Report - nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201

Report Overview

Visited public
2023-11-15 07:46:28
Tags
URL
nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Finishing URL
nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
IP / ASN
172.67.150.79
#13335 CLOUDFLARENET
Title
Pokémon Scarlet Switch NSP XCI | nsw2u.com

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
pixel.wp.com	2545	1997-03-28	2017-01-30 06:31:40	2023-11-15 05:09:42	1.2 kB	480 B	192.0.76.3
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20 07:02:03	2023-11-15 08:05:39	1.4 kB	110 kB	104.17.2.184
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2023-11-15 05:09:04	453 B	738 B	139.45.195.8
assets.nintendo.com	75920	1995-01-10	2020-02-19 12:11:58	2023-11-08 20:20:43	2.8 kB	189 kB	104.110.18.102
stats.wp.com	2711	1997-03-28	2017-01-30 06:06:59	2023-11-15 05:09:42	792 B	34 kB	192.0.76.3
c0.wp.com	6988	1997-03-28	2018-09-24 17:59:05	2023-11-15 05:09:42	5.3 kB	307 kB	192.0.77.37
tenderlywomblink.com	unknown	2023-11-03	2023-11-03 12:33:27	2023-11-13 22:54:19	3.1 kB	33 kB	192.243.61.227
publisherride.com	unknown	2023-10-09	2023-10-24 10:04:21	2023-11-15 07:27:15	479 B	467 B	192.243.59.20
secure.gravatar.com	1671	2004-07-15	2012-05-22 07:36:38	2023-11-15 05:16:37	471 B	2.8 kB	192.0.73.2
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12 17:15:41	2023-11-15 05:14:16	443 B	25 kB	45.133.44.10
mgnetu.com	93129	2019-07-12	2019-07-13 13:27:43	2023-11-08 09:19:04	405 B	2.9 kB	188.114.96.1
professionalswebcheck.com	unknown	2022-04-01	2022-04-02 00:47:29	2023-11-15 05:31:50	426 B	418 B	52.59.122.145
nsw2u.com	unknown	2020-12-05	2020-12-20 03:30:48	2023-11-09 15:28:15	20 kB	726 kB	104.21.88.34
i0.wp.com	3021	1997-03-28	2013-09-17 08:14:42	2023-11-15 07:11:48	13 kB	458 kB	192.0.77.2
www.google-analytics.com	40	2005-07-18	2012-10-03 03:04:21	2023-11-14 03:52:44	408 B	22 kB	108.177.14.100
nukeluck.net	unknown	2023-10-08	2023-10-09 03:41:56	2023-11-14 12:12:41	2.0 kB	89 kB	139.45.197.243
pagead2.googlesyndication.com	101	2003-01-21	2021-02-20 16:52:05	2023-11-15 08:30:58	449 B	154 kB	142.250.74.2
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-11-15 05:09:10	1.4 kB	8.0 kB	104.17.24.14
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-11-15 03:50:12	1.3 kB	350 kB	142.250.74.168
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-11-15 03:06:09	459 B	14 kB	142.250.74.106
banquetunarmedgrater.com	unknown	2022-08-04	2022-08-04 17:12:50	2023-11-15 00:46:18	409 B	839 B	172.67.219.12
friendshipmale.com	unknown	2022-10-21	2022-10-21 14:15:25	2023-11-15 05:14:16	397 B	86 kB	104.21.234.32
definedbootnervous.com	unknown	2023-05-22	2023-05-22 04:09:17	2023-11-09 01:25:05	437 B	30 kB	173.233.137.36

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-15	medium	tenderlywomblink.com	Sinkholed
2023-11-15	medium	tenderlywomblink.com	Sinkholed
2023-11-15	medium	publisherride.com	Sinkholed
2023-11-14	medium	nukeluck.net	Sinkholed
2023-11-14	medium	nukeluck.net	Sinkholed
2023-11-15	medium	tenderlywomblink.com	Sinkholed
2023-11-14	medium	nukeluck.net	Sinkholed
2023-11-15	medium	definedbootnervous.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (77)

	URL	From	Size	First Seen	Last Seen
	nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.core.js	ScriptElement	6.2 kB	2023-03-09	2024-10-18
Pretty URL nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.core.js IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 01:16 Last Seen2024-10-18 06:17 Times Seen18 Hash df624c8da81dfe8e2f2f558d9139d1d0 90c0e4b670c1a0ee9b772255ac970a43c30df77e d70382f3bf05e5893b55e8cd88979ca435c34e1fcadf16a14cf0c2fd56e35791 Loading...

	nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=a812fafe63c2ca6c059f	ScriptElement	77 kB	2023-10-28	2024-08-20
Pretty URL nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=a812fafe63c2ca6c059f IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-28 03:29 Last Seen2024-08-20 22:07 Times Seen11 Hash bb2bcd8e8e67be4e7407da63a5d1fcd9 932cfee6f2c001ae53f7a7de218c83e5d4079bf8 fef6a375b1c9c9d2ad495d873e86826359854782397fa62ef0dc747f51d95ea8 Loading...

	nsw2u.com/sandbox%20eval%20code		147 B	2023-04-11	2025-05-10
Pretty URL nsw2u.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-10 11:22 Times Seen341638 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	unknown	ScriptElement	187 B	2023-10-15	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-15 00:59 Last Seen2024-08-21 04:41 Times Seen10 Hash 91f51021b7facfc276086d27fa65c473 26171fc83df06a093b5760bb0ea2b78f9aacefee e67e7ca5672b9d50d3020a0ea25054f83a552dc00c9377e164bcc9bf34463fdf Loading...

	c0.wp.com/c/6.4.1/wp-includes/js/comment-reply.min.js	ScriptElement	3.0 kB	2023-03-07	2025-05-10
Pretty URL c0.wp.com/c/6.4.1/wp-includes/js/comment-reply.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-10 09:47 Times Seen18273 Hash 492f2c1a7ea7eb83fe42e0ff7cb51aa2 db36a77f6aaa2063bfbec02c2c0e967438c5a245 e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789 Loading...

	unknown	ScriptElement	3.3 kB	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 19:31 Last Seen2024-08-20 19:31 Times Seen1 Hash 48532b22ab4a1700e0a6245066f6f70b 4add6e432a246249a79ddf2a7c6128c3693085c8 59ed78860366fe9fceee5c99af8e66bdf4f64546bf321854d8d485f8ce645cb1 Loading...

	nsw2u.com/wp-content/cache/wpfc-minified/7jrap5ys/5qz0r.js	ScriptElement	930 B	2023-03-07	2024-10-18
Pretty URL nsw2u.com/wp-content/cache/wpfc-minified/7jrap5ys/5qz0r.js IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:07 Last Seen2024-10-18 06:17 Times Seen115 Hash e42b7d4389637cf0a16424743f8f8da6 63e302a5ee4653a2cae19f3ba27ec6e9d218912a 73e19401707d030422213eacea81ed13ef140752da1382a534e2e52385425e02 Loading...

	unknown	ScriptElement	56 kB	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 19:31 Last Seen2024-08-20 19:31 Times Seen1 Hash e104964086df155485c5e9281811859b d12ccf0072ce82b8995f5592e00f0a7c82810ea4 bb1e3b3fd46ddb2a4ab92f3e69c5bfdf47a9580cf7e0989ba69636d4d27962df Loading...

	unknown	ScriptElement	59 kB	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 19:31 Last Seen2024-08-20 19:31 Times Seen1 Hash 742e1fd56d660db6fba637d32f731aa1 ddca0c50b2049532de7f1763251c8bd33120d9a0 2ab5bc57a3f2870fed895da88166c1de964a020656710ba85deb06f006f773f0 Loading...

	nsw2u.com/wp-content/cache/wpfc-minified/7kcuf8x0/5qz0r.js	ScriptElement	6.0 kB	2023-03-07	2024-08-21
Pretty URL nsw2u.com/wp-content/cache/wpfc-minified/7kcuf8x0/5qz0r.js IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:02 Last Seen2024-08-21 08:54 Times Seen49 Hash 9fb1dba6cc608c4310104f103db8b0e4 96f8726ec376189982a98185f38f48f480b2c8e3 236fb88931feead5473c70f542473d5dc064578ffb45ea743414720e2aea3929 Loading...

	cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.4.1	ScriptElement	7.9 kB	2023-03-07	2025-05-09
Pretty URL cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.4.1 IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10 Last Seen2025-05-09 22:41 Times Seen5254 Hash 45bacd312d5098b4b59f563d8756c15d fa55e2cff078381e5365d95782a95a787d0b7192 3d9120fa621da6d613c1698b7014ec6bdf4620366e8f2b7b547059f4b6f6272b Loading...

	definedbootnervous.com/a45922fa4966955cecdffbdde5347ae5/invoke.js	ScriptElement	30 kB	2023-11-15	2023-11-15
Pretty URL definedbootnervous.com/a45922fa4966955cecdffbdde5347ae5/invoke.js IP 173.233.137.36 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-15 08:46 Last Seen2023-11-15 08:46 Times Seen1 Hash d8226b47aeba60d17416f4b170df0486 942e11fc46b370d0ce1bb677ec9bef4ade45b715 6cb7da6837b238677eb7442c70d2ffc1fdf0cdf25d5f24e6154bf797156f2dd5 Loading...

	nsw2u.com/wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.32	ScriptElement	21 B	2023-08-13	2024-08-21
Pretty URL nsw2u.com/wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.32 IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-13 04:23 Last Seen2024-08-21 08:54 Times Seen24 Hash 169a5dd1261e0d434162d1af68acbbcd c18d59ed069049b012a61a8e6b958bfb25bc1b71 82b3dabc6615507ef352f36aa08a805d409e883f8024fd01fda43175b6b67b38 Loading...

	unknown	ScriptElement	145 B	2023-05-11	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 18:42 Last Seen2024-08-21 08:54 Times Seen22 Hash a23ba5b3c2d71c61ef5b40a4b5d84a17 8732a5e5f3d3bd88ddedb1cd24c2d17363e019d0 c2ec440a15201b83bbb8914f9e52de7f4455e44a992f6ab761b5bd62f3a1045b Loading...

	c0.wp.com/c/6.4.1/wp-includes/js/dist/url.min.js	ScriptElement	9.6 kB	2023-11-03	2025-04-29
Pretty URL c0.wp.com/c/6.4.1/wp-includes/js/dist/url.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-03 09:26 Last Seen2025-04-29 19:24 Times Seen919 Hash 503d31a536c7c0d38bed038d767bbee7 16c0ac67cf10dc7ab43f90f58b7880f161cae3b9 65f976cffe2202ce71f130a2a4496ca28762a5323229d71ae014d1205c4ffdad Loading...

	nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=c4973b0b0a57b1114aa1	ScriptElement	7.6 kB	2023-11-02	2024-08-20
Pretty URL nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=c4973b0b0a57b1114aa1 IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 00:24 Last Seen2024-08-20 21:26 Times Seen22 Hash 6fae6f2a9476c3b2addf82a753cac0a8 2f4b62230bba341dc0230cb82dfdf0487d70e72e 325fb795937a9db601996005e162fca12089e234bec9574c8b1581437a5b5321 Loading...

	nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.min.js	ScriptElement	124 kB	2023-03-07	2025-05-06
Pretty URL nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.min.js IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:57 Last Seen2025-05-06 00:28 Times Seen69 Hash 7ed39eb42c8c450b59a24bab9cfa7fae 7fdd3fee90709f703fac533b6061864fcd7ec206 35ddb1ce73a4ac4f4792b00c8b8c56cbf857910ada5e2a0183d898b01adc16bb Loading...

	c0.wp.com/c/6.4.1/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js	ScriptElement	8.2 kB	2023-03-13	2025-05-10
Pretty URL c0.wp.com/c/6.4.1/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:32 Last Seen2025-05-10 11:08 Times Seen29746 Hash dda652db133fddb9b80a05c6d1b5c540 60c8514c57a5db2980c4b046b0dd479bd427357b c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4 Loading...

	unknown	ScriptElement	531 B	2023-05-11	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 18:42 Last Seen2024-08-21 07:44 Times Seen23 Hash 40821d4e91d3a31a9389e35229622915 f8ba7dd9ac6fb3e00dcb67c271e21618199a1d67 726951036f66a7e3da01b64e1bdfc15d9fcb04cc3428a4f62117eb72c4eb49f9 Loading...

