claims.swiftcover.com Open in urlscan Pro
85.159.155.43 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://claims.swiftcover.com/
Effective URL:
https://claims.swiftcover.com/Session/UnauthorisedUser
Submission: On January 28 via automatic, source certstream-suspicious (January 28th 2022, 12:21:37 pm UTC) — Scanned from GB

Summary HTTP 44 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 22 IPs in 6 countries across 18 domains to perform 44 HTTP transactions. The main IP is 85.159.155.43, located in Tonbridge, United Kingdom and belongs to AXA_INSURANCE, GB. The main domain is claims.swiftcover.com.
TLS certificate: Issued by Thawte RSA CA 2018 on June 9th 2020. Valid for: 2 years.

This is the only time claims.swiftcover.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Axa (Insurance)

Domain & IP information

	IP Address	AS Autonomous System
1 14	85.159.155.43 85.159.155.43	34746 (AXA_INSUR...) (AXA_INSURANCE)
2	2a00:1450:400... 2a00:1450:4007:807::200a	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:fb:... 2a02:26f0:fb:5a3::13b8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:2800:233... 2606:2800:233:1cb7:261b:1f9c:2074:3c	15133 (EDGECAST) (EDGECAST)
2	2a00:1450:400... 2a00:1450:4001:802::2008	15169 (GOOGLE) (GOOGLE)
1	104.89.17.148 104.89.17.148	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	2a00:1450:400... 2a00:1450:4007:815::2004	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1 4	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba22	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2600:9000:231... 2600:9000:2315:8200:f:8ce2:fb80:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	52.212.141.157 52.212.141.157	16509 (AMAZON-02) (AMAZON-02)
1	52.2.252.209 52.2.252.209	14618 (AMAZON-AES) (AMAZON-AES)
3 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.174.10.14 108.174.10.14	14413 (LINKEDIN) (LINKEDIN)
1	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	52.167.85.21 52.167.85.21	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	40.91.78.9 40.91.78.9	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	52.236.186.218 52.236.186.218	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2001:4860:480... 2001:4860:4802:36::15	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0c::9a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
4 4	216.58.215.102 216.58.215.102	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:401... 2a00:1450:401b:800::2002	15169 (GOOGLE) (GOOGLE)
44	22

14 85.159.155.43 (Tonbridge, United Kingdom) 1 redirects

ASN34746 (AXA_INSURANCE, GB)

claims.swiftcover.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4007:807::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:fb:5a3::13b8 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:1cb7:261b:1f9c:2074:3c (United States)

ASN15133 (EDGECAST, US)

az416426.vo.msecnd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.89.17.148 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-17-148.deploy.static.akamaitechnologies.com

a247752487.cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4007:815::2004 (Ireland) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00::210:ba22 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2315:8200:f:8ce2:fb80:93a1 (United States)

ASN16509 (AMAZON-02, US)

www.dwin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.212.141.157 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-141-157.eu-west-1.compute.amazonaws.com

c0.adalyser.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.2.252.209 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-2-252-209.compute-1.amazonaws.com

logx.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.167.85.21 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

i.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 40.91.78.9 (United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.236.186.218 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

dc.services.visualstudio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:36::15 (United States)

ASN15169 (GOOGLE, US)

sgtm.axa.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.58.215.102 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: waw02s17-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:401b:800::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	swiftcover.com 1 redirects claims.swiftcover.com	2 MB
7	doubleclick.net 5 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 46 stats.g.doubleclick.net — Cisco Umbrella Rank: 96 ad.doubleclick.net — Cisco Umbrella Rank: 195	2 KB
4	clarity.ms 1 redirects i.clarity.ms — Cisco Umbrella Rank: 2238 c.clarity.ms — Cisco Umbrella Rank: 917	24 KB
4	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 546 www.linkedin.com — Cisco Umbrella Rank: 647 px4.ads.linkedin.com — Cisco Umbrella Rank: 5501	3 KB
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 385 c.bing.com — Cisco Umbrella Rank: 273	12 KB
4	google.com 2 redirects www.google.com — Cisco Umbrella Rank: 13 adservice.google.com — Cisco Umbrella Rank: 80	1 KB
3	optimizely.com cdn.optimizely.com — Cisco Umbrella Rank: 641 a247752487.cdn.optimizely.com logx.optimizely.com — Cisco Umbrella Rank: 1235	98 KB
2	google.co.uk www.google.co.uk — Cisco Umbrella Rank: 3223	565 B
2	visualstudio.com dc.services.visualstudio.com — Cisco Umbrella Rank: 887	304 B
2	adalyser.com c0.adalyser.com — Cisco Umbrella Rank: 26812	13 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 146	37 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 78	141 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 47	1 KB
1	axa.co.uk sgtm.axa.co.uk	805 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 98	295 B
1	dwin1.com www.dwin1.com — Cisco Umbrella Rank: 4559	8 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1098	2 KB
1	msecnd.net az416426.vo.msecnd.net — Cisco Umbrella Rank: 1928	22 KB
44	18

	Domain	Requested by
14	claims.swiftcover.com	1 redirects claims.swiftcover.com az416426.vo.msecnd.net
4	ad.doubleclick.net	4 redirects
3	bat.bing.com	www.googletagmanager.com bat.bing.com claims.swiftcover.com
2	adservice.google.com
2	www.google.co.uk
2	dc.services.visualstudio.com	az416426.vo.msecnd.net
2	c.clarity.ms	1 redirects claims.swiftcover.com
2	i.clarity.ms	bat.bing.com az416426.vo.msecnd.net
2	px.ads.linkedin.com	2 redirects
2	c0.adalyser.com	claims.swiftcover.com
2	connect.facebook.net	claims.swiftcover.com connect.facebook.net
2	googleads.g.doubleclick.net	1 redirects claims.swiftcover.com
2	www.google.com	2 redirects
2	www.googletagmanager.com	claims.swiftcover.com www.googletagmanager.com
2	fonts.googleapis.com	claims.swiftcover.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	sgtm.axa.co.uk	az416426.vo.msecnd.net
1	c.bing.com	1 redirects
1	www.facebook.com	claims.swiftcover.com
1	px4.ads.linkedin.com	claims.swiftcover.com
1	www.linkedin.com	1 redirects
1	logx.optimizely.com	az416426.vo.msecnd.net
1	www.dwin1.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	a247752487.cdn.optimizely.com	cdn.optimizely.com
1	az416426.vo.msecnd.net	claims.swiftcover.com
1	cdn.optimizely.com	claims.swiftcover.com
44	27

This site contains links to these domains. Also see Links.

Domain
www.axa.co.uk

Subject Issuer	Validity	Valid
claims.swiftcover.com Thawte RSA CA 2018	`2020-06-09` - `2022-06-14`	2 years	crt.sh
upload.video.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
cdn.optimizely.com DigiCert SHA2 Secure Server CA	`2021-02-17` - `2022-02-21`	a year	crt.sh
sni1e6ffgl.wpc.edgecastcdn.net DigiCert SHA2 Secure Server CA	`2020-04-16` - `2022-04-21`	2 years	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.cdn.optimizely.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-02` - `2022-06-07`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2021-12-22` - `2022-06-22`	6 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-07-15` - `2022-07-20`	a year	crt.sh
*.dwin1.com Amazon	`2021-11-19` - `2022-12-17`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-11-06` - `2022-02-04`	3 months	crt.sh
*.adalyser.com Thawte RSA CA 2018	`2021-06-11` - `2022-07-12`	a year	crt.sh
logx.optimizely.com Amazon	`2021-08-23` - `2022-09-21`	a year	crt.sh
a.clarity.ms Microsoft RSA TLS CA 01	`2021-07-27` - `2022-07-27`	a year	crt.sh
in.applicationinsights.azure.com Microsoft RSA TLS CA 01	`2021-07-22` - `2022-07-22`	a year	crt.sh
sgtm.axa.co.uk GTS CA 1D4	`2022-01-18` - `2022-04-18`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
www.google.co.uk GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://claims.swiftcover.com/Session/UnauthorisedUser
Frame ID: FBC522FF5DF3DD26B9C7836AB5734756
Requests: 42 HTTP requests in this frame

Frame: https://a247752487.cdn.optimizely.com/client_storage/a247752487.html
Frame ID: 6C246914493D1DBF7013B579A7CC4FEA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Unauthorised User | AXA UK

Page URL History Show full URLs

https://claims.swiftcover.com/ HTTP 302
https://claims.swiftcover.com/Session/UnauthorisedUser Page URL

Detected technologies

AWIN (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

dwin1\.com

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Optimizely (Analytics) Expand

