"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4122
Md5:    69f064e6ea676998a7371ceb25a310ed
Sha1:   91e8debd93ce098249d973807859993bd19bff62
Sha256: 2b12427099bccbdfaeb01104ce99185f91846f7112a4cf201481a300e1851e8a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa23e03e8-7a4b-473b-801f-39322d374478.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5149
x-amzn-requestid: 394f108e-48b9-4550-ab9f-5b4883792485
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bEIqfHOoIAMFlCw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364bb0f-648124d07e289043410f1dd0;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 07:11:11 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: tW81M1o1m_OdLZJLg7dvgbaugRKYpHzHx-8R1g4YcGH74YnIquTuAQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 13 Nov 2022 04:57:39 GMT
age: 28656
etag: "bf8de6c00f579baa320456bd0e79ab80978008bc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5149
Md5:    31a009393081c25d9afbde558a278ebf
Sha1:   bf8de6c00f579baa320456bd0e79ab80978008bc
Sha256: 90e81f6a10d3dbc56a45e9cfd65dbcd6bddf9e3ab526b4cca270bc2f26404950
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb74e86a9-6c63-4a82-8e8b-64abdadca859.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6729
x-amzn-requestid: 6ceabd9e-4ac5-4835-b112-4aaeb81c9576
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bgfNIEZkoAMFgGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63701253-0e9112ee682f0895683d80cb;Sampled=0
x-amzn-remapped-date: Sat, 12 Nov 2022 21:38:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: rgqstxXN7Y3hwQpctyn9jtlAnmhkC9zHQttCLjLJmjWKT09m1whn4A==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Sat, 12 Nov 2022 22:04:44 GMT
age: 53431
etag: "a91bbc712fc0194b44d33fb7e04e49724ddfe14a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6729
Md5:    2e9320a4be9c69eeda4a855b5a9535a5
Sha1:   a91bbc712fc0194b44d33fb7e04e49724ddfe14a
Sha256: 7aa0049111b04d0514dd3378ebe62bf3207b8725a6c1facf3d07ab465c6a6095
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc2942789-3784-432b-a380-73951d12767a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8582
x-amzn-requestid: e82ca80b-e945-4c56-a8f8-0c139aae8e86
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bgfLqEh8IAMFeSw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6370124a-400c01252ab480d9366a9410;Sampled=0
x-amzn-remapped-date: Sat, 12 Nov 2022 21:38:18 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: XhzX6HVmgnoesOaTa40kRgxZziVaT8odcVPIPfVT9Fa7zj0DoG5XBQ==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Sat, 12 Nov 2022 21:58:03 GMT
age: 53832
etag: "98eebc284e7a7817cc3397a40defaf7f2cc2f9af"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8582
Md5:    93d4c9b75e8e21151056247b8a76e1d5
Sha1:   98eebc284e7a7817cc3397a40defaf7f2cc2f9af
Sha256: 621a65a13db5f93806e90094ca71a82eb586f383950278a0cbed3dba2a8fb9f6
                                        
                                            POST /g/collect?v=2&tid=G-1FHZ4B327M&gtm=2oeb90&_p=1366099713&gdid=dZTNiMT&cid=2019937400.1668344114&ul=en-us&sr=1280x1024&_s=1&sid=1668344114&sct=1&seg=0&dl=https%3A%2F%2Fclaimwell.com%2Faqq%2Fdocusign%2Fdocusign%2F&dt=Page%20not%20found%20-%20Claimwell%20Technologies%20Inc.&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1 
Host: region1.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://claimwell.com
Connection: keep-alive
Referer: https://claimwell.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

search
                                         216.239.34.36
HTTP/2 204 No Content
content-type: text/plain
                                        
access-control-allow-origin: https://claimwell.com
date: Sun, 13 Nov 2022 12:55:15 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            GET /css?family=Raleway%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CMontserrat%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.0.3 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://claimwell.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 13 Nov 2022 12:55:14 GMT
date: Sun, 13 Nov 2022 12:55:14 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---