	unknown	ScriptElement	244 B	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 19:31 Last Seen2024-08-20 19:31 Times Seen1 Hash d446dc5c4035b59d9d14219d2404713e c9d72314de66318b3043f67c1d8fdb21ea17530f a5a7f303b28884a5c877d0e52280b277ae4e1631dfbe218e322cc697bee66ea1 Loading...

	nsw2u.com/wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.32	ScriptElement	110 B	2023-03-08	2024-10-12
Pretty URL nsw2u.com/wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.32 IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:02 Last Seen2024-10-12 13:50 Times Seen32 Hash b7d8aab20ec0137a23e4ff03411bd06c bd7e901bbf5968d13abb3dee762244715541bdfe 651cbb53c3e67a452582c597784a988f2ad5db132c709c279a23ad74b9917448 Loading...

	nsw2u.com/wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.32	ScriptElement	23 B	2023-03-08	2024-10-06
Pretty URL nsw2u.com/wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.32 IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:02 Last Seen2024-10-06 09:26 Times Seen26 Hash e509c98a0bcad0ce8e6248ac8eb31de1 ec5fe203df631088270b5f2b0b7a85498a2aeb8b 352ea4dd2d545563bef7eb0ba6d6ebfe4bc9d9e51ab00d9c925cb9e103edee63 Loading...

	pagead2.googlesyndication.com/pagead/js/adsbygoogle.js	ScriptElement	1.6 kB	2023-05-06	2025-05-10
Pretty URL pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP 142.250.74.2 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-06 01:21 Last Seen2025-05-10 09:06 Times Seen24184 Hash 2e9e391ad98fbe1b2de0b7b4fa9ca904 21d7771223e8286a06ad878af425094a40de32b5 1468d954f25ab75355f3c0f42cd9c84efd64a67922c47d3b69bdb6d0eb399e69 Loading...

	cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.4.1	ScriptElement	1.9 kB	2023-03-07	2025-05-10
Pretty URL cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.4.1 IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:32 Last Seen2025-05-10 05:01 Times Seen988 Hash f6a3dd4ecbf227acbafcff33d68dc71d 7421115ddcd5d436b89a1fd27e0cdce5a01978e6 30b2271be76ee2dd43122d0611f8aa498b9781f4cd03904ca12e12d2e91e9421 Loading...

	c0.wp.com/c/6.4.1/wp-includes/js/dist/i18n.min.js	ScriptElement	9.4 kB	2023-08-08	2025-05-09
Pretty URL c0.wp.com/c/6.4.1/wp-includes/js/dist/i18n.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-08 23:25 Last Seen2025-05-09 13:52 Times Seen13725 Hash c2c4e2a562e06e1cb22293a5b920aca6 a7b5a369ac4883f1ee7fa701b238d20238b675ca 698e93fe491cc7bbf07a470579a33dbd0db53c19142b7be41ebfd39a23aef11f Loading...

	stats.wp.com/e-202346.js	ScriptElement	6.9 kB	2023-07-02	2025-03-25
Pretty URL stats.wp.com/e-202346.js IP 192.0.76.3 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-02 20:30 Last Seen2025-03-25 21:47 Times Seen6898 Hash 2567b82fc5b4900c78be291e6a957e99 114ec9e929313111ec06f33e342205c52cce5b11 ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258 Loading...

	c0.wp.com/c/6.4.1/wp-includes/js/dist/hooks.min.js	ScriptElement	4.6 kB	2023-08-08	2025-05-09
Pretty URL c0.wp.com/c/6.4.1/wp-includes/js/dist/hooks.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-08 23:25 Last Seen2025-05-09 13:52 Times Seen14833 Hash 7bd48eb3bd568033e96caf0fb62e6690 b38066999294b99d92d95db5f38bc15707eb1f22 7868467c94a5aa0b3f11ef542f45287967f9627b3b5acdc86e47f8f77a126596 Loading...

	unknown	ScriptElement	458 B	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 19:31 Last Seen2024-08-20 19:31 Times Seen1 Hash f1fe03d924d32740cbc3a6283b256f57 a17431da1935793dfa2a04b757d55e27d8a5e99e 029f5872babe6942009225680b7c4d0265aa08e3097607db34dab1b701c088fc Loading...

	unknown	ScriptElement	53 B	2023-03-12	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 08:01 Last Seen2024-08-21 08:54 Times Seen22 Hash d3ead7e34b8fbb76cb63a9a39943859e 63fd3f10bd402ea5cc976e7bb1a45094edc3c9b7 9e66e7b215400aaa09d635b39effef5986bfb2e86a789c6fd4b8b36ffa52ba09 Loading...

	unknown	ScriptElement	70 B	2023-03-08	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:05 Last Seen2024-08-21 08:58 Times Seen63 Hash dab1184244d47ac25667c940eff90dfc 6cd473b92e1956bd305f0056a46f18b6a4dfd80f 071ab71aea40b26ed6bb74deeb4fb203bd381f3e418588089f4a46d36b3daa07 Loading...

	c0.wp.com/c/6.4.1/wp-includes/js/dist/vendor/wp-polyfill.min.js	ScriptElement	115 kB	2023-11-03	2025-05-09
Pretty URL c0.wp.com/c/6.4.1/wp-includes/js/dist/vendor/wp-polyfill.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-03 09:26 Last Seen2025-05-09 13:52 Times Seen9663 Hash 9a98016751e498c06d434cc022ca1a44 6aa9af5fe436eab9c313de9f0bea072c04637624 da9ed5720b674f0d297fe621ac2d8d518c4e622bef1e9b0d4ae489dee9aa43f8 Loading...

	cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.4.1	ScriptElement	3.1 kB	2023-03-07	2025-05-04
Pretty URL cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.4.1 IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:06 Last Seen2025-05-04 15:48 Times Seen326 Hash 94279a9a0c4060a96efcf1da47716f86 ea88b3fd8b01a8b86edfd0f4120cc9a834893018 d41c6733a8c4a3a7f08204de8e3d60e1d2baf17dd7f675a26830fb1047fac40a Loading...

	c0.wp.com/c/6.4.1/wp-includes/js/jquery/jquery-migrate.min.js	ScriptElement	14 kB	2023-05-09	2025-05-10
Pretty URL c0.wp.com/c/6.4.1/wp-includes/js/jquery/jquery-migrate.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-09 19:21 Last Seen2025-05-10 11:24 Times Seen105817 Hash 9ffeb32e2d9efbf8f70caabded242267 3ad0c10e501ac2a9bfa18f9cd7e700219b378738 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89 Loading...

	unknown	ScriptElement	94 B	2023-11-08	2025-05-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-08 00:42 Last Seen2025-05-10 11:02 Times Seen17189 Hash 02d7d8402b7ddb8e6fe47f2a35071e8d 174b5a8fe0ecdfa989fbf40f3ecd51f1d0117693 8a96c1a0a8b1c2a8eab8adfa21634b7f2c4226f6bc5322df1ab7efc4f1f1af7f Loading...

	unknown	ScriptElement	1.7 kB	2023-05-11	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 18:42 Last Seen2024-08-21 05:56 Times Seen7 Hash 2fa2dec3b7dc63f6f484bc05c732b177 33fc22ce4ba19926b4317c9d27d02b5aa3be6d07 df44dc601860072657c4ba165bee686d1d1886431754f2263bbea5199e4fed6d Loading...

	unknown	ScriptElement	81 kB	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 19:31 Last Seen2024-08-20 19:31 Times Seen1 Hash f0d8a1914c4b1c4cdbe39db0f5dc650d 6b23d2a37c1e623cb4c5b5b879406788b2ccd700 dee3ac9a9e061f7259a9dc467752b983fa8ece29975c305230abde04e97fcf80 Loading...

	nsw2u.com/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1694673843	ScriptElement	5.9 kB	2023-03-08	2025-03-20
Pretty URL nsw2u.com/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1694673843 IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:02 Last Seen2025-03-20 00:29 Times Seen226 Hash d57460dd744d9e57563a68f93929a0fc 46ad29c9cee8308574dc5316a66de65e912e6d45 a88ba0b09a4416c080044dc095eabf66ca59e4d12a1d6201457b693687be85d3 Loading...

	unknown	ScriptElement	3.3 kB	2023-11-09	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-09 15:35 Last Seen2024-08-20 20:16 Times Seen4 Hash c8ac9a305eb8b9dcf0cb1ba49a370eff aa18f84f72a9ded7bd40996703feca9fa2ae119a ad4bb80b2c46e4c9a09933e4d5ed06817a8940126fc56310e56fdf73623eee2b Loading...

	nsw2u.com/wp-content/themes/posterpro/js/navigation.js?ver=20120206	ScriptElement	1.4 kB	2023-03-08	2024-10-18
Pretty URL nsw2u.com/wp-content/themes/posterpro/js/navigation.js?ver=20120206 IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:36 Last Seen2024-10-18 06:17 Times Seen21 Hash 754b8917481d9f5d06105927e924188d 2c679567467fadacb0ef24cfe0160563b79c7232 975fcd769077c94bff0b689fbe3ad59e461ea7c948870bd979d21ad4716ecee9 Loading...

	nsw2u.com/wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.32	ScriptElement	22 B	2023-03-08	2024-10-06
Pretty URL nsw2u.com/wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.32 IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:02 Last Seen2024-10-06 09:26 Times Seen26 Hash 41bd53fe0ee631d5cfd895e18a53291d 9d9d3c42c53ad7f906cb083a0d2d37afb4537764 dfb2e16986e257b608b45d14396378a8f2ac6a7321c0dc2f13c66a33ec8e4a40 Loading...

	c0.wp.com/c/6.4.1/wp-includes/js/jquery/jquery.min.js	ScriptElement	88 kB	2023-11-03	2025-05-10
Pretty URL c0.wp.com/c/6.4.1/wp-includes/js/jquery/jquery.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-03 09:26 Last Seen2025-05-10 11:24 Times Seen92067 Hash 826eb77e86b02ab7724fe3d0141ff87c 79cd3587d565afe290076a8d36c31c305a573d18 cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf Loading...

	nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188	ScriptElement	701 B	2023-05-10	2025-05-06
Pretty URL nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188 IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-10 12:45 Last Seen2025-05-06 09:54 Times Seen3090 Hash 328b8123661abdd5f4a0c695e7aa9dcc 4164f78bb52e9f2bfbb7ae5fd519b4638063c1f0 27dd9b075cc59cf5f3c0f6ee075f4bd113782d81ce30a4f16aac669ecfdc4fa2 Loading...

	nsw2u.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js	ScriptElement	12 kB	2023-03-07	2025-05-10
Pretty URL nsw2u.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-10 10:38 Times Seen31255 Hash 88a769d2fe35899fd45a332a0a032cc0 514c6c1d8475d17e412849a4c90159517d0fa10a ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142 Loading...

	stats.wp.com/w.js?ver=202346	ScriptElement	11 kB	2023-11-01	2024-09-19
Pretty URL stats.wp.com/w.js?ver=202346 IP 192.0.76.3 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-01 16:09 Last Seen2024-09-19 21:06 Times Seen961 Hash 1ac0848d5bceb8555feaf98f8fb860cb 117dcc305a16fbf0f0ef2d173c3c52adfa816047 585d4af3a08847a4604f8796b4841ebf7eaec7211606cc954f88dc9f27c72b28 Loading...

	banquetunarmedgrater.com/advertisers.js	ScriptElement	0 B	0001-01-01	2025-05-10
Pretty URL banquetunarmedgrater.com/advertisers.js IP 172.67.219.12 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-05-10 11:28 Times Seen4643311 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	nsw2u.com/sandbox%20eval%20code		128 B	2023-05-06	2025-05-10
Pretty URL nsw2u.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-06 01:21 Last Seen2025-05-10 09:06 Times Seen24393 Hash 23c336606ee3a6d444b305153fa0e2e2 473a2111970ae2a94b373e656d20c4bd4184d703 305375d5052f6a14434d2d338f852f0f4f04fb26495f88a5d62b6afde2e2cc60 Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-05-10
Pretty URL www.google-analytics.com/analytics.js IP 108.177.14.100 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-10 11:22 Times Seen340837 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.4	ScriptElement	4.6 kB	2023-10-29	2025-05-07
Pretty URL nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.4 IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-29 19:39 Last Seen2025-05-07 18:17 Times Seen752 Hash ce428a87a021e7b3f2eaf54cf42acdd8 61b07035596e0737e5bf55fb13be37b29124511a 66d0c8cbacc09ad8746e64ad28d887186d1f060f04c388c2f1102ee346120a8c Loading...