Overall confidence: 100%
Detected patterns

optimizely\.com.*\.js

Page Statistics

44
Requests

86 %
HTTPS

64 %
IPv6

18
Domains

27
Subdomains

22
IPs

6
Countries

1906 kB
Transfer

4318 kB
Size

33
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://www.axa.co.uk/cookie-policy/
Title: Cookie policy

Search URL Search Domain Scan URL

URL: https://www.axa.co.uk/privacy-policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.axa.co.uk/accessibility/
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://www.axa.co.uk/terms-and-conditions/
Title: Terms and conditions

Search URL Search Domain Scan URL

URL: https://www.axa.co.uk/regulated/
Title: Regulated

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://claims.swiftcover.com/ HTTP 302
https://claims.swiftcover.com/Session/UnauthorisedUser Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 16

https://www.google.com/pagead/landing?gcs=G111&gcd=G100&rnd=1458182641.1643372490&url=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser&gtm=2wg1q0TS5W33&auid=1675406090.1643372490 HTTP 302
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=G100&rnd=1458182641.1643372490&url=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser&gtm=2wg1q0TS5W33&auid=1675406090.1643372490

Request Chain 26

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2764153&time=1643372489851&url=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2764153%26time%3D1643372489851%26url%3Dhttps%253A%252F%252Fclaims.swiftcover.com%252FSession%252FUnauthorisedUser%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2764153&time=1643372489851&url=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2764153&time=1643372489851&url=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser&liSync=true&e_ipv6=AQJxpBPVt3fptwAAAX6goinxYINPmD6g8n5Fbjki50WmTbjQk9RM19L7H0JnmoSx

Request Chain 31

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=8A04D6BC3DC04050B0C3AF3F398946B8&RedC=c.clarity.ms&MXFR=0936082977486AA52C50191373486483 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=8A04D6BC3DC04050B0C3AF3F398946B8&MUID=3FB2DC276BAA68BD3207CD1D6A066954

Request Chain 40

https://ad.doubleclick.net/activity;src=8312467;type=axa;cat=visits;ord=1;num=277132861;gtm=3oes1q0;u1=prod;u2=personal%20insurance;u3=Unauthorised%20User;u5=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser;u8=1409812337.1643372491;u12=true;u4=motor;u6=en;u9=desktop;gcs=G111;gcd=G100;auiddc=92714156.1643372490;s3p=1;~oref=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CPvEpMy31PUCFRFgxgodOhcFHg;src=8312467;type=axa;cat=visits;ord=1;num=277132861;gtm=3oes1q0;u1=prod;u2=personal%20insurance;u3=Unauthorised%20User;u5=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser;u8=1409812337.1643372491;u12=true;u4=motor;u6=en;u9=desktop;gcs=G111;gcd=G100;auiddc=92714156.1643372490;s3p=1;~oref=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CPvEpMy31PUCFRFgxgodOhcFHg;src=8312467;type=axa;cat=visits;ord=1;num=277132861;gtm=3oes1q0;u1=prod;u2=personal%20insurance;u3=Unauthorised%20User;u5=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser;u8=1409812337.1643372491;u12=true;u4=motor;u6=en;u9=desktop;gcs=G111;gcd=G100;auiddc=*;s3p=1;~oref=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser

Request Chain 41

https://ad.doubleclick.net/activity;src=8312467;type=axa;cat=viewpage;ord=1853946859;gtm=3oes1q0;u1=prod;u2=personal%20insurance;u3=Unauthorised%20User;u5=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser;u8=1409812337.1643372491;u12=true;u4=motor;u6=en;u9=desktop;gcs=G111;gcd=G100;auiddc=92714156.1643372490;s3p=1;~oref=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CJvEpMy31PUCFRfhmgodycMH2g;src=8312467;type=axa;cat=viewpage;ord=1853946859;gtm=3oes1q0;u1=prod;u2=personal%20insurance;u3=Unauthorised%20User;u5=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser;u8=1409812337.1643372491;u12=true;u4=motor;u6=en;u9=desktop;gcs=G111;gcd=G100;auiddc=92714156.1643372490;s3p=1;~oref=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CJvEpMy31PUCFRfhmgodycMH2g;src=8312467;type=axa;cat=viewpage;ord=1853946859;gtm=3oes1q0;u1=prod;u2=personal%20insurance;u3=Unauthorised%20User;u5=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser;u8=1409812337.1643372491;u12=true;u4=motor;u6=en;u9=desktop;gcs=G111;gcd=G100;auiddc=*;s3p=1;~oref=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser

Request Chain 42

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1059897644/?random=1643372490338&cv=10&fst=1643372490338&fmt=3&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=3oes1q0&url=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser&ref=&tiba=Unauthorised%20User%20%7C%20AXA%20UK HTTP 302
https://www.google.com/pagead/1p-user-list/1059897644/?random=1643372490338&cv=10&fst=1643371200000&fmt=3&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=3oes1q0&url=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser&ref=&tiba=Unauthorised%20User%20%7C%20AXA%20UK&is_vtc=1&random=3116291941 HTTP 302
https://www.google.co.uk/pagead/1p-user-list/1059897644/?random=1643372490338&cv=10&fst=1643371200000&fmt=3&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=3oes1q0&url=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser&ref=&tiba=Unauthorised%20User%20%7C%20AXA%20UK&is_vtc=1&random=3116291941&ipr=y

44 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request UnauthorisedUser Show response
claims.swiftcover.com/Session/
Redirect Chain

https://claims.swiftcover.com/
https://claims.swiftcover.com/Session/UnauthorisedUser

7 KB
3 KB

136ms
136ms

Document
text/html

85.159.155.43
AXA_INSURANCE

General

Check archive.org

Show headers Download Go to

Full URL: https://claims.swiftcover.com/Session/UnauthorisedUser
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.159.155.43 Tonbridge, United Kingdom, ASN34746 (AXA_INSURANCE, GB),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 806dae8602138cea319038a838e7613178e61cf553e5f6b9a98b95de022a8ab7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-GB,en;q=0.9

Response headers

Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Fri, 28 Jan 2022 12:21:26 GMT
Content-Length: 3181

Redirect headers

Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /Session/UnauthorisedUser
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Fri, 28 Jan 2022 12:21:26 GMT
Content-Length: 142

GET
H2 200 icon
fonts.googleapis.com/ 569 B
868 B 185ms
64ms Stylesheet
text/css 2a00:1450:4007:807::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/icon?family=Material+Icons

Requested by

Host: claims.swiftcover.com
URL: https://claims.swiftcover.com/Session/UnauthorisedUser

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4007:807::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d44a3249e2be052d683c7b58d03890937199b056a6313bd7ae0834281a70a2d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 28 Jan 2022 12:21:26 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 28 Jan 2022 12:21:26 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 28 Jan 2022 12:21:26 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
635 B 189ms
68ms Stylesheet
text/css 2a00:1450:4007:807::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro

Requested by

Host: claims.swiftcover.com
URL: https://claims.swiftcover.com/Session/UnauthorisedUser

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4007:807::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6e6ca8458e665dbb0c6ef4974ee969c1a854bbc5c0f2a66edeebf68b806f3a0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 28 Jan 2022 10:24:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 28 Jan 2022 12:21:26 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 28 Jan 2022 12:21:26 GMT

GET
H2 200 247752487.js Show response
cdn.optimizely.com/js/ 328 KB
97 KB 407ms
209ms Script
text/javascript 2a02:26f0:fb:5a3::13b8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.optimizely.com/js/247752487.js

Requested by

Host: claims.swiftcover.com
URL: https://claims.swiftcover.com/Session/UnauthorisedUser

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb:5a3::13b8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AmazonS3 /

Resource Hash

d1c349b57155150c485d19becf1014a4819e55f19f477658ea2c0e5278323507

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-meta-pci_enabled: False
x-amz-version-id: XLdziMyIymIeLx4QJFzFjJy7Ktm0D5_S
content-encoding: gzip
etag: "55fae6858101544a32b0bb67970c5352"
x-amz-request-id: B6M9F40FGNBJTKPE
x-amz-server-side-encryption: AES256
x-amz-meta-revision: 9279
x-amz-replication-status: PENDING
access-control-allow-methods: GET, HEAD
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="54";dur=0,cdnip;desc="2a02:26f0:fb:5a3::13b8";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0
vary: Accept-Encoding
content-length: 97953
x-amz-id-2: 1T25ZTYazQyXGaTeJt38LYqcS9/UquXCNTM8SfpR9HssoLgmauqdpzq9QTUtsKcBLf0RnkQW5V0=
last-modified: Fri, 28 Jan 2022 09:31:34 GMT
server: AmazonS3
date: Fri, 28 Jan 2022 12:21:27 GMT
access-control-max-age: 86400
strict-transport-security: max-age=15768000
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: x-amz-meta-revision
cache-control: max-age=300
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H/1.1 200
OK VendorCssBundle
claims.swiftcover.com/ 46 KB
12 KB 125ms
125ms Stylesheet
text/css 85.159.155.43
AXA_INSURANCE

General

Check archive.org

Show headers Download Go to

Full URL: https://claims.swiftcover.com/VendorCssBundle?v=aPvHGdwCLw0AMaxdJY5tuTS5GzSoYVJBVAjBIM5_L7U1
Requested by: Host: claims.swiftcover.com
URL: https://claims.swiftcover.com/Session/UnauthorisedUser
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.159.155.43 Tonbridge, United Kingdom, ASN34746 (AXA_INSURANCE, GB),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 407f5113d9e2b4d44e17cefbf45d040bd4b3bc3fd5952a43cffbeaa28ce3cc00

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/Session/UnauthorisedUser
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 12:21:26 GMT
Content-Encoding: gzip
Last-Modified: Fri, 28 Jan 2022 12:21:26 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: User-Agent,Accept-Encoding
Content-Type: text/css; charset=utf-8
Cache-Control: public
Content-Length: 12154
Expires: Sat, 28 Jan 2023 12:21:26 GMT

GET
H/1.1 200
OK main.min.css
claims.swiftcover.com/Content/css/AXA/ 183 KB
38 KB 259ms
133ms Stylesheet
text/css 85.159.155.43
AXA_INSURANCE

General

Check archive.org

Show headers Download Go to

Full URL: https://claims.swiftcover.com/Content/css/AXA/main.min.css
Requested by: Host: claims.swiftcover.com
URL: https://claims.swiftcover.com/Session/UnauthorisedUser
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.159.155.43 Tonbridge, United Kingdom, ASN34746 (AXA_INSURANCE, GB),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: db71b322c72ee238e8f75b7e073de7f8848f696cd639226b4c16ed7ab3647170

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/Session/UnauthorisedUser
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 12:21:26 GMT
Content-Encoding: gzip
Last-Modified: Tue, 25 Jan 2022 13:38:24 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "d46e8cd3f011d81:0"
Vary: Accept-Encoding
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 38657

GET
H/1.1 200
OK jquery Show response
claims.swiftcover.com/bundles/ 1 MB
387 KB 406ms
208ms Script
text/javascript 85.159.155.43
AXA_INSURANCE

General

Check archive.org

Show headers Download Go to

Full URL: https://claims.swiftcover.com/bundles/jquery?v=HolFbc4rrdZf3sCaJd51dTiBdSQlu-cnnsxqUr0baTA1
Requested by: Host: claims.swiftcover.com
URL: https://claims.swiftcover.com/Session/UnauthorisedUser
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.159.155.43 Tonbridge, United Kingdom, ASN34746 (AXA_INSURANCE, GB),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: a03ed09f342b44819675f6768bb308af53d64056e7869991b1b311ed68148f05

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/Session/UnauthorisedUser
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 12:21:26 GMT
Content-Encoding: gzip
Last-Modified: Fri, 28 Jan 2022 12:21:27 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: User-Agent,Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: public
Transfer-Encoding: chunked
Expires: Sat, 28 Jan 2023 12:21:27 GMT

GET
H/1.1 200
OK modernizr Show response
claims.swiftcover.com/bundles/ 11 KB
5 KB 454ms
256ms Script
text/javascript 85.159.155.43
AXA_INSURANCE

General

Check archive.org

Show headers Download Go to

Full URL: https://claims.swiftcover.com/bundles/modernizr?v=wBEWDufH_8Md-Pbioxomt90vm6tJN2Pyy9u9zHtWsPo1
Requested by: Host: claims.swiftcover.com
URL: https://claims.swiftcover.com/Session/UnauthorisedUser
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.159.155.43 Tonbridge, United Kingdom, ASN34746 (AXA_INSURANCE, GB),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 0ec4e0295f86b2142b8996e03d4195888843b50d1954d7e248341da032b7ebba

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/Session/UnauthorisedUser
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 12:21:26 GMT
Content-Encoding: gzip
Last-Modified: Fri, 28 Jan 2022 12:21:27 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: User-Agent,Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: public
Content-Length: 5229
Expires: Sat, 28 Jan 2023 12:21:27 GMT

GET
H/1.1 200
OK venders Show response
claims.swiftcover.com/bundles/ 131 KB
52 KB 574ms
377ms Script
text/javascript 85.159.155.43
AXA_INSURANCE

General

Check archive.org

Show headers Download Go to

Full URL: https://claims.swiftcover.com/bundles/venders?v=lRVrqWc1StUIAUHA-bK89TCeuvk-J8-6_sIkHW-DPC01
Requested by: Host: claims.swiftcover.com
URL: https://claims.swiftcover.com/Session/UnauthorisedUser
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.159.155.43 Tonbridge, United Kingdom, ASN34746 (AXA_INSURANCE, GB),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: c8f09f40b6972cbe239f450cc733fb98bf50decc1dd0360ba4ae9b96578f23c8

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/Session/UnauthorisedUser
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 12:21:26 GMT
Content-Encoding: gzip
Last-Modified: Fri, 28 Jan 2022 12:21:27 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: User-Agent,Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: public
Content-Length: 52490
Expires: Sat, 28 Jan 2023 12:21:27 GMT

GET
H/1.1 200
OK enolJsBundle Show response
claims.swiftcover.com/bundles/ 616 KB
179 KB 418ms
221ms Script
text/javascript 85.159.155.43
AXA_INSURANCE

General

Check archive.org

Show headers Download Go to

Full URL: https://claims.swiftcover.com/bundles/enolJsBundle?v=6TLDkz50U6KNJlGAXNbmS61FU6Lg2MtJmJI0hZbP7Dc1
Requested by: Host: claims.swiftcover.com
URL: https://claims.swiftcover.com/Session/UnauthorisedUser
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.159.155.43 Tonbridge, United Kingdom, ASN34746 (AXA_INSURANCE, GB),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 53c18dfb42474d8657e2a05131e75304270c7cf43169245ab5fb811b3faf1341

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/Session/UnauthorisedUser
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 12:21:26 GMT
Content-Encoding: gzip
Last-Modified: Fri, 28 Jan 2022 12:21:27 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: User-Agent,Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: public
Transfer-Encoding: chunked
Expires: Sat, 28 Jan 2023 12:21:27 GMT

GET
H/1.1 200
OK logo.svg
claims.swiftcover.com/Content/images/AXA/svg/ 2 KB
3 KB 127ms
127ms Image
image/svg+xml 85.159.155.43
AXA_INSURANCE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://claims.swiftcover.com/Content/images/AXA/svg/logo.svg
Requested by: Host: claims.swiftcover.com
URL: https://claims.swiftcover.com/Session/UnauthorisedUser
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.159.155.43 Tonbridge, United Kingdom, ASN34746 (AXA_INSURANCE, GB),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 4f15551e8df16365a4eba91f078b16e4dc40959a98f6f8e1de8b2ad895ccc705

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/Session/UnauthorisedUser
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 12:21:27 GMT
Last-Modified: Tue, 25 Jan 2022 13:38:27 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "cccadd5f011d81:0"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 2362

GET
H2 200 ai.0.js Show response
az416426.vo.msecnd.net/scripts/a/ 94 KB
22 KB 237ms
54ms Script
application/x-javascript 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Requested by: Host: claims.swiftcover.com
URL: https://claims.swiftcover.com/Session/UnauthorisedUser
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8FA5) /
Resource Hash: 5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 28 Jan 2022 12:21:27 GMT
content-encoding: gzip
x-ms-meta-lastmodified: 2020-10-01 19:31:04
content-md5: HdY95yzx9wIyQkVEGES+Ew==
age: 1584
x-cache: HIT
content-length: 22495
x-ms-lease-status: unlocked
last-modified: Thu, 11 Mar 2021 07:46:59 GMT
server: ECAcc (frc/8FA5)
etag: 0x8D8E461DA1A5889
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: eb144240-101e-0059-283d-146ff6000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=1800
x-ms-version: 2009-09-19
expires: Fri, 28 Jan 2022 12:51:27 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 314 KB
85 KB 190ms
63ms Script
application/javascript 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TS5W33

Requested by

Host: claims.swiftcover.com
URL: https://claims.swiftcover.com/Session/UnauthorisedUser