	unknown	ScriptElement	116 B	2023-03-12	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 08:01 Last Seen2024-08-21 08:54 Times Seen22 Hash 4733472fadbcf993b031e917e8c1a8bb 25a0a1bbaaefc39004ab2d28cfa0291c2920c8d3 2d901063b6ea17df1dac8e5cdcdecd6359fe0c8613a456bfc1f3b15b03dd5143 Loading...

	nukeluck.net/tag.min.js	ScriptElement	81 kB	2023-11-13	2023-11-16
Pretty URL nukeluck.net/tag.min.js IP 139.45.197.243 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-13 12:27 Last Seen2023-11-16 02:43 Times Seen76 Hash 5abde0fc3b9699dc0a48fcdcf03f2880 03cfe23ab6807bb8bfc6e0fa14ef8107154febbb c4e8315404a215de9334442d12b72ebe5d3efaa06a50178db327c1493fdae168 Loading...

	unknown	ScriptElement	87 B	2023-03-07	2025-05-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06 Last Seen2025-05-10 09:47 Times Seen6994 Hash bd5f648f4fa75f28b17faffe66049687 c9c2791b295684a919a2bfd7b7e2ef5aab3c178a 1a4ba4a340b3f30596d32c1b272ddcfdbf3ccb8e89c2fa917ea60469017aeee4 Loading...

	unknown	ScriptElement	79 B	2023-03-07	2025-05-07
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2025-05-07 12:03 Times Seen635 Hash ab1b0ef42311479d7559bffd29ef8d7d ba1509057a5f82563a2b55a7379f4825fe35bcab 37bf8b4db5288941c20c28fd7c0b201d2270201a94739d64462744ffe6b52f79 Loading...

	mgnetu.com/js/full-page-script.js	ScriptElement	2.2 kB	2023-03-07	2024-08-21
Pretty URL mgnetu.com/js/full-page-script.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:09 Last Seen2024-08-21 05:56 Times Seen7 Hash 0b5575b464c59ab1643828748319eaf6 b8e9a1900f5b8f7ba29f2ce8cc416d50aeb9e5a7 c947c088e417f2ff882c9867391df61aa1318929ce277b1c797ae823449c9c0c Loading...

	unknown	ScriptElement	208 B	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 19:31 Last Seen2024-08-20 19:31 Times Seen1 Hash 8c3189e63d9485f9e8f66df9d65defc6 d795ae922f45be0d998f8e2e26ffb963f6c69dc0 a1794b83ff6463c07a901eae239c878ebe82c4297c7206ce6b8f24f8a0ea1b87 Loading...

	nsw2u.com/wp-content/cache/wpfc-minified/6zu0bqmr/5qz0r.js	ScriptElement	2.7 kB	2023-03-12	2024-08-21
Pretty URL nsw2u.com/wp-content/cache/wpfc-minified/6zu0bqmr/5qz0r.js IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 08:01 Last Seen2024-08-21 08:54 Times Seen12 Hash f6beb15263699798df9d963e810ec07f 4e4330a8dd07ce0befcba508cba8c823570f7f85 7b1fade0d2e80ea55a4fb4dadb84e9a2bf517beef0c14f0906d78523b446934c Loading...

	unknown	ScriptElement	2.9 kB	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 19:31 Last Seen2024-08-20 19:31 Times Seen1 Hash b51fad6c19010731d3e71251d832b2f5 8d178ff737a513af5dbc84ec1f1341963479bfd1 7ce32e3d95fdc01fa94e0a38983fcb88e8aa86d2a41fe987ed35ae8c088b9a93 Loading...

	friendshipmale.com/sfp.js	ScriptElement	86 kB	2023-08-25	2023-11-23
Pretty URL friendshipmale.com/sfp.js IP 104.21.234.32 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-25 12:30 Last Seen2023-11-23 01:47 Times Seen6642 Hash 2d0450888479d4ddda305bd96206b240 5b4595aab1cd3f854718e05db9be0c65a12ab2f6 44de073e74ff24c6b1c0fe1f3ac5b33d793560e85ef24fb6ce89e76c2cf90af6 Loading...

	c0.wp.com/c/6.4.1/wp-includes/js/dist/vendor/regenerator-runtime.min.js	ScriptElement	6.6 kB	2023-11-03	2025-05-09
Pretty URL c0.wp.com/c/6.4.1/wp-includes/js/dist/vendor/regenerator-runtime.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-03 09:26 Last Seen2025-05-09 21:51 Times Seen16991 Hash fd7ef2e4737acd74fd0dcdc3b515e304 0d792b33f12a48ee8aaaf2560a63a5682470645b 1d52e1ac7d3bc25a8b0ffc257153f9dd50249f96fe9a4df5e0d771241a69062c Loading...

	tenderlywomblink.com/ed/6c/a5/ed6ca5eb8abc9a864ffa39115799b641.js	ScriptElement	59 kB	2023-11-15	2023-11-15
Pretty URL tenderlywomblink.com/ed/6c/a5/ed6ca5eb8abc9a864ffa39115799b641.js IP 192.243.61.227 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-15 08:46 Last Seen2023-11-15 08:46 Times Seen1 Hash defc5028c572779e4177e20d9b82c29f ac1c3730c78c30a6e00de142362dc47af1b566e2 70922485bbd859ae63b9d32411c6f3680e79bb48cb142637c42db0283aa19d1f Loading...

	unknown	EventHandler	90 B	2023-05-25	2025-05-04
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-05-25 07:37 Last Seen2025-05-04 05:46 Times Seen49 Hash 08fde8ea209fc5fc4fdb2a9c614edaf8 7b54ed7f80a3c3187c406e0c3d9ad247516a05fa ec939e7c2a87ddbb495dbe67a38c2291826a37c7c00e03f22ba7fb05d290349a Loading...

	unknown	ScriptElement	327 B	2023-06-05	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-05 20:48 Last Seen2024-08-21 08:54 Times Seen22 Hash 0a55a8928cbca5bfac5a66c1723452e6 9f786632275f60fbb585193fa762b0dc5e711a51 7528db72a98a32805f731cc62e8a47bf9218f6e7d02183d9c77e73868e8884a0 Loading...

	nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=cd1953e27d96b3ba0ce2	ScriptElement	78 kB	2023-11-09	2024-08-20
Pretty URL nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=cd1953e27d96b3ba0ce2 IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-09 15:35 Last Seen2024-08-20 20:16 Times Seen5 Hash 767bcbb7c1166dc304f49839236e9250 105cb1c55af1a7b5860e3b4417369aa317f21b54 18e5e03b12675864609989dc424872060b21a5bf79ba4ef5de9e12ae28815c52 Loading...

	unknown	ScriptElement	318 B	2023-11-09	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-09 15:35 Last Seen2024-08-20 20:16 Times Seen4 Hash 6abee78901118588ba5d0552fdd1ce37 60c54633a6f948eacf17e0da84192293d8e2ade3 081a9ef41a55fa23c31afb1c2a5f9df91558bb2e169ea758a47732a2d9f39ae9 Loading...

	www.googletagmanager.com/gtag/js?id=UA-262573192-2	ScriptElement	190 kB	2023-11-15	2023-11-15
Pretty URL www.googletagmanager.com/gtag/js?id=UA-262573192-2 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-15 08:46 Last Seen2023-11-15 08:46 Times Seen1 Hash ea0b63a7d7dae6b7ba81a70918aa25f3 c1f36a565695d2e4484a3edac9fbd7d0f60e67dd 0e2e3083affbb1d7d5185ca8b76d8fe3c374c90e9d00ce746f6b3338bd23e256 Loading...

	www.googletagmanager.com/gtag/js?id=G-V5K7GYT3S4&l=dataLayer&cx=c	ScriptElement	229 kB	2023-11-15	2023-11-15
Pretty URL www.googletagmanager.com/gtag/js?id=G-V5K7GYT3S4&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-15 08:46 Last Seen2023-11-15 08:46 Times Seen1 Hash cd7cc9dd55ebbf7b971c6f26f8a4ab9d 505f6e172efcf9634d72c8c27d10b23baa16d15d 4dfa3d1b4278718b5cef22e06bf439ce74307a7925b0edfb72157d5f1e224873 Loading...

	www.googletagmanager.com/gtag/js?id=GT-WBTNX6Q&l=dataLayer&cx=c	ScriptElement	214 kB	2023-11-15	2023-11-15
Pretty URL www.googletagmanager.com/gtag/js?id=GT-WBTNX6Q&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-15 08:46 Last Seen2023-11-15 08:46 Times Seen1 Hash d148e48fad60e4b6470f4e9182d7c9f9 9c1fe141a3d1d69bb2e9b6146786075476638a05 baa2d65d04f4b7fde136e63078e2f4145faf9b9556a72374cd5b1642c878c69a Loading...

	nsw2u.com/wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115	ScriptElement	588 B	2023-03-08	2025-01-24
Pretty URL nsw2u.com/wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115 IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:38 Last Seen2025-01-24 22:34 Times Seen69 Hash 19133a01c05f0c08dba58762e981932e b44e5153c6cb4e9e83a2559a5d6cf6c7327b5017 b2ff39ccfc80daf66110e4b104956bc70911dec5c51764de1c19422439a34ba5 Loading...

	unknown	ScriptElement	134 B	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 19:31 Last Seen2024-08-20 19:31 Times Seen1 Hash ead9f345669a8a468306eb45f124ab69 6bbc2112ac25ca7193ffdfabe47e1d2620da96e2 80217ca229140219141c34a38ab66fffe922c1593238f33290bed208b8c1cdbb Loading...

	nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.5.1	ScriptElement	5.3 kB	2023-03-12	2024-08-21
Pretty URL nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.5.1 IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 08:01 Last Seen2024-08-21 08:54 Times Seen29 Hash 005842a52d3a52acfb2023564a25dd05 e1b64022ea15ca6d596e40c3ab04c0e83cf161d5 67c17a1fb58ba2d741009974197106d04f566ff647857d4f638bd82ec7b23079 Loading...

	nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.5.1	ScriptElement	2.6 kB	2023-03-25	2024-08-21
Pretty URL nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.5.1 IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-25 22:50 Last Seen2024-08-21 08:54 Times Seen24 Hash 9c68274c21052262d9bef2672b251874 4919f3fbccaea37c7b1e1b7527d4208c3106b2dc 895b02a349918bd518d94bd7bd9dda9e8bfa45dea210148bd880c4f55b70d72b Loading...

	nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-ajax-search.min.js?ver=5.5.4	ScriptElement	68 kB	2023-03-13	2025-05-05
Pretty URL nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-ajax-search.min.js?ver=5.5.4 IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:31 Last Seen2025-05-05 15:56 Times Seen197 Hash 51480f0afb0a30743ae59a3455633c75 2b46f094cb87015fa342da2bf1767413ec5c92b5 108cd01e5eaa34e9942ca8af9f8fe70271d3a3a5028fa085c628c162c3706d2d Loading...

		Size	First Seen	Last Seen
	#1 Eval - c76baa01dd70215163561b37aea7db87	144 B	2023-11-07 13:07	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:07 Last Seen2024-08-20 20:33 Times Seen12294 Hash c76baa01dd70215163561b37aea7db87 c7856fc643ce923384266b97c10b9ab4e2de3c6e d1bd71111a73f2d379ffde1e50d8c0dc04e089c4205986003b4351942caee84a Loading...

	#2 Eval - 2962c3ebc722d70e8a9eb9d427a48cc3	2.1 kB	2024-08-20 19:31	2024-08-20 19:31
Pretty Observations First Seen2024-08-20 19:31 Last Seen2024-08-20 19:31 Times Seen1 Hash 2962c3ebc722d70e8a9eb9d427a48cc3 2753871158cdaa4babe8038fc6846a9d6d5084df 336491d318438d3b4a04444c2b9de6057bf0e30e470360f06291d90c3fa692f7 Loading...

	#3 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07 01:03	2025-05-10 11:27
Pretty Observations First Seen2023-03-07 01:03 Last Seen2025-05-10 11:27 Times Seen368887 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#4 Eval - 4aa3ae10bc4074d7dbb42ad811fcacf1	1.0 kB	2024-08-20 19:30	2024-08-20 19:31
Pretty Observations First Seen2024-08-20 19:30 Last Seen2024-08-20 19:31 Times Seen3 Hash 4aa3ae10bc4074d7dbb42ad811fcacf1 f31aeca7dec9f573e649fa6ea6f3e0c43296d501 cecdf76fb65bfde010f9e01bb79aa4d823e10384e6d23a243d35ea73ecab52cd Loading...