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9fd4d1ab270da36d4581fa6f8044cda9dc5e4900cc8c07b54764d18d58317102

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 12:21:28 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 86730
x-xss-protection: 0
last-modified: Fri, 28 Jan 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 28 Jan 2022 12:21:28 GMT

GET
H/1.1 200
OK SourceSansPro-Regular.otf
claims.swiftcover.com/Content/fonts/SourceSansPro/ 250 KB
251 KB 136ms
135ms Font
application/font-otf 85.159.155.43
AXA_INSURANCE

General

Check archive.org

Show headers Download Go to

Full URL: https://claims.swiftcover.com/Content/fonts/SourceSansPro/SourceSansPro-Regular.otf
Requested by: Host: claims.swiftcover.com
URL: https://claims.swiftcover.com/Content/css/AXA/main.min.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.159.155.43 Tonbridge, United Kingdom, ASN34746 (AXA_INSURANCE, GB),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 7fbc6610f9daeb3abe9863316dfd50369d3e173fc7be8baefc334468e8a19888

Request headers

Referer: https://claims.swiftcover.com/Content/css/AXA/main.min.css
Origin: https://claims.swiftcover.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 12:21:27 GMT
Last-Modified: Tue, 25 Jan 2022 13:38:25 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "f1da46d4f011d81:0"
Content-Type: application/font-otf
Accept-Ranges: bytes
Content-Length: 256288

GET
H/1.1 200
OK background_error.jpg
claims.swiftcover.com/Content/images/AXA/jpg/ 201 KB
202 KB 137ms
137ms Image
image/jpeg 85.159.155.43
AXA_INSURANCE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://claims.swiftcover.com/Content/images/AXA/jpg/background_error.jpg
Requested by: Host: claims.swiftcover.com
URL: https://claims.swiftcover.com/Content/css/AXA/main.min.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.159.155.43 Tonbridge, United Kingdom, ASN34746 (AXA_INSURANCE, GB),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: f6ca424c9a6ed9fe88510a27d6de9abf03af3e7157246f5a7259873109a4cd56

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/Content/css/AXA/main.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 12:21:27 GMT
Last-Modified: Tue, 25 Jan 2022 13:38:27 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "cccadd5f011d81:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 206309

GET
H/1.1 200
OK publico.eot
claims.swiftcover.com/Content/fonts/Publico/ 206 KB
206 KB 138ms
138ms Font
application/vnd.ms-fontobject 85.159.155.43
AXA_INSURANCE

General

Check archive.org

Show headers Download Go to

Full URL: https://claims.swiftcover.com/Content/fonts/Publico/publico.eot?
Requested by: Host: claims.swiftcover.com
URL: https://claims.swiftcover.com/Content/css/AXA/main.min.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.159.155.43 Tonbridge, United Kingdom, ASN34746 (AXA_INSURANCE, GB),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 739201e205fb348ae399397d341aef7402902fb388084998955a0ad4e69ec677

Request headers

Referer: https://claims.swiftcover.com/Content/css/AXA/main.min.css
Origin: https://claims.swiftcover.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 12:21:27 GMT
Last-Modified: Tue, 25 Jan 2022 13:38:25 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "dca53ad4f011d81:0"
Content-Type: application/vnd.ms-fontobject
Accept-Ranges: bytes
Content-Length: 210804

GET
H2 200 a247752487.html Show response
a247752487.cdn.optimizely.com/client_storage/ Frame 6C24 2 KB
1 KB 200ms
54ms Document
text/html 104.89.17.148
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://a247752487.cdn.optimizely.com/client_storage/a247752487.html

Requested by

Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/247752487.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.89.17.148 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-89-17-148.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

56267def56891a5f362d39c74bf78dd1cfe953bc2115f0a6cef8dfacfef7cf02

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/

Response headers

x-amz-id-2: +avw1aol8HtR/7zBD2w186dV2MG/2T0k09R4R3YWDzCgwUxWmqmnZLAO0UIwn9j4tt487/FeaQ4=
x-amz-request-id: B5KSXB19T22P1HRZ
x-amz-replication-status: COMPLETED
last-modified: Fri, 28 Jan 2022 11:11:10 GMT
etag: "4c9ffe39f8c35a3355ded731bc5f88d9"
x-amz-server-side-encryption: AES256
x-amz-meta-pci_enabled: False
content-encoding: gzip
x-amz-version-id: OF21A2wMfs.2VWMoxtxqgoTR37zSm.bO
accept-ranges: bytes
content-type: text/html; charset=utf-8
server: AmazonS3
content-length: 864
vary: Accept-Encoding
cache-control: max-age=120
date: Fri, 28 Jan 2022 12:21:28 GMT
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="54";dur=0,cdnip;desc="104.89.17.148";dur=0,cdnmap;desc="a4728.x.akamaiedge.net";dur=0,proto;desc="h2";dur=0
strict-transport-security: max-age=15768000

GET
H2

200

landing
googleads.g.doubleclick.net/pagead/
Redirect Chain

https://www.google.com/pagead/landing?gcs=G111&gcd=G100&rnd=1458182641.1643372490&url=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser&gtm=2wg1q0TS5W33&auid=1675406090.1643372490
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=G100&rnd=1458182641.1643372490&url=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser&gtm=2wg1q0TS5W33&auid=1675406090....

42 B
681 B

179ms
62ms

Ping
image/gif

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=G100&rnd=1458182641.1643372490&url=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser&gtm=2wg1q0TS5W33&auid=1675406090.1643372490

Requested by

Host: claims.swiftcover.com
URL: https://claims.swiftcover.com/Session/UnauthorisedUser

Protocol

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 12:21:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 28 Jan 2022 12:21:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=G100&rnd=1458182641.1643372490&url=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser&gtm=2wg1q0TS5W33&auid=1675406090.1643372490
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 36 KB
11 KB 211ms
81ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TS5W33
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: dfed159907574337d5a3198b898e17e6f0d6c5c325d8ee2fd2343b7cddb34994

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 12:21:28 GMT
content-encoding: gzip
last-modified: Fri, 03 Dec 2021 01:53:50 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4A2C9635AB0A4A4F804743CB3C5C976B Ref B: FRA31EDGE0816 Ref C: 2022-01-28T12:21:28Z
etag: "0cb09ee8e7d71:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 10468

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 5 KB
2 KB 241ms
60ms Script
application/x-javascript 2a02:26f0:6c00::210:ba22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TS5W33
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba22 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 12:21:28 GMT
Content-Encoding: gzip
Last-Modified: Wed, 29 Sep 2021 19:17:49 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=80694
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2036

GET
H2 200 13529.js Show response
www.dwin1.com/ 30 KB
8 KB 179ms
63ms Script
application/javascript 2600:9000:2315:8200:f:8ce2:fb80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dwin1.com/13529.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TS5W33
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:8200:f:8ce2:fb80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 81882d7b4b66f9d7be8b61d5b3807c40f663e765ff9a838177848144434066fb

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: P2ixpYfPoWOeE.wxbNxXvw4qgjrGo9pz
content-encoding: gzip
etag: W/"c06b84e58a9d49c2c4f796b953f9c83e"
age: 99
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-origin: *
last-modified: Tue, 25 Jan 2022 10:06:46 GMT
server: AmazonS3
date: Fri, 28 Jan 2022 12:19:50 GMT
access-control-allow-methods: GET, HEAD
content-type: application/javascript; charset=utf-8
via: 1.1 7ef588f1ad9c3a185cdaf4119943040e.cloudfront.net (CloudFront)
cache-control: max-age=600, s-maxage=600
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: sWEwZl2cMffgQKr3szr8DHvcqaW_T-NEo--Wfok0eJPkFG-w64gEqQ==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
27 KB 170ms
54ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: claims.swiftcover.com
URL: https://claims.swiftcover.com/Session/UnauthorisedUser

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c55508ea7ce1ad08364772fbfadb835d2b1d1b9238d345c45eee1943ada4ff6f

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 26237
x-xss-protection: 0
pragma: public
x-fb-debug: fYbVkXrtdeh9wadBPYT/GUzOprub5XqDeISpanSprRuczM+OvTDHK0HvBEF6Y5pm+G8WEGa7+qeeH2NaivoHiA==
x-fb-trip-id: 917726464
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Fri, 28 Jan 2022 12:21:28 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 adalyser.js Show response
c0.adalyser.com/ 35 KB
12 KB 276ms
110ms Script
application/javascript 52.212.141.157
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c0.adalyser.com/adalyser.js?cid=axa
Requested by: Host: claims.swiftcover.com
URL: https://claims.swiftcover.com/Session/UnauthorisedUser
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.212.141.157 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-212-141-157.eu-west-1.compute.amazonaws.com
Software: / Express
Resource Hash: c1b356f3f76ac3ce3f19997f63fa181cb9d05cd531eb1ee612ce69a2a57fa56f