	#5 Eval - 5b2d8c3cdadd2aaa68382f520f9b4001	6.3 kB	2024-08-20 19:31	2024-08-20 19:31
Pretty Observations First Seen2024-08-20 19:31 Last Seen2024-08-20 19:31 Times Seen1 Hash 5b2d8c3cdadd2aaa68382f520f9b4001 0f607fd91969b8e5cde3bded2ba6efcbda1c339d 63da5455b971e50ccf07ec6bb24b15e7489c42f679a44689db46801ef38b654b Loading...

		Size	First Seen	Last Seen
	#1 Write - a27c88365ce7cd8f68390c4c024e29e1	3.6 kB	2023-11-07 13:07	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:07 Last Seen2024-08-20 20:33 Times Seen72071 Hash a27c88365ce7cd8f68390c4c024e29e1 1d15a8d192608f93096ef8d9aa623c360dbb7351 0ca2b3df8f04565300bafcd6c929a1d310d2a761ff9f8dda200f3f6cffab50ce Loading...

HTTP Transactions (105)

URL IP Response Size

nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201

104.21.88.34

403 Forbidden

0 B

URL User Request GET HTTP/3
nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pokemon-scarlet-switch-nsp-xci-v201 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Wed, 15 Nov 2023 07:46:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 15 Nov 2023 08:46:07 GMT
Location: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yXPUQ50hSWpEwfa6uc74uMjV1CL8sQJ%2BWqbGTbhP1HO8bCCltD%2Bc0cFHt7xQBwX%2F%2F09hfGotrBv4AousgQNyPCHmrdced1eTlmcoxATJkc9cI122WvKE7wG5DoA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8265e0eba97d5689-OSL
alt-svc: h2=":443"; ma=60

nsw2u.com/wp-content/plugins/chp-ads-block-detector/assets/img/icon.png

104.21.88.34

200 OK

16 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/chp-ads-block-detector/assets/img/icon.png
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
PNG image data, 350 x 350, 8-bit colormap, non-interlaced\012- data
Size
16 kB (15671 bytes)
Hash
134fce13c189ed0e483a1bddb6406204
eed559ac52e9731c56a1fb03eb94fc82e551bb66
723597ec6e9461e79c420faf0454170cf6f9243246a4fac3cef5f05a4b5be791

HTTP Headers

GET /wp-content/plugins/chp-ads-block-detector/assets/img/icon.png HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:11 GMT
content-type: image/png
content-length: 15671
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:29:33 GMT
cf-cache-status: HIT
age: 28622
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=voa6q6GsqjkZVSwaXkfmHtuoXvn%2B%2B29UJ3qhM9ilDdGt2299jZ3mkF4TsNmAZs9gB2lrZSlGt7SNOdpvw7o%2Bw1bbWk3eo2u1lVkxODRKryjRKUrEIfmnJEhGa5Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8265e105f9d2b505-OSL
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/plugins/ad-inserter/images/ads.png

104.21.88.34

200 OK

95 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/ad-inserter/images/ads.png
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Size
95 B (95 bytes)
Hash
71a50dbba44c78128b221b7df7bb51f1
0ec63b140374ba704a58fa0c743cb357683313dd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

HTTP Headers

GET /wp-content/plugins/ad-inserter/images/ads.png HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:11 GMT
content-type: image/png
content-length: 95
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Wed, 01 Nov 2023 03:59:19 GMT
cf-cache-status: HIT
age: 26564
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o6plkuMAd2ah1ZZAVYYIjgj1d%2BjOa3I0JI7UlJenALtMvr8hXmnYVR2ImP1vdU3ulvyLMvn7qD7iubhDv7soLJKCSLw9ItPbxpSoDKSiJBjg5a0i5hhUyxcdjpc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8265e10609f6b505-OSL
alt-svc: h3=":443"; ma=86400

i0.wp.com/game-2u.com/wp-content/uploads/2023/10/RoboCop-Rogue-City-RUNE-PC.jpg?ssl=1

192.0.77.2

200 OK

14 kB

URL GET HTTP/2
i0.wp.com/game-2u.com/wp-content/uploads/2023/10/RoboCop-Rogue-City-RUNE-PC.jpg?ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 241x339, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
14 kB (13700 bytes)
Hash
df0dd5e780f36640012a3c382fdbb0a8
087dfacdb49ced47f3a554b422e597e071c0681a
75cae6a1d0b5d88d18a4e4c4238919ccf1cee1c21209ec5c150ddf966bbcba6a

HTTP Headers

GET /game-2u.com/wp-content/uploads/2023/10/RoboCop-Rogue-City-RUNE-PC.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:11 GMT
content-type: image/webp
content-length: 13700
last-modified: Tue, 31 Oct 2023 20:37:35 GMT
expires: Fri, 31 Oct 2025 08:37:35 GMT
cache-control: public, max-age=63115200
link: <https://game-2u.com/wp-content/uploads/2023/10/RoboCop-Rogue-City-RUNE-PC.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "58968411a1be3901"
vary: Accept
x-nc: HIT arn 2
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1679750390/4e99e8e1/38826367.jpg?ssl=1

192.0.77.2

200 OK

32 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1679750390/4e99e8e1/38826367.jpg?ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 549x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
32 kB (31608 bytes)
Hash
3dde27351094fd110611b7099df7612d
1f8633afc647ab96114d9cd7b87b2e1bd9d73fae
f7118208621987432e4309b2429b3ca26191166ec2b5b4dfab15204958f9de33

HTTP Headers

GET /images.vfl.ru/ii/1679750390/4e99e8e1/38826367.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:11 GMT
content-type: image/webp
content-length: 31608
last-modified: Sat, 25 Mar 2023 13:28:37 GMT
expires: Tue, 25 Mar 2025 01:28:37 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1679750390/4e99e8e1/38826367.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "5948b74d64865dea"
vary: Accept
x-nc: HIT arn 7
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1668043898/218f1cb3/38638891.jpg?w=640&ssl=1

192.0.77.2

200 OK

35 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1668043898/218f1cb3/38638891.jpg?w=640&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 640x430, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
35 kB (35118 bytes)
Hash
09a496f2426740aefa3534c3c4a7f73a
d51969352cdec98c6f29ffd781942fd8884cc235
29ebcbcae547e9d4ea90467963316d8e4dc4ec58a6f27b902e409fa34138862a

HTTP Headers

GET /images.vfl.ru/ii/1668043898/218f1cb3/38638891.jpg?w=640&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:11 GMT
content-type: image/webp
content-length: 35118
last-modified: Fri, 18 Aug 2023 19:08:10 GMT
expires: Mon, 18 Aug 2025 07:08:10 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1668043898/218f1cb3/38638891.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "ff6526d121d5ba90"
vary: Accept
x-nc: HIT arn 5
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1696928090/cd438cd8/39032848.jpg?ssl=1

192.0.77.2

200 OK

42 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1696928090/cd438cd8/39032848.jpg?ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 549x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
42 kB (42380 bytes)
Hash
d4928f7b25fded3f8d8a950e9d163f32
d3c246313c0b85eb96b9bea998baeb1c8da5a7c5
6590cb89e20fcfe488bf87db73a0a86d040513f68b0711e6456c0a0da091bce4

HTTP Headers

GET /images.vfl.ru/ii/1696928090/cd438cd8/39032848.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:11 GMT
content-type: image/webp
content-length: 42380
last-modified: Tue, 10 Oct 2023 09:05:01 GMT
expires: Thu, 09 Oct 2025 21:05:01 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1696928090/cd438cd8/39032848.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "1f81867bb8a4a38b"
vary: Accept
x-nc: HIT arn 1
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1617183253/97cf8bb0/33890012.png?resize=570%2C129&ssl=1

192.0.77.2

200 OK

7.1 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1617183253/97cf8bb0/33890012.png?resize=570%2C129&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
7.1 kB (7082 bytes)
Hash
2a19271a79ed86157e035261d50ce8b8
bdaaab52551234d79c3420c71d72bf2004010899
11230d9a5e6db15347e2b28947e0b3128c642bf897dab51e24ab411164b61c35

HTTP Headers

GET /images.vfl.ru/ii/1617183253/97cf8bb0/33890012.png?resize=570%2C129&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:11 GMT
content-type: image/webp
content-length: 7082
last-modified: Fri, 31 Mar 2023 21:36:25 GMT
expires: Mon, 31 Mar 2025 09:36:25 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1617183253/97cf8bb0/33890012.png>; rel="canonical"
x-content-type-options: nosniff
etag: "bc97642a657da821"
vary: Accept
x-nc: HIT arn 3
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1696250976/cac8d0a1/39022607.jpg?ssl=1

192.0.77.2

200 OK

44 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1696250976/cac8d0a1/39022607.jpg?ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 549x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
44 kB (44016 bytes)
Hash
75c6cf85f705a0e0864e59824ab2c735
cab75b114fd4bfefe79a88008824f651801bd557
8e2a80cbd5c939e48360b46716bf1cd7598ad513f525a34ae9b2a3f549c0d18e

HTTP Headers

GET /images.vfl.ru/ii/1696250976/cac8d0a1/39022607.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:11 GMT
content-type: image/webp
content-length: 44016
last-modified: Mon, 02 Oct 2023 12:52:59 GMT
expires: Thu, 02 Oct 2025 00:52:59 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1696250976/cac8d0a1/39022607.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "88dd70ee97fb240b"
vary: Accept
x-nc: HIT arn 2
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/game-2u.com/wp-content/uploads/2023/10/Age-of-Empires-II-DE-The-Mountain-Royals-RUNE-PC.jpg?ssl=1

192.0.77.2

200 OK

17 kB

URL GET HTTP/2
i0.wp.com/game-2u.com/wp-content/uploads/2023/10/Age-of-Empires-II-DE-The-Mountain-Royals-RUNE-PC.jpg?ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 241x339, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
17 kB (16824 bytes)
Hash
02fc29cfdc78e56ec3279f3b0e3345ef
679b5425a78272fea18ed6e0c8ce7772bfe85a63
730f35a2879e8fc876133fb86fac2eb586d7ba1dc5d0f563668108ae8a669cd6

HTTP Headers

GET /game-2u.com/wp-content/uploads/2023/10/Age-of-Empires-II-DE-The-Mountain-Royals-RUNE-PC.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:11 GMT
content-type: image/webp
content-length: 16824
last-modified: Tue, 31 Oct 2023 20:37:35 GMT
expires: Fri, 31 Oct 2025 08:37:35 GMT
cache-control: public, max-age=63115200
link: <https://game-2u.com/wp-content/uploads/2023/10/Age-of-Empires-II-DE-The-Mountain-Royals-RUNE-PC.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "cc6c5f2c1dcd46ff"
vary: Accept
x-nc: HIT arn 5
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/nsw2u.png?w=216&ssl=1

192.0.77.2

200 OK

2.8 kB

URL GET HTTP/2
i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/nsw2u.png?w=216&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.8 kB (2836 bytes)
Hash
948c6dc3d3c1e2e9d315418f6eabe2bf
ed06ff1f0994f3be033f22d808241d3fcca9d1e8
3a2e29960ba6130c22ce96089a7592ae91b6a0d6a11595a10daaa9662522ad0b

HTTP Headers

GET /nsw2u.com/wp-content/uploads/2022/07/nsw2u.png?w=216&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:11 GMT
content-type: image/webp
content-length: 2836
last-modified: Sat, 24 Sep 2022 18:25:42 GMT
expires: Tue, 24 Sep 2024 06:25:42 GMT
cache-control: public, max-age=63115200
link: <https://nsw2u.com/wp-content/uploads/2022/07/nsw2u.png>; rel="canonical"
x-content-type-options: nosniff
etag: "0101732b85ce3bdc"
vary: Accept
x-nc: HIT arn 4
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1667922429/c6e5e3fa/38637770.jpg?w=640&ssl=1

192.0.77.2

200 OK

49 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1667922429/c6e5e3fa/38637770.jpg?w=640&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 432x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
49 kB (48746 bytes)
Hash
3943799e6866beec74635dd2fdf512e3
f2a7081c65cacb1983cc0392810729c4eacad9b7
49130321a941d18ebfea6a84080d4c3970903aba00b12f293f7e621673f40efa