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 12:21:28 GMT
content-encoding: gzip
x-powered-by: Express
etag: "60b9cf4ef4ac6dab5294025f3c443ba3cca92451"
p3p: CP="ADMa OUR IND DSP NON COR"
access-control-allow-origin: *
cache-control: public, max-age=21600
access-control-allow-credentials: true
content-type: application/javascript
access-control-allow-headers: origin, content-type, accept
content-length: 12183

POST
H/1.1 204
No Content events Show response
logx.optimizely.com/v1/ 0
366 B 580ms
137ms XHR
text/plain 52.2.252.209
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://logx.optimizely.com/v1/events
Requested by: Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.2.252.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-2-252-209.compute-1.amazonaws.com
Software: nginx/1.17.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://claims.swiftcover.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 28 Jan 2022 12:21:28 GMT
Server: nginx/1.17.2
Content-Type: text/plain
Access-Control-Allow-Origin: https://claims.swiftcover.com
Access-Control-Expose-Headers: X-Results-Data-Source
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-Request-Id: 35cbe6f9-1398-4852-93a9-03b5a583b9dc

GET
H2 200 731504514000972 Show response
connect.facebook.net/signals/config/ 39 KB
11 KB 54ms
54ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/731504514000972?v=2.9.51&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3344bbca88047f05e87a76cccfd0110b5b05079e4e2a3f7e69855da9c4b2406c

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 10754
x-xss-protection: 0
pragma: public
x-fb-debug: 2FfYmrLgkS/gNsL0V/gboIL8XfwceTCeHSBe4ghRc20i9iBdv0U+ccLD45lCDFpE6BMue8ax742qm3ab9OMTkQ==
x-fb-trip-id: 917726464
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Fri, 28 Jan 2022 12:21:28 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 5321252.js Show response
bat.bing.com/p/action/ 713 B
778 B 400ms
400ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/p/action/5321252.js
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ARR/3.0
Resource Hash: e6f6e8576df038b87698f909af8683f70513f75dc009f4a0c554de9ca55ab086

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 12:21:28 GMT
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DED7635F0E5D43EFBE96525AA9AE38E9 Ref B: FRA31EDGE0816 Ref C: 2022-01-28T12:21:28Z
x-powered-by: ARR/3.0
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-store,no-cache
content-length: 607

GET
H2 204 0
bat.bing.com/action/ 0
152 B 81ms
80ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=5321252&tm=gtm002&Ver=2&mid=43fa2f4c-9de7-4452-85cf-9b9895948f7d&sid=d2671d50803411ecad9369bc43f6c3e4&vid=d2674290803411ecb15bd1fcbb4c033a&vids=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Unauthorised%20User%20%7C%20AXA%20UK&p=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser&r=&lt=1908&evt=pageLoad&msclkid=N&sv=1&rn=190779
Requested by: Host: claims.swiftcover.com
URL: https://claims.swiftcover.com/Session/UnauthorisedUser
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 12:21:28 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0F597F8E9FD64D0B8450FF5792BCBB3F Ref B: FRA31EDGE0816 Ref C: 2022-01-28T12:21:28Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2764153&time=1643372489851&url=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2764153%26time%3D1643372489851%26url%3Dhttps%253A%252F%252Fclaims.swiftcover.com%...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2764153&time=1643372489851&url=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2764153&time=1643372489851&url=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser&liSync=true&e_ipv6=AQJxpBPVt3fptwAAAX6goinxYINPmD...

0
155 B

491ms
216ms

Image
application/javascript

108.174.10.14
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2764153&time=1643372489851&url=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser&liSync=true&e_ipv6=AQJxpBPVt3fptwAAAX6goinxYINPmD6g8n5Fbjki50WmTbjQk9RM19L7H0JnmoSx
Requested by: Host: claims.swiftcover.com
URL: https://claims.swiftcover.com/Session/UnauthorisedUser
Protocol: H2
Server: 108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-14.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 12:21:29 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-proto: http/2
x-li-pop: prod-lva1
content-type: application/javascript
content-length: 0
x-li-uuid: taBhiJJuzhYw4FIgBCsAAA==

Redirect headers

date: Fri, 28 Jan 2022 12:21:29 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 9802A3FD2B074283B07C4AC8E643E9A3 Ref B: FRAEDGE1112 Ref C: 2022-01-28T12:21:29Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2764153&time=1643372489851&url=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser&liSync=true&e_ipv6=AQJxpBPVt3fptwAAAX6goinxYINPmD6g8n5Fbjki50WmTbjQk9RM19L7H0JnmoSx
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXWo3lzlkz6Cqrk4+jRJw==

GET
H/1.1 200
OK publico.ttf
claims.swiftcover.com/Content/fonts/Publico/ 206 KB
206 KB 135ms
134ms Font
application/font-ttf 85.159.155.43
AXA_INSURANCE

General

Check archive.org

Show headers Download Go to

Full URL: https://claims.swiftcover.com/Content/fonts/Publico/publico.ttf
Requested by: Host: claims.swiftcover.com
URL: https://claims.swiftcover.com/Content/css/AXA/main.min.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.159.155.43 Tonbridge, United Kingdom, ASN34746 (AXA_INSURANCE, GB),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: baa97cb056524ee6f783090f83aa1f885c94b2b04316c0c79106d39648fa2a24

Request headers

Referer: https://claims.swiftcover.com/Content/css/AXA/main.min.css
Origin: https://claims.swiftcover.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 12:21:27 GMT
Last-Modified: Tue, 25 Jan 2022 13:38:25 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "1dfd3fd4f011d81:0"
Content-Type: application/font-ttf
Accept-Ranges: bytes
Content-Length: 210492

GET
H2 200 /
www.facebook.com/tr/ 44 B
295 B 172ms
54ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=731504514000972&ev=PageView&dl=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser&rl=&if=false&ts=1643372489868&sw=1600&sh=1200&v=2.9.51&r=stable&ec=0&o=28&fbp=fb.1.1643372489867.1565593394&it=1643372489800&coo=false&rqm=GET

Requested by

Host: claims.swiftcover.com
URL: https://claims.swiftcover.com/Session/UnauthorisedUser

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 12:21:28 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Fri, 28 Jan 2022 12:21:28 GMT

GET
H2 200 p
c0.adalyser.com/tracking/track/v3/ 43 B
341 B 56ms
56ms Image
image/gif 52.212.141.157
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c0.adalyser.com/tracking/track/v3/p?stm=1643372489899&e=lce1&url=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser&cid=axa&p=%7B%22et%22%3A1643372489896%2C%22nr%22%3A%22New%22%2C%22cg%22%3A%22Direct%22%2C%22dt%22%3A%22desktop%22%2C%22so%22%3A%22direct%22%2C%22me%22%3A%22none%22%2C%22ca%22%3A%22direct%22%2C%22co%22%3A%22(not%20set)%22%2C%22ke%22%3A%22(not%20set)%22%2C%22vid%22%3A%221%22%2C%22sid%22%3A%22da33399f-5c7a-49e1-aed8-99c535d1da9a%22%2C%22duid%22%3A%22a31db426-aec9-4585-823c-b231cf4f1115%22%2C%22cw%22%3A1643372489896%7D&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F97.0.4692.71%20Safari%2F537.36&domain=claims.swiftcover.com
Requested by: Host: claims.swiftcover.com
URL: https://claims.swiftcover.com/Session/UnauthorisedUser
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.212.141.157 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-212-141-157.eu-west-1.compute.amazonaws.com
Software: / Express
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 12:21:28 GMT
x-powered-by: Express
etag: W/"2b-B//0C13UlayirE4cP7xgqg"
p3p: CP="ADMa OUR IND DSP NON COR"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
access-control-allow-headers: origin, content-type, accept
content-length: 43
expires: 0

GET
H2 200 clarity.js Show response
i.clarity.ms/s/0.6.31/ 52 KB
23 KB 424ms
134ms Script
application/javascript 52.167.85.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clarity.ms/s/0.6.31/clarity.js
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/5321252.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b2d2f11eb78159e31bce4355ffd5e696717de4270a77ba1d2038e066462008ad

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 12:21:28 GMT
content-encoding: br
etag: "1d811e72bf47200"
last-modified: Tue, 25 Jan 2022 12:29:18 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
accept-ranges: bytes
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=8A04D6BC3DC04050B0C3AF3F398946B8&RedC=c.clarity.ms&MXFR=0936082977486AA52C50191373486483
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=8A04D6BC3DC04050B0C3AF3F398946B8&MUID=3FB2DC276BAA68BD3207CD1D6A066954

42 B
441 B

196ms
195ms

Image
image/gif

40.91.78.9
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=8A04D6BC3DC04050B0C3AF3F398946B8&MUID=3FB2DC276BAA68BD3207CD1D6A066954
Requested by: Host: claims.swiftcover.com
URL: https://claims.swiftcover.com/Session/UnauthorisedUser
Protocol: H2
Server: 40.91.78.9 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 12:21:28 GMT
last-modified: Thu, 13 Jan 2022 19:51:59 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "3bc6e26b78d81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Fri, 28 Jan 2022 12:21:29 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C95AC47AFCC1471095DB2916D4E5B84B Ref B: FRA31EDGE0816 Ref C: 2022-01-28T12:21:29Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=8A04D6BC3DC04050B0C3AF3F398946B8&MUID=3FB2DC276BAA68BD3207CD1D6A066954
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H/1.1 200
OK AbandonSession Show response
claims.swiftcover.com/Session/ 0
205 B 130ms
129ms XHR
text/plain 85.159.155.43
AXA_INSURANCE

General

Check archive.org

Show headers Download Go to

Full URL: https://claims.swiftcover.com/Session/AbandonSession?_=1643372489251
Requested by: Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.159.155.43 Tonbridge, United Kingdom, ASN34746 (AXA_INSURANCE, GB),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://claims.swiftcover.com/Session/UnauthorisedUser
Request-Id: |vV16d.lFMuH
X-Requested-With: XMLHttpRequest
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/json; charset=utf-8

Response headers

Date: Fri, 28 Jan 2022 12:21:28 GMT
Cache-Control: private
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 0

POST
H2 204 collect Show response
i.clarity.ms/ 0
97 B 135ms
134ms XHR
text/plain 52.167.85.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clarity.ms/collect
Requested by: Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://claims.swiftcover.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

access-control-allow-origin: https://claims.swiftcover.com
date: Fri, 28 Jan 2022 12:21:29 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 160 KB
55 KB 138ms
75ms Script
application/javascript 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-RE55ZQSXB7&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TS5W33

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

eb6803c8cd67d054751428df50d63313a5de45ecfebeb01395c0aaac5a2ce5aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 12:21:29 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56639
x-xss-protection: 0
expires: Fri, 28 Jan 2022 12:21:29 GMT

OPTIONS
H2 200 track
dc.services.visualstudio.com/v2/ Frame 0
0 406ms
57ms Preflight 52.236.186.218
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.236.186.218 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,sdk-context
Origin: https://claims.swiftcover.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-methods: POST
access-control-allow-headers: Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
access-control-allow-origin: *
access-control-max-age: 3600
x-content-type-options: nosniff
date: Fri, 28 Jan 2022 12:21:29 GMT
content-length: 0

POST
H2 200 track Show response
dc.services.visualstudio.com/v2/ 96 B
304 B 908ms
907ms XHR
application/json 52.236.186.218
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.236.186.218 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

f51f6718c64925153c7db7a22736f6c08fce3299828376f59663e05e8b84b825

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://claims.swiftcover.com/
Accept-Language: en-GB,en;q=0.9
Sdk-Context: appId
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-type: application/json

Response headers

x-ms-session-id: A85C1BED-6158-4C00-8A3D-CDAE7D0A1E88
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Fri, 28 Jan 2022 12:21:30 GMT
access-control-max-age: 3600
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Name, Content-Type, Accept, Cache-Control, Sdk-Context
content-length: 96

GET
H2 200 collect Show response
sgtm.axa.co.uk/g/ 1 KB
805 B 259ms
117ms XHR
text/plain 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sgtm.axa.co.uk/g/collect?v=2&tid=G-RE55ZQSXB7&gtm=2oe1q0&_p=1560120598&sr=1600x1200&_gaz=1&gcs=G111&gcd=G100&adr=0&ul=en-us&cid=1409812337.1643372491&_fplc=0&_s=1&dl=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser&dr=&dt=Unauthorised%20User%20%7C%20AXA%20UK&sid=1643372491&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_type=claim&ep.page_product=motor&ep.user_logged_in=true&ep.website=personal%20insurance&ep.op_co=personal%20insurance&ep.channel=DirectBusiness&ep.customer_type=front-office&ep.environment=prod&ep.all_data=true&ep.ip_lookup=staff&ep.page_name=Unauthorised%20User&ep.url_redacted_pii=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser&ep.user_device=desktop&ep.no_advertising_consent_or_partner=false&ep.page_path=%2FSession%2FUnauthorisedUser&ep.user_id_defined=false&up.staff_customer=staff&richsstsse

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Resource Hash

5682148709531666448c067909e19dc93c9f361e2bf99296f7d5a014b541701c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 12:21:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: https://claims.swiftcover.com
cache-control: no-cache
access-control-allow-credentials: true
via: 1.1 google

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
351 B 173ms
56ms Ping
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-RE55ZQSXB7&cid=1409812337.1643372491&gtm=2oe1q0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RE55ZQSXB7&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://claims.swiftcover.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 12:21:30 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://claims.swiftcover.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.co.uk/ads/ 42 B
501 B 205ms
79ms Image
image/gif 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-RE55ZQSXB7&cid=1409812337.1643372491&gtm=2oe1q0&aip=1&z=86053357

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 12:21:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

dc_pre=CPvEpMy31PUCFRFgxgodOhcFHg;src=8312467;type=axa;cat=visits;ord=1;num=277132861;gtm=3oes1q0;u1=prod;u2=personal%20insurance;u3=Unauthorised%20User;u5=https%3A%2F%2Fclaims.swiftcover.com%2FSes...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=8312467;type=axa;cat=visits;ord=1;num=277132861;gtm=3oes1q0;u1=prod;u2=personal%20insurance;u3=Unauthorised%20User;u5=https%3A%2F%2Fclaims.swiftcover.com%2FS...
https://ad.doubleclick.net/activity;dc_pre=CPvEpMy31PUCFRFgxgodOhcFHg;src=8312467;type=axa;cat=visits;ord=1;num=277132861;gtm=3oes1q0;u1=prod;u2=personal%20insurance;u3=Unauthorised%20User;u5=https...
https://adservice.google.com/ddm/fls/z/dc_pre=CPvEpMy31PUCFRFgxgodOhcFHg;src=8312467;type=axa;cat=visits;ord=1;num=277132861;gtm=3oes1q0;u1=prod;u2=personal%20insurance;u3=Unauthorised%20User;u5=ht...

42 B
541 B

242ms
90ms

Image
image/gif

2a00:1450:401b:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CPvEpMy31PUCFRFgxgodOhcFHg;src=8312467;type=axa;cat=visits;ord=1;num=277132861;gtm=3oes1q0;u1=prod;u2=personal%20insurance;u3=Unauthorised%20User;u5=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser;u8=1409812337.1643372491;u12=true;u4=motor;u6=en;u9=desktop;gcs=G111;gcd=G100;auiddc=*;s3p=1;~oref=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser

Protocol

Server

2a00:1450:401b:800::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Fri, 28 Jan 2022 12:21:31 GMT
content-type: image/gif
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 28 Jan 2022 12:21:30 GMT
content-type: text/html; charset=UTF-8
location: https://adservice.google.com/ddm/fls/z/dc_pre=CPvEpMy31PUCFRFgxgodOhcFHg;src=8312467;type=axa;cat=visits;ord=1;num=277132861;gtm=3oes1q0;u1=prod;u2=personal%20insurance;u3=Unauthorised%20User;u5=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser;u8=1409812337.1643372491;u12=true;u4=motor;u6=en;u9=desktop;gcs=G111;gcd=G100;auiddc=*;s3p=1;~oref=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

dc_pre=CJvEpMy31PUCFRfhmgodycMH2g;src=8312467;type=axa;cat=viewpage;ord=1853946859;gtm=3oes1q0;u1=prod;u2=personal%20insurance;u3=Unauthorised%20User;u5=https%3A%2F%2Fclaims.swiftcover.com%2FSessio...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=8312467;type=axa;cat=viewpage;ord=1853946859;gtm=3oes1q0;u1=prod;u2=personal%20insurance;u3=Unauthorised%20User;u5=https%3A%2F%2Fclaims.swiftcover.com%2FSess...
https://ad.doubleclick.net/activity;dc_pre=CJvEpMy31PUCFRfhmgodycMH2g;src=8312467;type=axa;cat=viewpage;ord=1853946859;gtm=3oes1q0;u1=prod;u2=personal%20insurance;u3=Unauthorised%20User;u5=https%3A...
https://adservice.google.com/ddm/fls/z/dc_pre=CJvEpMy31PUCFRfhmgodycMH2g;src=8312467;type=axa;cat=viewpage;ord=1853946859;gtm=3oes1q0;u1=prod;u2=personal%20insurance;u3=Unauthorised%20User;u5=https...