HTTP Headers

GET /images.vfl.ru/ii/1667922429/c6e5e3fa/38637770.jpg?w=640&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:11 GMT
content-type: image/webp
content-length: 48746
last-modified: Wed, 25 Oct 2023 07:24:31 GMT
expires: Fri, 24 Oct 2025 19:24:31 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1667922429/c6e5e3fa/38637770.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "09e3528f90cd86d8"
vary: Accept
x-nc: HIT arn 5
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/game-2u.com/wp-content/uploads/2023/10/RoboCop-Rogue-City-Alex-Murphy-Edition-GoldBerg-PC.png?ssl=1

192.0.77.2

200 OK

92 kB

URL GET HTTP/2
i0.wp.com/game-2u.com/wp-content/uploads/2023/10/RoboCop-Rogue-City-Alex-Murphy-Edition-GoldBerg-PC.png?ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
92 kB (92520 bytes)
Hash
5d7a50ace4a9d050725b26ba025ca25c
9a7448e3cbdedeccbd01f6a6d0f92e5777c24a33
25436cd29c3e1708033440fdb6e02b7225f6b7a4841974719c6723c8f9569d84

HTTP Headers

GET /game-2u.com/wp-content/uploads/2023/10/RoboCop-Rogue-City-Alex-Murphy-Edition-GoldBerg-PC.png?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:11 GMT
content-type: image/webp
content-length: 92520
last-modified: Tue, 31 Oct 2023 20:37:35 GMT
expires: Fri, 31 Oct 2025 08:37:35 GMT
cache-control: public, max-age=63115200
link: <https://game-2u.com/wp-content/uploads/2023/10/RoboCop-Rogue-City-Alex-Murphy-Edition-GoldBerg-PC.png>; rel="canonical"
x-content-type-options: nosniff
etag: "70166589900765f5"
vary: Accept
x-nc: HIT arn 3
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

assets.nintendo.com/image/upload/c_fill,w_338/q_auto:best/f_auto/dpr_2.0/ncom/en_US/games/switch/p/pokemon-scarlet-switch//screenshot-gallery/screenshot03

104.110.18.102

200 OK

14 kB

URL GET HTTP/2
assets.nintendo.com/image/upload/c_fill,w_338/q_auto:best/f_auto/dpr_2.0/ncom/en_US/games/switch/p/pokemon-scarlet-switch//screenshot-gallery/screenshot03
IP
104.110.18.102:443
ASN
#16625 AKAMAI-AS

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjects4-san.cloudinary.com
Fingerprint4E:C1:3B:DC:E3:32:C1:69:12:1C:19:04:E4:13:1F:69:F1:C0:F3:B3
ValidityThu, 21 Sep 2023 07:54:05 GMT - Wed, 20 Dec 2023 07:54:04 GMT

File type
ISO Media, AVIF Image\012- data
Size
14 kB (14372 bytes)
Hash
4b2cd037c56b9c5cc8281f8ecbc95b99
dc3f7beec4bcad1c2ec57ec38849e4ab938d5891
55b2717d0dc38a0724367ce31df110286cc31ae2c55f11fb0bfcd2e0e40a8392

HTTP Headers

GET /image/upload/c_fill,w_338/q_auto:best/f_auto/dpr_2.0/ncom/en_US/games/switch/p/pokemon-scarlet-switch//screenshot-gallery/screenshot03 HTTP/1.1
Host: assets.nintendo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/avif
content-length: 14372
etag: "4b2cd037c56b9c5cc8281f8ecbc95b99"
last-modified: Thu, 02 Mar 2023 15:14:32 GMT
date: Wed, 15 Nov 2023 07:46:11 GMT
cache-control: private, no-transform, immutable, max-age=31536000
access-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
access-control-allow-origin: *
accept-ranges: bytes
timing-allow-origin: *
server: Cloudinary
strict-transport-security: max-age=604800
vary: Accept,User-Agent
x-content-type-options: nosniff
server-timing: cld-akam;dur=17;start=2023-11-15T07:46:11.735Z;desc=hit-near,rtt;dur=6,content-info;desc="width=676,height=380,owidth=1280,oheight=720,obytes=83819"
X-Firefox-Spdy: h2

assets.nintendo.com/image/upload/c_fill,w_338/q_auto:best/f_auto/dpr_2.0/ncom/en_US/games/switch/p/pokemon-scarlet-switch/screenshot-gallery/screenshot01

104.110.18.102

200 OK

23 kB

URL GET HTTP/2
assets.nintendo.com/image/upload/c_fill,w_338/q_auto:best/f_auto/dpr_2.0/ncom/en_US/games/switch/p/pokemon-scarlet-switch/screenshot-gallery/screenshot01
IP
104.110.18.102:443
ASN
#16625 AKAMAI-AS

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjects4-san.cloudinary.com
Fingerprint4E:C1:3B:DC:E3:32:C1:69:12:1C:19:04:E4:13:1F:69:F1:C0:F3:B3
ValidityThu, 21 Sep 2023 07:54:05 GMT - Wed, 20 Dec 2023 07:54:04 GMT

File type
ISO Media, AVIF Image\012- data
Size
23 kB (22880 bytes)
Hash
91cd2b5216080f79624e9d22af9cd00d
86131c1120e597f87eddc6b3e00b96bd534a7ccd
044b6d282c8d551e9281d3a3715ce76e3b6bea85d22c09d217ad32eaca7a1c81

HTTP Headers

GET /image/upload/c_fill,w_338/q_auto:best/f_auto/dpr_2.0/ncom/en_US/games/switch/p/pokemon-scarlet-switch/screenshot-gallery/screenshot01 HTTP/1.1
Host: assets.nintendo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/avif
content-length: 22880
etag: "91cd2b5216080f79624e9d22af9cd00d"
last-modified: Thu, 02 Mar 2023 15:14:32 GMT
date: Wed, 15 Nov 2023 07:46:11 GMT
cache-control: private, no-transform, immutable, max-age=31536000
access-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
access-control-allow-origin: *
accept-ranges: bytes
timing-allow-origin: *
server: Cloudinary
strict-transport-security: max-age=604800
vary: Accept,User-Agent
x-content-type-options: nosniff
server-timing: cld-akam;dur=40;start=2023-11-15T07:46:11.735Z;desc=hit-near,rtt;dur=6,content-info;desc="width=676,height=380,owidth=1280,oheight=720,obytes=123485"
X-Firefox-Spdy: h2

assets.nintendo.com/image/upload/c_fill,w_338/q_auto:best/f_auto/dpr_2.0/ncom/en_US/games/switch/p/pokemon-scarlet-switch/screenshot-gallery/screenshot02

104.110.18.102

200 OK

56 kB

URL GET HTTP/2
assets.nintendo.com/image/upload/c_fill,w_338/q_auto:best/f_auto/dpr_2.0/ncom/en_US/games/switch/p/pokemon-scarlet-switch/screenshot-gallery/screenshot02
IP
104.110.18.102:443
ASN
#16625 AKAMAI-AS

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjects4-san.cloudinary.com
Fingerprint4E:C1:3B:DC:E3:32:C1:69:12:1C:19:04:E4:13:1F:69:F1:C0:F3:B3
ValidityThu, 21 Sep 2023 07:54:05 GMT - Wed, 20 Dec 2023 07:54:04 GMT

File type
ISO Media, AVIF Image\012- data
Size
56 kB (55796 bytes)
Hash
b9b640e743624c8114f9fb1c6790fd56
d7c78be0838d071be2604caac3364efe58bbcccf
6faf28b212dfcd07bf4682d2c397fac2599c5ee07aa917bdb156d1665baa9033

HTTP Headers

GET /image/upload/c_fill,w_338/q_auto:best/f_auto/dpr_2.0/ncom/en_US/games/switch/p/pokemon-scarlet-switch/screenshot-gallery/screenshot02 HTTP/1.1
Host: assets.nintendo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/avif
content-length: 55796
etag: "b9b640e743624c8114f9fb1c6790fd56"
last-modified: Thu, 02 Mar 2023 15:14:32 GMT
date: Wed, 15 Nov 2023 07:46:11 GMT
cache-control: private, no-transform, immutable, max-age=31536000
access-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
access-control-allow-origin: *
accept-ranges: bytes
timing-allow-origin: *
server: Cloudinary
strict-transport-security: max-age=604800
vary: Accept,User-Agent
x-content-type-options: nosniff
server-timing: cld-akam;dur=46;start=2023-11-15T07:46:11.735Z;desc=hit-near,rtt;dur=6,content-info;desc="width=676,height=380,owidth=1280,oheight=720,obytes=225164"
X-Firefox-Spdy: h2

assets.nintendo.com/image/upload/c_fill,w_338/q_auto:best/f_auto/dpr_2.0/ncom/en_US/games/switch/p/pokemon-scarlet-switch/hero

104.110.18.102

200 OK

64 kB

URL GET HTTP/2
assets.nintendo.com/image/upload/c_fill,w_338/q_auto:best/f_auto/dpr_2.0/ncom/en_US/games/switch/p/pokemon-scarlet-switch/hero
IP
104.110.18.102:443
ASN
#16625 AKAMAI-AS

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjects4-san.cloudinary.com
Fingerprint4E:C1:3B:DC:E3:32:C1:69:12:1C:19:04:E4:13:1F:69:F1:C0:F3:B3
ValidityThu, 21 Sep 2023 07:54:05 GMT - Wed, 20 Dec 2023 07:54:04 GMT

File type
ISO Media, AVIF Image\012- data
Size
64 kB (63603 bytes)
Hash
edc952708902c530b44a3a4cc139618d
d50ff4c83dc577cb3aeea11269915c06e228a8d4
4669619972cffa4adf81dd7c317b913bf337e918cc9db9e0223a3c713b4c02d9

HTTP Headers

GET /image/upload/c_fill,w_338/q_auto:best/f_auto/dpr_2.0/ncom/en_US/games/switch/p/pokemon-scarlet-switch/hero HTTP/1.1
Host: assets.nintendo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/avif
content-length: 63603
etag: "edc952708902c530b44a3a4cc139618d"
last-modified: Thu, 02 Mar 2023 15:14:32 GMT
date: Wed, 15 Nov 2023 07:46:11 GMT
cache-control: private, no-transform, immutable, max-age=31536000
access-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
access-control-allow-origin: *
accept-ranges: bytes
timing-allow-origin: *
server: Cloudinary
strict-transport-security: max-age=604800
vary: Accept,User-Agent
x-content-type-options: nosniff
server-timing: cld-akam;dur=33;start=2023-11-15T07:46:11.736Z;desc=miss,rtt;dur=6,content-info;desc="width=676,height=380,owidth=1920,oheight=1080,obytes=412012",cloudinary;dur=76;start=2023-11-12T09:50:20.205Z
X-Firefox-Spdy: h2

nsw2u.com/wp-content/cache/wpfc-minified/q8eepl4d/dmlqt.css

104.21.88.34

200 OK

2.6 kB

URL GET HTTP/3
nsw2u.com/wp-content/cache/wpfc-minified/q8eepl4d/dmlqt.css
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (8143), with no line terminators
Size
2.6 kB (2571 bytes)
Hash
d352c04bd92b5bb831a449a2b43096d9
a4f2932465c8134444702efefe05210f0c77d9b8
316868f97d2f29e79b0fa3501b5e72f84f3f4076a47a024936553dcc49e1aeb1

HTTP Headers

GET /wp-content/cache/wpfc-minified/q8eepl4d/dmlqt.css HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:11 GMT
content-type: text/css
cache-control: public, max-age=16070400
cf-bgj: minify
expires: max-age=A10368000, public
last-modified: Sun, 03 Sep 2023 08:56:51 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 26564
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xUeag639AOSBeI%2F9w54SLxgaRY8exi12HYr4nAKkoBqnpeJRXf0Jl8XA9s9WsglpYt%2B2ghO%2FRf2th10qbvZFGiYzV1qecNvql3B33qQl4OxoXhI9O%2B10yE6l50o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8265e10609f5b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nsw2u.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

104.21.88.34

200 OK

3.9 kB

URL GET HTTP/3
nsw2u.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
gzip compressed data, from Unix\012- data
Size
3.9 kB (3909 bytes)
Hash
7aeba215bbe7d3ecff839629c6db5dda
7ae334ad1abe890665ed4d7989c61a511450e48c
76119162c540df2b9c5ccb59c3055e232f64a5bb92b15203af34dfaec050b8c3