42 B
108 B

246ms
90ms

Image
image/gif

2a00:1450:401b:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CJvEpMy31PUCFRfhmgodycMH2g;src=8312467;type=axa;cat=viewpage;ord=1853946859;gtm=3oes1q0;u1=prod;u2=personal%20insurance;u3=Unauthorised%20User;u5=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser;u8=1409812337.1643372491;u12=true;u4=motor;u6=en;u9=desktop;gcs=G111;gcd=G100;auiddc=*;s3p=1;~oref=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser

Protocol

Server

2a00:1450:401b:800::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Fri, 28 Jan 2022 12:21:31 GMT
content-type: image/gif
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 28 Jan 2022 12:21:30 GMT
content-type: text/html; charset=UTF-8
location: https://adservice.google.com/ddm/fls/z/dc_pre=CJvEpMy31PUCFRfhmgodycMH2g;src=8312467;type=axa;cat=viewpage;ord=1853946859;gtm=3oes1q0;u1=prod;u2=personal%20insurance;u3=Unauthorised%20User;u5=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser;u8=1409812337.1643372491;u12=true;u4=motor;u6=en;u9=desktop;gcs=G111;gcd=G100;auiddc=*;s3p=1;~oref=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.google.co.uk/pagead/1p-user-list/1059897644/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1059897644/?random=1643372490338&cv=10&fst=1643372490338&fmt=3&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=3oes1q0&url=https%3A%2F%2Fcla...
https://www.google.com/pagead/1p-user-list/1059897644/?random=1643372490338&cv=10&fst=1643371200000&fmt=3&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=3oes1q0&url=https%3A%2F%2Fclaims.swiftcover.com%2FS...
https://www.google.co.uk/pagead/1p-user-list/1059897644/?random=1643372490338&cv=10&fst=1643371200000&fmt=3&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=3oes1q0&url=https%3A%2F%2Fclaims.swiftcover.com%2...

42 B
64 B

130ms
66ms

Image
image/gif

2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/pagead/1p-user-list/1059897644/?random=1643372490338&cv=10&fst=1643371200000&fmt=3&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=3oes1q0&url=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser&ref=&tiba=Unauthorised%20User%20%7C%20AXA%20UK&is_vtc=1&random=3116291941&ipr=y

Protocol

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://claims.swiftcover.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 12:21:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 28 Jan 2022 12:21:30 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.co.uk/pagead/1p-user-list/1059897644/?random=1643372490338&cv=10&fst=1643371200000&fmt=3&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=3oes1q0&url=https%3A%2F%2Fclaims.swiftcover.com%2FSession%2FUnauthorisedUser&ref=&tiba=Unauthorised%20User%20%7C%20AXA%20UK&is_vtc=1&random=3116291941&ipr=y
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Axa (Insurance)

176 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

33 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
claims.swiftcover.com/	1969-12-31 23:59:59	Name: f5avraaaaaaaaaaaaaaaa_session_ Value: NIHILBHPJFJJFKCBFBOHDFGCIEPOAABJABHJMFIFCJIALGNHPLAEIHLGENOKCLEEDPGDGPNPJPLIBKIADALAJKMBHNPJCPHKLCLIHDNKMFKIMHNKMJAFAMLEJKOMFDGO
.swiftcover.com/	1970-01-20 04:48:44	Name: optimizelyEndUserId Value: oeu1643372488706r0.9345203264270312
claims.swiftcover.com/	1970-01-20 09:15:08	Name: ai_user Value: TjTJy\|2022-01-28T12:21:29.414Z
claims.swiftcover.com/	1969-12-31 23:59:59	Name: _gtm_userSampleGroup Value: 0.15
claims.swiftcover.com/	1969-12-31 23:59:59	Name: cookieConsent Value: all
.swiftcover.com/	1970-01-20 02:39:08	Name: _gcl_au Value: 1.1.1675406090.1643372490
.bing.com/	1970-01-20 09:51:08	Name: MUID Value: 3FB2DC276BAA68BD3207CD1D6A066954
.swiftcover.com/	1970-01-20 00:30:58	Name: _uetsid Value: d2671d50803411ecad9369bc43f6c3e4
.swiftcover.com/	1970-01-20 09:51:08	Name: _uetvid Value: d2674290803411ecb15bd1fcbb4c033a
.swiftcover.com/	1970-01-20 02:39:08	Name: _fbp Value: fb.1.1643372489867.1565593394
.swiftcover.com/	1970-01-20 00:29:34	Name: __adal_ses Value: *
.swiftcover.com/	1970-01-20 18:00:44	Name: __adal_id Value: a31db426-aec9-4585-823c-b231cf4f1115.1643372490.1.1643372490.1643372490.da33399f-5c7a-49e1-aed8-99c535d1da9a
.swiftcover.com/	1970-01-20 04:48:44	Name: __adal_ca Value: so%3Ddirect%26me%3Dnone%26ca%3Ddirect%26co%3D%28not%2520set%29%26ke%3D%28not%2520set%29
.swiftcover.com/	1970-01-20 00:39:37	Name: __adal_cw Value: 1643372489896
.linkedin.com/	1970-01-20 01:12:44	Name: UserMatchHistory Value: AQJ_xcPzDr9-QgAAAX6goigPP1jeE1PlY-mCLfPPv_qUvA3G2Ol9kk4A1FzXCz_YPTTFIVW4sgjgRw
.linkedin.com/	1970-01-20 01:12:44	Name: AnalyticsSyncHistory Value: AQIe_zDs9bk46QAAAX6goigPRO6GDe4AZaZXsIduRQ2CV-IoTjx2XHOiuuSm9GEEebWAlTaKPFZfRIyDyveucg
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 18:01:26	Name: bcookie Value: "v=2&9107b818-99c1-4f56-80c3-b04dbe230a99"
.linkedin.com/	1970-01-20 00:30:58	Name: lidc Value: "b=OGST05:s=O:r=O:a=O:p=O:g=2421:u=1:x=1:i=1643372488:t=1643458888:v=2:sig=AQElpjkco2b1KB_cgy9u8k46liZp8E4A"
claims.swiftcover.com/	1970-01-20 00:29:34	Name: ai_session Value: yh6tb\|1643372490307.5\|1643372490307.5
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.www.linkedin.com/	1970-01-20 18:01:26	Name: bscookie Value: "v=1&20220128122128829c32c9-11a0-4f22-8429-564452d35b97AQH_b2aREd99S_cV5_jdWK4Sf3jIpwPX"
.linkedin.com/	1970-01-20 17:55:32	Name: li_gc Value: MTswOzE2NDMzNzI0ODg7MjswMjEC6zPBbZuFq9wa5eC7qaki5F3bve7d0Obodu6uARpl9g==
.swiftcover.com/	1970-01-20 09:15:08	Name: _clck Value: c5wvs7\|1\|eyi\|0
.c.bing.com/	1970-01-20 09:51:08	Name: SRM_B Value: 3FB2DC276BAA68BD3207CD1D6A066954
.swiftcover.com/	1970-01-20 00:30:58	Name: _clsk Value: 1bggwbm\|1643372491035\|1\|1\|i.clarity.ms/collect
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 09:51:08	Name: MUID Value: 3FB2DC276BAA68BD3207CD1D6A066954
.c.clarity.ms/	1970-01-20 00:39:37	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 00:29:33	Name: ANONCHK Value: 0
.swiftcover.com/	1970-01-20 18:00:44	Name: _ga_RE55ZQSXB7 Value: GS1.1.1643372491.1.0.1643372491.60
.swiftcover.com/	1970-01-20 18:00:44	Name: _ga Value: GA1.1.1409812337.1643372491
.doubleclick.net/	1970-01-20 09:51:08	Name: IDE Value: AHWqTUkgy0Zf1q2s65utxSyombp0KcYTNwXv98_Y2pHI6goZCrVvTPFn7LQTxYRT

24 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://claims.swiftcover.com/Session/UnauthorisedUser Message: Failed to decode downloaded font: https://claims.swiftcover.com/Content/fonts/Publico/publico.eot?
other	warning	URL: https://claims.swiftcover.com/Session/UnauthorisedUser Message: OTS parsing error: invalid sfntVersion: 1949762304
other	warning	URL: https://claims.swiftcover.com/Session/UnauthorisedUser Message: Failed to decode downloaded font: https://claims.swiftcover.com/Content/fonts/Publico/publico.eot?
other	warning	URL: https://claims.swiftcover.com/Session/UnauthorisedUser Message: OTS parsing error: invalid sfntVersion: 1949762304
other	warning	URL: https://claims.swiftcover.com/Session/UnauthorisedUser Message: Failed to decode downloaded font: https://claims.swiftcover.com/Content/fonts/Publico/publico.eot?
other	warning	URL: https://claims.swiftcover.com/Session/UnauthorisedUser Message: OTS parsing error: invalid sfntVersion: 1949762304
other	warning	URL: https://claims.swiftcover.com/Session/UnauthorisedUser Message: Failed to decode downloaded font: https://claims.swiftcover.com/Content/fonts/Publico/publico.eot?
other	warning	URL: https://claims.swiftcover.com/Session/UnauthorisedUser Message: OTS parsing error: invalid sfntVersion: 1949762304
other	warning	URL: https://claims.swiftcover.com/Session/UnauthorisedUser Message: Failed to decode downloaded font: https://claims.swiftcover.com/Content/fonts/Publico/publico.eot?
other	warning	URL: https://claims.swiftcover.com/Session/UnauthorisedUser Message: OTS parsing error: invalid sfntVersion: 1949762304
other	warning	URL: https://claims.swiftcover.com/Session/UnauthorisedUser Message: Failed to decode downloaded font: https://claims.swiftcover.com/Content/fonts/Publico/publico.eot?
other	warning	URL: https://claims.swiftcover.com/Session/UnauthorisedUser Message: OTS parsing error: invalid sfntVersion: 1949762304
other	warning	URL: https://claims.swiftcover.com/Session/UnauthorisedUser Message: Failed to decode downloaded font: https://claims.swiftcover.com/Content/fonts/Publico/publico.eot?
other	warning	URL: https://claims.swiftcover.com/Session/UnauthorisedUser Message: OTS parsing error: invalid sfntVersion: 1949762304
other	warning	URL: https://claims.swiftcover.com/Session/UnauthorisedUser Message: Failed to decode downloaded font: https://claims.swiftcover.com/Content/fonts/Publico/publico.eot?
other	warning	URL: https://claims.swiftcover.com/Session/UnauthorisedUser Message: OTS parsing error: invalid sfntVersion: 1949762304
other	warning	URL: https://claims.swiftcover.com/Session/UnauthorisedUser Message: Failed to decode downloaded font: https://claims.swiftcover.com/Content/fonts/Publico/publico.eot?
other	warning	URL: https://claims.swiftcover.com/Session/UnauthorisedUser Message: OTS parsing error: invalid sfntVersion: 1949762304
other	warning	URL: https://claims.swiftcover.com/Session/UnauthorisedUser Message: Failed to decode downloaded font: https://claims.swiftcover.com/Content/fonts/Publico/publico.eot?
other	warning	URL: https://claims.swiftcover.com/Session/UnauthorisedUser Message: OTS parsing error: invalid sfntVersion: 1949762304
other	warning	URL: https://claims.swiftcover.com/Session/UnauthorisedUser Message: Failed to decode downloaded font: https://claims.swiftcover.com/Content/fonts/Publico/publico.eot?
other	warning	URL: https://claims.swiftcover.com/Session/UnauthorisedUser Message: OTS parsing error: invalid sfntVersion: 1949762304
other	warning	URL: https://claims.swiftcover.com/Session/UnauthorisedUser Message: Failed to decode downloaded font: https://claims.swiftcover.com/Content/fonts/Publico/publico.eot?
other	warning	URL: https://claims.swiftcover.com/Session/UnauthorisedUser Message: OTS parsing error: invalid sfntVersion: 1949762304

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a247752487.cdn.optimizely.com
ad.doubleclick.net
adservice.google.com
az416426.vo.msecnd.net
bat.bing.com
c.bing.com
c.clarity.ms
c0.adalyser.com
cdn.optimizely.com
claims.swiftcover.com
connect.facebook.net
dc.services.visualstudio.com
fonts.googleapis.com
googleads.g.doubleclick.net
i.clarity.ms
logx.optimizely.com
px.ads.linkedin.com
px4.ads.linkedin.com
sgtm.axa.co.uk
snap.licdn.com
stats.g.doubleclick.net
www.dwin1.com
www.facebook.com
www.google.co.uk
www.google.com
www.googletagmanager.com
www.linkedin.com
104.89.17.148
108.174.10.14
2001:4860:4802:36::15
216.58.215.102
2600:9000:2315:8200:f:8ce2:fb80:93a1
2606:2800:233:1cb7:261b:1f9c:2074:3c
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:802::2003
2a00:1450:4001:802::2008
2a00:1450:4001:810::2002
2a00:1450:4007:807::200a
2a00:1450:4007:815::2004
2a00:1450:400c:c0c::9a
2a00:1450:401b:800::2002
2a02:26f0:6c00::210:ba22
2a02:26f0:fb:5a3::13b8
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
40.91.78.9
52.167.85.21
52.2.252.209
52.212.141.157
52.236.186.218
85.159.155.43
0ec4e0295f86b2142b8996e03d4195888843b50d1954d7e248341da032b7ebba
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
3344bbca88047f05e87a76cccfd0110b5b05079e4e2a3f7e69855da9c4b2406c
407f5113d9e2b4d44e17cefbf45d040bd4b3bc3fd5952a43cffbeaa28ce3cc00
4f15551e8df16365a4eba91f078b16e4dc40959a98f6f8e1de8b2ad895ccc705
5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e
53c18dfb42474d8657e2a05131e75304270c7cf43169245ab5fb811b3faf1341
56267def56891a5f362d39c74bf78dd1cfe953bc2115f0a6cef8dfacfef7cf02
5682148709531666448c067909e19dc93c9f361e2bf99296f7d5a014b541701c
6e6ca8458e665dbb0c6ef4974ee969c1a854bbc5c0f2a66edeebf68b806f3a0e
739201e205fb348ae399397d341aef7402902fb388084998955a0ad4e69ec677
7fbc6610f9daeb3abe9863316dfd50369d3e173fc7be8baefc334468e8a19888
806dae8602138cea319038a838e7613178e61cf553e5f6b9a98b95de022a8ab7
81882d7b4b66f9d7be8b61d5b3807c40f663e765ff9a838177848144434066fb
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9fd4d1ab270da36d4581fa6f8044cda9dc5e4900cc8c07b54764d18d58317102
a03ed09f342b44819675f6768bb308af53d64056e7869991b1b311ed68148f05
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
b2d2f11eb78159e31bce4355ffd5e696717de4270a77ba1d2038e066462008ad
baa97cb056524ee6f783090f83aa1f885c94b2b04316c0c79106d39648fa2a24
c1b356f3f76ac3ce3f19997f63fa181cb9d05cd531eb1ee612ce69a2a57fa56f
c55508ea7ce1ad08364772fbfadb835d2b1d1b9238d345c45eee1943ada4ff6f
c8f09f40b6972cbe239f450cc733fb98bf50decc1dd0360ba4ae9b96578f23c8
d1c349b57155150c485d19becf1014a4819e55f19f477658ea2c0e5278323507
d44a3249e2be052d683c7b58d03890937199b056a6313bd7ae0834281a70a2d6
db71b322c72ee238e8f75b7e073de7f8848f696cd639226b4c16ed7ab3647170
dfed159907574337d5a3198b898e17e6f0d6c5c325d8ee2fd2343b7cddb34994
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6f6e8576df038b87698f909af8683f70513f75dc009f4a0c554de9ca55ab086
eb6803c8cd67d054751428df50d63313a5de45ecfebeb01395c0aaac5a2ce5aa
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f51f6718c64925153c7db7a22736f6c08fce3299828376f59663e05e8b84b825
f6ca424c9a6ed9fe88510a27d6de9abf03af3e7157246f5a7259873109a4cd56
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

claims.swiftcover.com Open in urlscan Pro 85.159.155.43 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

44 Requests

86 %HTTPS

64 %IPv6

18 Domains

27 Subdomains

22 IPs

6 Countries

1906 kBTransfer

4318 kBSize

33 Cookies

5 Outgoing links

Page URL History

Redirected requests

44 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

claims.swiftcover.com Open in urlscan Pro
85.159.155.43 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

44
Requests

86 %
HTTPS

64 %
IPv6

18
Domains

27
Subdomains

22
IPs

6
Countries

1906 kB
Transfer

4318 kB
Size

33
Cookies

44 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!