HTTP Headers

GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:11 GMT
content-type: application/javascript
last-modified: Wed, 08 Nov 2023 16:16:02 GMT
etag: W/"654bb442-302c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fyEEAuqhCNZ%2BLdzHr6ew1p04Cu1IMP0gpXoE%2Bw8qpQsuukv1QhlyC06P5qoE%2F8nFzqdopzlUl2NXSMtLlb4WEP4mL4oGndpNbS%2BFue81azQp51GMAL2vxAplGOU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8265e10619ffb505-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Fri, 17 Nov 2023 07:46:11 GMT
cache-control: max-age=172800, public
content-encoding: gzip

nsw2u.com/wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.32

104.21.88.34

200 OK

22 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.32
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with no line terminators
Size
22 B (22 bytes)
Hash
41bd53fe0ee631d5cfd895e18a53291d
9d9d3c42c53ad7f906cb083a0d2d37afb4537764
dfb2e16986e257b608b45d14396378a8f2ac6a7321c0dc2f13c66a33ec8e4a40

HTTP Headers

GET /wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.32 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
content-length: 22
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=24
expires: max-age=A10368000, public
last-modified: Wed, 01 Nov 2023 03:59:20 GMT
cf-cache-status: HIT
age: 28622
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zOTqBlLNpXDlX32uKKDrG5PxKm%2BKaQ3MaaNyL3szh08M1vpk%2F5VzRaB0hYrYUiKMX6N9UxUjKaWcpFr6yURJix%2FFmSX0a9Y8kXhVO0niiwgoQuuuBdBoyYBEknw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8265e10c8e6bb505-OSL
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.32

104.21.88.34

200 OK

21 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.32
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with no line terminators
Size
21 B (21 bytes)
Hash
169a5dd1261e0d434162d1af68acbbcd
c18d59ed069049b012a61a8e6b958bfb25bc1b71
82b3dabc6615507ef352f36aa08a805d409e883f8024fd01fda43175b6b67b38

HTTP Headers

GET /wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.32 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
content-length: 21
cache-control: public, max-age=16070400
cf-bgj: minify
expires: max-age=A10368000, public
last-modified: Wed, 01 Nov 2023 03:59:22 GMT
cf-cache-status: HIT
age: 28622
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FC5Y9hPHuT8cDe80Qr0gF6RL69xtMp%2BSggVOYR1ITEhC3eKn9k7RClboi3tpWR2z5IO9fLW8bUAPTDP1NOCmFnnKSmKq7K%2BAEsqlOKAQaHaaKvTdArC0ObrnSUc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8265e10c9e76b505-OSL
alt-svc: h3=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.4.1

104.17.24.14

200 OK

3.2 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.4.1
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (7862)
Size
3.2 kB (3150 bytes)
Hash
45bacd312d5098b4b59f563d8756c15d
fa55e2cff078381e5365d95782a95a787d0b7192
3d9120fa621da6d613c1698b7014ec6bdf4620366e8f2b7b547059f4b6f6272b

HTTP Headers

GET /ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.4.1 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 3150
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "60641588-1ed1"
last-modified: Wed, 31 Mar 2021 06:24:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 665413
expires: Mon, 04 Nov 2024 07:46:12 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WYFFgNRB9CO0IjifhcphrItUifFsOhH2sC2K0%2FpAHrxmia9rk3MkEmwwYeD5H%2F5NC%2B5rKe6hFNKwgte3Ke80IiWuMr%2BGVxTvj35U%2FgpJwQcGcn2aDjekuBYn8S%2BC%2F80XwFD6eSmH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8265e10d7b050b4d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.4.1

104.17.24.14

200 OK

677 B

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.4.1
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1845)
Size
677 B (677 bytes)
Hash
f6a3dd4ecbf227acbafcff33d68dc71d
7421115ddcd5d436b89a1fd27e0cdce5a01978e6
30b2271be76ee2dd43122d0611f8aa498b9781f4cd03904ca12e12d2e91e9421

HTTP Headers

GET /ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.4.1 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 677
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "60641588-750"
last-modified: Wed, 31 Mar 2021 06:24:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1834408
expires: Mon, 04 Nov 2024 07:46:12 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=njYKJ6cjWgs%2FB6%2BwoRwP5j5Fn7KVLpMWLhMedtoQ6iUQ8vzV6MTYo0P%2FSJ1WwFuN2mJyp2fHYwqEswiiwCWvNLaQ4f21hGlUqhoRI6ucZKwaqCQUxJh4hNxMYOq1IleCZaKsEuhX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8265e10d9b190b4d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.4.1

104.17.24.14

200 OK

1.1 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.4.1
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3036)
Size
1.1 kB (1101 bytes)
Hash
94279a9a0c4060a96efcf1da47716f86
ea88b3fd8b01a8b86edfd0f4120cc9a834893018
d41c6733a8c4a3a7f08204de8e3d60e1d2baf17dd7f675a26830fb1047fac40a

HTTP Headers

GET /ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.4.1 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 1101
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "60641588-bf7"
last-modified: Wed, 31 Mar 2021 06:24:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1569997
expires: Mon, 04 Nov 2024 07:46:12 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o5GUHyPS8FeTfJuljbfVRE31IxI7zZqXPrUxL70e%2BuvDQFBviTyo3NJLeaVQOCjmKqs8YG3H7LimLSjsz2lLTAtQCWswd%2F%2FXKL1QfT6qFADbhs33LQq40jJYQHQoWJEgo9xbTTDT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8265e10dab1b0b4d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

nsw2u.com/wp-content/themes/posterpro/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0

104.21.88.34

200 OK

77 kB

URL GET HTTP/3
nsw2u.com/wp-content/themes/posterpro/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

HTTP Headers

GET /wp-content/themes/posterpro/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/wp-content/cache/wpfc-minified/fhg2umku/5qz0r.css
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/font-woff2
content-length: 77160
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
cf-cache-status: HIT
age: 28622
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UZkVqgoTzWgAXDDSQ1b1yGZNDbPYaMK1RftbOVQryCQCLcg837FOUoFmDI6boVn3AJ7Wa8ds%2Bc7x654l0qy%2BOR%2Fmk0uOt45AGAYMWphbO7KQo22JjxRAEEYR4to%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8265e10dff7ab505-OSL
alt-svc: h3=":443"; ma=86400

nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201

104.21.88.34

403 Forbidden

152 kB

URL User Request GET HTTP/3
nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
gzip compressed data, from Unix\012- data
Size
152 kB (151939 bytes)
Hash
81a91b2bfff2f3c91f659a6829b59662
38df0069b625107f5c703315cff792550b8882b8
03e34fdfc22f2e477a24236c2f96f06fdbabe0760d520a661d66a084ae0fe8d5

HTTP Headers

POST /pokemon-scarlet-switch-nsp-xci-v201 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201?__cf_chl_tk=3bfMvs9oQLJ5YXwC8wTDq2xN.48t4pS0OxSRMrYesvM-1700034367-0-gaNycGzNCvs
Content-Type: application/x-www-form-urlencoded
Content-Length: 3212
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:11 GMT
content-type: text/html
set-cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0; path=/; expires=Thu, 14-Nov-24 07:46:11 GMT; domain=.nsw2u.com; HttpOnly; Secure; SameSite=None
last-modified: Tue, 14 Nov 2023 23:46:34 GMT
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store, must-revalidate
pragma: no-cache
expires: Mon, 29 Oct 1923 20:30:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Vhipnmt7pqKsktVz8GZYJ10KO0sUs%2BpPFat3%2FzfQx1%2FJT5skUNZHC9mB29GXqhV3rBW3lI7%2FG5iIhKEcvoz0N1tpjyAg367KJv0F2oBIQMprYDT55XF0WOEOW0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8265e1034fcbb505-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400

i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=192%2C192&ssl=1

192.0.77.2

200 OK

2.6 kB

URL GET HTTP/2
i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=192%2C192&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.6 kB (2568 bytes)
Hash
513677192f138c2aba3a3847c320f723
7ce5b67d80a2c2dedf8685b08547bcc8bf012f99
d60495bc835271423ec6445708aceb3a068ed6f2ebfd796a86c9f9e134ca1788

HTTP Headers

GET /nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=192%2C192&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:13 GMT
content-type: image/webp
content-length: 2568
last-modified: Sat, 24 Sep 2022 18:28:57 GMT
expires: Tue, 24 Sep 2024 06:28:57 GMT
cache-control: public, max-age=63115200
link: <https://nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png>; rel="canonical"
x-content-type-options: nosniff
etag: "deb437b05941c6de"
vary: Accept
x-nc: HIT arn 8
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=32%2C32&ssl=1

192.0.77.2

200 OK

374 B

URL GET HTTP/2
i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=32%2C32&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
374 B (374 bytes)
Hash
43df8a9873aa31bb000672a677ac1640
4c1bcd8c3a797217d375df16b4bcab2d6a2763a3
d865b1c06cbff014e7c47cf5afb4332de4c95a537f86074e001b577c50aef07d

HTTP Headers

GET /nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=32%2C32&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:13 GMT
content-type: image/webp
content-length: 374
last-modified: Sat, 24 Sep 2022 18:25:44 GMT
expires: Tue, 24 Sep 2024 06:25:44 GMT
cache-control: public, max-age=63115200
link: <https://nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png>; rel="canonical"
x-content-type-options: nosniff
etag: "9a9a255d155ea6c0"
vary: Accept
x-nc: HIT arn 8
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?resize=405%2C155&ssl=1

192.0.77.2

200 OK

7.7 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?resize=405%2C155&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 405x155, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
7.7 kB (7712 bytes)
Hash
1f2664d6059193e6c1a59ee7ef14d1a0
46542860abd849426ea23d66c601ff0888d735db
f685610012cd711cdf0f3f186e878030c152058d3705dd751d6048d480bc2621

HTTP Headers

GET /images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?resize=405%2C155&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:13 GMT
content-type: image/webp
content-length: 7712
last-modified: Sat, 11 Jun 2022 22:08:00 GMT
expires: Tue, 11 Jun 2024 10:08:00 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "416c01d7e07bbbbf"
vary: Accept
x-nc: HIT arn 7
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

www.google-analytics.com/analytics.js

108.177.14.100

200 OK

21 kB

URL GET HTTP/2
www.google-analytics.com/analytics.js
IP
108.177.14.100:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (2343)
Size
21 kB (20994 bytes)
Hash
575b5480531da4d14e7453e2016fe0bc
e5c5f3134fe29e60b591c87ea85951f0aea36ee1
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: object
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20994
date: Wed, 15 Nov 2023 07:17:47 GMT
expires: Wed, 15 Nov 2023 09:17:47 GMT
cache-control: public, max-age=7200
age: 1706
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

stats.wp.com/e-202346.js

192.0.76.3

200 OK

3.0 kB

URL GET HTTP/2
stats.wp.com/e-202346.js
IP
192.0.76.3:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (6931), with no line terminators
Size
3.0 kB (2986 bytes)
Hash
2567b82fc5b4900c78be291e6a957e99
114ec9e929313111ec06f33e342205c52cce5b11
ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258

HTTP Headers

GET /e-202346.js HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
vary: Accept-Encoding
x-minify: t
x-minify-cache: hit
etag: W/13576-1684460848292.3706
content-encoding: br
expires: Mon, 11 Nov 2024 16:22:44 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-V5K7GYT3S4&l=dataLayer&cx=c

142.250.74.168

200 OK

81 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-V5K7GYT3S4&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint3B:1D:9C:59:AC:F8:2F:47:8A:C6:AE:4F:88:F0:8D:84:C7:6A:47:DA
ValidityMon, 16 Oct 2023 08:02:30 GMT - Mon, 08 Jan 2024 08:02:29 GMT

File type
ASCII text, with very long lines (5955)
Size
81 kB (81001 bytes)
Hash
cd7cc9dd55ebbf7b971c6f26f8a4ab9d
505f6e172efcf9634d72c8c27d10b23baa16d15d
4dfa3d1b4278718b5cef22e06bf439ce74307a7925b0edfb72157d5f1e224873

HTTP Headers

GET /gtag/js?id=G-V5K7GYT3S4&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 15 Nov 2023 07:46:13 GMT
expires: Wed, 15 Nov 2023 07:46:13 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 81001
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/js?id=GT-WBTNX6Q&l=dataLayer&cx=c

142.250.74.168

200 OK

77 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=GT-WBTNX6Q&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint3B:1D:9C:59:AC:F8:2F:47:8A:C6:AE:4F:88:F0:8D:84:C7:6A:47:DA
ValidityMon, 16 Oct 2023 08:02:30 GMT - Mon, 08 Jan 2024 08:02:29 GMT

File type
ASCII text, with very long lines (4179)
Size
77 kB (77043 bytes)
Hash
d148e48fad60e4b6470f4e9182d7c9f9
9c1fe141a3d1d69bb2e9b6146786075476638a05
baa2d65d04f4b7fde136e63078e2f4145faf9b9556a72374cd5b1642c878c69a

HTTP Headers

GET /gtag/js?id=GT-WBTNX6Q&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 15 Nov 2023 07:46:13 GMT
expires: Wed, 15 Nov 2023 07:46:13 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 77043
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-ajax-search.min.js?ver=5.5.4

104.21.88.34

200 OK

32 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-ajax-search.min.js?ver=5.5.4
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
Unicode text, UTF-8 text, with very long lines (65506), with no line terminators
Size
32 kB (32227 bytes)
Hash
51480f0afb0a30743ae59a3455633c75
2b46f094cb87015fa342da2bf1767413ec5c92b5
108cd01e5eaa34e9942ca8af9f8fe70271d3a3a5028fa085c628c162c3706d2d

HTTP Headers

GET /wp-content/plugins/add-search-to-menu/public/js/ivory-ajax-search.min.js?ver=5.5.4 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Wed, 01 Nov 2023 08:22:15 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 26800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nSBI%2FZAlbsKq4igYxaqFVgD3Pybzeb1qxPxzp2S%2BzPPd1waD6%2B2F25%2FKlf93nBO97u%2B1Zx7OVeF03OTDqeC9qxWNUGFgxVU9mtx6NXz%2BTwDqqb%2BBiX2%2F5rJ8LqY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8265e10cfebab505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/cache/wpfc-minified/7kcuf8x0/5qz0r.js

104.21.88.34

200 OK

2.8 kB

URL GET HTTP/3
nsw2u.com/wp-content/cache/wpfc-minified/7kcuf8x0/5qz0r.js
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (6042), with no line terminators
Size
2.8 kB (2815 bytes)
Hash
9fb1dba6cc608c4310104f103db8b0e4
96f8726ec376189982a98185f38f48f480b2c8e3
236fb88931feead5473c70f542473d5dc064578ffb45ea743414720e2aea3929

HTTP Headers

GET /wp-content/cache/wpfc-minified/7kcuf8x0/5qz0r.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=6206
expires: max-age=A10368000, public
last-modified: Tue, 29 Aug 2023 11:06:03 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 26563
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1MCKXoEtXSUygNoNpTcHAcDLxq9%2B23IGh7ESwjtwUuY9ilqJ3o5mjmZ5PDmVvz%2BDSFqO%2BYkFtUxYPOsuBPNbsWHlHxhB6tjhz2%2F0YFbyzUOjp8Chzlv5CX%2BlsdE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8265e10d4efab505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.5.1

104.21.88.34

200 OK

846 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.5.1
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (439)
Size
846 B (846 bytes)
Hash
9c68274c21052262d9bef2672b251874
4919f3fbccaea37c7b1e1b7527d4208c3106b2dc
895b02a349918bd518d94bd7bd9dda9e8bfa45dea210148bd880c4f55b70d72b

HTTP Headers

GET /wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.5.1 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=3949
expires: max-age=A10368000, public
last-modified: Fri, 20 Oct 2023 08:20:23 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 26800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rq5FO7kWwwB1zJEIZy53IUwrBDQZeQOYzfHjWwwmVTLM%2BqHiErbHHQCOMH2OmYDYOIqgM7g%2ByNbDqtl4aGOMExMgWpNu6wAR1loUxLWbApL9ujtsB02KdEYWtk4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8265e10cfebeb505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188

104.21.88.34

200 OK

399 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (701), with no line terminators
Size
399 B (399 bytes)
Hash
328b8123661abdd5f4a0c695e7aa9dcc
4164f78bb52e9f2bfbb7ae5fd519b4638063c1f0
27dd9b075cc59cf5f3c0f6ee075f4bd113782d81ce30a4f16aac669ecfdc4fa2

HTTP Headers

GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
cf-bgj: minify
expires: max-age=A10368000, public
last-modified: Tue, 14 Nov 2023 03:58:21 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 28622
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gzxgit0zYvNDhTiVWVJniI98xfbkJBSSpw28eC47LI1x3%2Fiur7xE640kWw%2BgFV%2F0ZboqxxhPmWuQetOSnICmTIdgqOyshJfPepq169uyhUhf24GX%2BZH7P0Ivmi0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8265e10d2ee6b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

pixel.wp.com/g.gif?v=ext&blog=221113798&post=4626&tz=1&srv=nsw2u.com&j=1%3A12.8.1&host=nsw2u.com&ref=https%3A%2F%2Fnsw2u.com%2Fpokemon-scarlet-switch-nsp-xci-v201%3F__cf_chl_tk%3D3bfMvs9oQLJ5YXwC8wTDq2xN.48t4pS0OxSRMrYesvM-1700034367-0-gaNycGzNCvs&rand=0.8309297854136781

192.0.76.3

200 OK

50 B

URL GET HTTP/2
pixel.wp.com/g.gif?v=ext&blog=221113798&post=4626&tz=1&srv=nsw2u.com&j=1%3A12.8.1&host=nsw2u.com&ref=https%3A%2F%2Fnsw2u.com%2Fpokemon-scarlet-switch-nsp-xci-v201%3F__cf_chl_tk%3D3bfMvs9oQLJ5YXwC8wTDq2xN.48t4pS0OxSRMrYesvM-1700034367-0-gaNycGzNCvs&rand=0.8309297854136781
IP
192.0.76.3:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
GIF image data, version 89a, 6 x 5\012- data
Size
50 B (50 bytes)
Hash
e4d673a55c5656f19ef81563fb10884c
1f2d8ed221d39329251ad3a6ff1edb20b7219443
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

HTTP Headers

GET /g.gif?v=ext&blog=221113798&post=4626&tz=1&srv=nsw2u.com&j=1%3A12.8.1&host=nsw2u.com&ref=https%3A%2F%2Fnsw2u.com%2Fpokemon-scarlet-switch-nsp-xci-v201%3F__cf_chl_tk%3D3bfMvs9oQLJ5YXwC8wTDq2xN.48t4pS0OxSRMrYesvM-1700034367-0-gaNycGzNCvs&rand=0.8309297854136781 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:14 GMT
content-type: image/gif
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201

104.21.88.34

403 Forbidden

0 B

URL User Request GET HTTP/3
nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /pokemon-scarlet-switch-nsp-xci-v201 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0; _ga_V5K7GYT3S4=GS1.1.1700034374.1.0.1700034374.0.0.0; _ga=GA1.1.1058960485.1700034374; _ga_HS5Y0K7QPG=GS1.1.1700034374.1.0.1700034374.0.0.0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:14 GMT
content-type: text/html
last-modified: Tue, 14 Nov 2023 23:46:34 GMT
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store, must-revalidate
pragma: no-cache
expires: Mon, 29 Oct 1923 20:30:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9DT53A2YkEGZW34rRXe6oUtIlDxQZ%2FFa2pVw43akTyfLoIv68ESjLuTRV%2Fjot6BuA4JN3jEKXZ0NXhpnO1T%2B5oXFsdocVm4JqjH0SOlBoGFb0h3sHK1D4n8jlvo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8265e1172890b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

c0.wp.com/c/6.4.1/wp-includes/js/dist/i18n.min.js

192.0.77.37

200 OK

4.1 kB

URL GET HTTP/2
c0.wp.com/c/6.4.1/wp-includes/js/dist/i18n.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
data
Size
4.1 kB (4071 bytes)
Hash
c2c4e2a562e06e1cb22293a5b920aca6
a7b5a369ac4883f1ee7fa701b238d20238b675ca
698e93fe491cc7bbf07a470579a33dbd0db53c19142b7be41ebfd39a23aef11f

HTTP Headers

GET /c/6.4.1/wp-includes/js/dist/i18n.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 21 Sep 2023 13:26:32 GMT
content-encoding: br
expires: Thu, 14 Nov 2024 07:46:12 GMT
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

c0.wp.com/c/6.4.1/wp-includes/js/dist/hooks.min.js

192.0.77.37

200 OK

2.0 kB

URL GET HTTP/2
c0.wp.com/c/6.4.1/wp-includes/js/dist/hooks.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (4592)
Size
2.0 kB (1990 bytes)
Hash
7bd48eb3bd568033e96caf0fb62e6690
b38066999294b99d92d95db5f38bc15707eb1f22
7868467c94a5aa0b3f11ef542f45287967f9627b3b5acdc86e47f8f77a126596

HTTP Headers

GET /c/6.4.1/wp-includes/js/dist/hooks.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 21 Sep 2023 13:26:32 GMT
content-encoding: br
expires: Thu, 14 Nov 2024 07:46:12 GMT
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/393662949:1700033040:1h9CZlm_zTAiXN5G8_NX767yiN4aNjoEO677-G1f58U/8265e0effbcc56aa/b73a7f9d9363c70

104.17.2.184

85 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/393662949:1700033040:1h9CZlm_zTAiXN5G8_NX767yiN4aNjoEO677-G1f58U/8265e0effbcc56aa/b73a7f9d9363c70
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
85 kB (84927 bytes)
Hash
e9a0d09ebb9a34f6c93b6edec5739932
4a10715bbbe8f7d7cd151f2b2caf0e6a4002835f
ee687622714326b85f2c13e3614aeba68bc380fb7a725473a501d5cfa34430d6

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/393662949:1700033040:1h9CZlm_zTAiXN5G8_NX767yiN4aNjoEO677-G1f58U/8265e0effbcc56aa/b73a7f9d9363c70 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/6o4it/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: b73a7f9d9363c70
Content-Length: 3097
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:08 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: MLzpyCaZ3dBa5K5ecCHjD6oVxXcYF7Qn7Wz8hGVwSTI2G7QfUZL8+ov7UvLvs7OO3Yqwu6mAtilAkdMYn4wYQSxqFJlsX7e8W3uLHxrDkHeb17+I2byQ+DHVeeigw3gyDuJ6MIwU77LwiT4DgfIp9w/a4XsVS5delu78qMbI9b80ElTrrN/gYMvjwvLdzHtYnFDOMzyllndziDNIx/PfQRo0hPdJntzLnelXJ7hq6otMxGVbi+U5715c6dnsGa44hcsbT8hU67QGNTO7wIdosh4Phe2dvHnW9tRN/60wW7BnmyWeXbE9k60Ba2AnBrukO3WdtZcXszq7ofNkoos84+ky1DGnHwCC+pFrdGikzsJbmVKLpQDhsFLE4djM0klG7i4/Styg84/M898OmcRNGiluFMK04IxEkQY8qvNUqjLgg+rjLmLDjgkBOUMieSCNc8cws8rROu3ADfcFvOHVJuKcRkiSettRrfNrUMufCkg=$syzuHNRWhi9tcgVK7YhuHQ==
server: cloudflare
cf-ray: 8265e0f3de2456aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

stats.wp.com/w.js?ver=202346

192.0.76.3

200 OK

30 kB

URL GET HTTP/2
stats.wp.com/w.js?ver=202346
IP
192.0.76.3:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (11119), with no line terminators
Size
30 kB (29761 bytes)
Hash
1ac0848d5bceb8555feaf98f8fb860cb
117dcc305a16fbf0f0ef2d173c3c52adfa816047
585d4af3a08847a4604f8796b4841ebf7eaec7211606cc954f88dc9f27c72b28

HTTP Headers

GET /w.js?ver=202346 HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
vary: Accept-Encoding
x-minify: t
x-minify-cache: hit
etag: W/11154-1698845932750.503
content-encoding: br
expires: Mon, 11 Nov 2024 18:17:48 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2

c0.wp.com/c/6.4.1/wp-includes/js/dist/vendor/regenerator-runtime.min.js

192.0.77.37

200 OK

55 kB

URL GET HTTP/2
c0.wp.com/c/6.4.1/wp-includes/js/dist/vendor/regenerator-runtime.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (6625), with no line terminators
Size
55 kB (55098 bytes)
Hash
fd7ef2e4737acd74fd0dcdc3b515e304
0d792b33f12a48ee8aaaf2560a63a5682470645b
1d52e1ac7d3bc25a8b0ffc257153f9dd50249f96fe9a4df5e0d771241a69062c

HTTP Headers

GET /c/6.4.1/wp-includes/js/dist/vendor/regenerator-runtime.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 19 Sep 2023 19:30:24 GMT
content-encoding: br
expires: Thu, 14 Nov 2024 07:46:12 GMT
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1699089846/04828902/39051605.jpg?resize=200%2C200&ssl=1

192.0.77.2

200 OK

3.9 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1699089846/04828902/39051605.jpg?resize=200%2C200&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
3.9 kB (3902 bytes)
Hash
31706d2479959c21fde3a26c06a18b13
b66c5c791d21122c2f9ea2e0fef9397694339981
c6d62e430663d3b018737b0b3ce6776ed43049f1ecef2bd3a6c41dd839a43526

HTTP Headers

GET /images.vfl.ru/ii/1699089846/04828902/39051605.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:14 GMT
content-type: image/webp
content-length: 3902
last-modified: Sun, 12 Nov 2023 13:53:21 GMT
expires: Wed, 12 Nov 2025 01:53:21 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1699089846/04828902/39051605.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "5fafced9f230c9fe"
vary: Accept
x-nc: HIT arn 1
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1692466255/57cf98f7/38995518.jpg?resize=200%2C200&ssl=1

192.0.77.2

200 OK

9.1 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1692466255/57cf98f7/38995518.jpg?resize=200%2C200&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
9.1 kB (9136 bytes)
Hash
9d6e56aafe5753deab7dc9c18a0a9bba
108ad32fa05e6400dc64ac7a81a313ca99496221
2808223bab3a02d2ef86a340b559330e3fcb4669b55346901a39775cddb21ca7

HTTP Headers

GET /images.vfl.ru/ii/1692466255/57cf98f7/38995518.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:14 GMT
content-type: image/webp
content-length: 9136
last-modified: Sun, 12 Nov 2023 13:53:21 GMT
expires: Wed, 12 Nov 2025 01:53:21 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1692466255/57cf98f7/38995518.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "8ec84d040f8c59a8"
vary: Accept
x-nc: HIT arn 3
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1659626961/946b2a41/38516846.jpg?resize=200%2C200&ssl=1

192.0.77.2

200 OK

9.7 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1659626961/946b2a41/38516846.jpg?resize=200%2C200&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
9.7 kB (9702 bytes)
Hash
1bb636cbc4bf45105ea09f678ec75095
95ab741b213cdf879782c361d4b305eaa169627d
bab239986bea594efd10c82ca1bb36dab2fd45a75c18448c6ba963cc59ab41a6

HTTP Headers

GET /images.vfl.ru/ii/1659626961/946b2a41/38516846.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:14 GMT
content-type: image/webp
content-length: 9702
last-modified: Thu, 09 Nov 2023 23:35:52 GMT
expires: Sun, 09 Nov 2025 11:35:52 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1659626961/946b2a41/38516846.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "269498792b13b891"
vary: Accept
x-nc: HIT arn 3
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

c0.wp.com/c/6.4.1/wp-includes/js/dist/vendor/wp-polyfill.min.js

192.0.77.37

200 OK

44 kB

URL GET HTTP/2
c0.wp.com/c/6.4.1/wp-includes/js/dist/vendor/wp-polyfill.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Size
44 kB (44130 bytes)
Hash
9a98016751e498c06d434cc022ca1a44
6aa9af5fe436eab9c313de9f0bea072c04637624
da9ed5720b674f0d297fe621ac2d8d518c4e622bef1e9b0d4ae489dee9aa43f8

HTTP Headers

GET /c/6.4.1/wp-includes/js/dist/vendor/wp-polyfill.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 26 Sep 2023 14:23:26 GMT
content-encoding: br
expires: Thu, 14 Nov 2024 07:46:12 GMT
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

c0.wp.com/c/6.4.1/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css

192.0.77.37

200 OK

11 kB

URL GET HTTP/2
c0.wp.com/c/6.4.1/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (11256), with no line terminators
Size
11 kB (10962 bytes)
Hash
2b0dd7eecea03b4bdedb94ba622fdb03
703becba85161118dd6fc66af465428ef43f561c
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

HTTP Headers

GET /c/6.4.1/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:11 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
content-encoding: br
expires: Thu, 14 Nov 2024 07:46:11 GMT
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1694719019/48f3ed4a/39011098.jpg?resize=200%2C200&ssl=1

192.0.77.2

200 OK

6.6 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1694719019/48f3ed4a/39011098.jpg?resize=200%2C200&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
6.6 kB (6640 bytes)
Hash
725cc039f8a245a2e06babebe0fdbe86
05dacfc5c8d71269e6ad9732cd4319fbcb5ae224
05bd41b9379bc1f8cccf5b711d732eca5ec971e5eaf45659a7e4532c643d0080

HTTP Headers

GET /images.vfl.ru/ii/1694719019/48f3ed4a/39011098.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:14 GMT
content-type: image/webp
content-length: 6640
last-modified: Tue, 14 Nov 2023 07:40:25 GMT
expires: Thu, 13 Nov 2025 19:40:25 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1694719019/48f3ed4a/39011098.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "796295d35578ab43"
vary: Accept
x-nc: HIT arn 3
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans%3A100%2C300%2C400%2C700&ver=6.4.1

142.250.74.106

200 OK

14 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Open+Sans%3A100%2C300%2C400%2C700&ver=6.4.1
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintFA:D7:68:E4:12:7D:FE:22:87:DE:95:F1:1E:49:5A:49:FA:12:1E:B9
ValidityMon, 16 Oct 2023 08:10:01 GMT - Mon, 08 Jan 2024 08:10:00 GMT

File type
gzip compressed data, max compression\012- data
Size
14 kB (13694 bytes)
Hash
2bcffb60e80b2cb1b4bf4879c0a5a175
b3e247f716118743392f1970590e8d48ea13a481
cecbb7e424999f57dc22b37efe96e38605f0d12da4fdcc50f2883263848f500d

HTTP Headers

GET /css?family=Open+Sans%3A100%2C300%2C400%2C700&ver=6.4.1 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 15 Nov 2023 07:46:12 GMT
date: Wed, 15 Nov 2023 07:46:12 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

c0.wp.com/p/jetpack/12.8.1/css/jetpack.css

192.0.77.37

200 OK

59 kB

URL GET HTTP/2
c0.wp.com/p/jetpack/12.8.1/css/jetpack.css
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
59 kB (58703 bytes)
Hash
91664c6f5f621e9deeec61279b8ef3dc
f707f89e7a27114fbdf40a2bbbf670d5bae5a1b2
277fb30e91af19162de1bd98e6364ee78f0677257c118fd46d0255b83eeadd55

HTTP Headers

GET /p/jetpack/12.8.1/css/jetpack.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:11 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Mon, 13 Nov 2023 18:14:20 GMT
content-encoding: br
expires: Thu, 14 Nov 2024 07:46:11 GMT
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/cache/wpfc-minified/12xngu3j/dmm48.css

104.21.88.34

200 OK

12 kB

URL GET HTTP/3
nsw2u.com/wp-content/cache/wpfc-minified/12xngu3j/dmm48.css
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (16508), with no line terminators
Size
12 kB (11885 bytes)
Hash
99329d894b9c5a2c862cb32615590ebf
a360534b0d5a3e9659c58181ef1c9d7da732a425
e7f056faf4227ae9118e83d7dc36b7089f10308d7738c0f0c2210e99733a1592

HTTP Headers

GET /wp-content/cache/wpfc-minified/12xngu3j/dmm48.css HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:11 GMT
content-type: text/css
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=17923
expires: max-age=A10368000, public
last-modified: Sun, 03 Sep 2023 08:59:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 26784
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TzDFG9uBgSR4tGhlh%2BILsLEb%2FsCPaMLpFyoI6z4znWbHyFci2Zj1eM7dNENGDvd0dMM%2F0PvnJuB%2F61N%2BCt6mZTq%2BZskWmD2o2wWQAyFJxen9XLMONyMVstPRuGw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8265e105999bb505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.min.js

104.21.88.34

200 OK

33 kB

URL GET HTTP/3
nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.min.js
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (32024)
Size
33 kB (33001 bytes)
Hash
7ed39eb42c8c450b59a24bab9cfa7fae
7fdd3fee90709f703fac533b6061864fcd7ec206
35ddb1ce73a4ac4f4792b00c8b8c56cbf857910ada5e2a0183d898b01adc16bb

HTTP Headers

GET /wp-content/themes/posterpro/foundation/js/foundation.min.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 26563
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wFX6oLsVqRuy%2FJmSkh0hAm1KtlU62VoryIanhpd88IFKLXHWqbQPneLjraEWskW%2FpiewvEiCSfy%2FFuBLD2S5FWKUREsogR7U6o%2F%2FfOcIPicSC63%2BAVxOAXW2w%2BE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8265e10d2ee0b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

tenderlywomblink.com/ed/6c/a5/ed6ca5eb8abc9a864ffa39115799b641.js

192.243.61.227

200 OK

23 kB

URL GET HTTP/1.1
tenderlywomblink.com/ed/6c/a5/ed6ca5eb8abc9a864ffa39115799b641.js
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjecttenderlywomblink.com
Fingerprint63:B0:65:78:CF:23:17:27:6B:A3:F1:69:58:42:AB:29:22:50:52:DA
ValidityFri, 03 Nov 2023 10:31:57 GMT - Thu, 01 Feb 2024 10:31:56 GMT

File type
ASCII text, with very long lines (59036), with no line terminators
Size
23 kB (23347 bytes)
Hash
defc5028c572779e4177e20d9b82c29f
ac1c3730c78c30a6e00de142362dc47af1b566e2
70922485bbd859ae63b9d32411c6f3680e79bb48cb142637c42db0283aa19d1f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ed/6c/a5/ed6ca5eb8abc9a864ffa39115799b641.js HTTP/1.1
Host: tenderlywomblink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 15 Nov 2023 07:46:14 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 96072c834d321bb2f8b021defda7a501
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

i0.wp.com/images.vfl.ru/ii/1617183253/97cf8bb0/33890012.png?w=1280&resize=1280&ssl=1

192.0.77.2

200 OK

7.1 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1617183253/97cf8bb0/33890012.png?w=1280&resize=1280&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
7.1 kB (7082 bytes)
Hash
2a19271a79ed86157e035261d50ce8b8
bdaaab52551234d79c3420c71d72bf2004010899
11230d9a5e6db15347e2b28947e0b3128c642bf897dab51e24ab411164b61c35

HTTP Headers

GET /images.vfl.ru/ii/1617183253/97cf8bb0/33890012.png?w=1280&resize=1280&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:14 GMT
content-type: image/webp
content-length: 7082
last-modified: Sat, 26 Aug 2023 13:56:19 GMT
expires: Tue, 26 Aug 2025 01:56:19 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1617183253/97cf8bb0/33890012.png>; rel="canonical"
x-content-type-options: nosniff
etag: "0987e1961abf81c6"
vary: Accept
x-nc: HIT arn 3
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=1280&resize=1280&ssl=1

192.0.77.2

200 OK

7.7 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=1280&resize=1280&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 405x155, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
7.7 kB (7712 bytes)
Hash
1f2664d6059193e6c1a59ee7ef14d1a0
46542860abd849426ea23d66c601ff0888d735db
f685610012cd711cdf0f3f186e878030c152058d3705dd751d6048d480bc2621

HTTP Headers

GET /images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=1280&resize=1280&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:14 GMT
content-type: image/webp
content-length: 7712
last-modified: Sun, 19 Feb 2023 09:06:57 GMT
expires: Tue, 18 Feb 2025 21:06:57 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "95d72d4081ab31e0"
vary: Accept
x-nc: HIT arn 7
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=500&resize=500&ssl=1

192.0.77.2

200 OK

7.7 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=500&resize=500&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 405x155, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
7.7 kB (7712 bytes)
Hash
1f2664d6059193e6c1a59ee7ef14d1a0
46542860abd849426ea23d66c601ff0888d735db
f685610012cd711cdf0f3f186e878030c152058d3705dd751d6048d480bc2621

HTTP Headers

GET /images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=500&resize=500&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:14 GMT
content-type: image/webp
content-length: 7712
last-modified: Sun, 19 Feb 2023 09:06:19 GMT
expires: Tue, 18 Feb 2025 21:06:19 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "6b02d3dbdaa697a7"
vary: Accept
x-nc: HIT arn 7
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?userId=ee5374c82c19416db62a65edb55afa0b

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=ee5374c82c19416db62a65edb55afa0b
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
e8ffa6fb893ccf1e53360247ed215d80
b4f494724d56db042ffec6279f71f4026a043796
254022d231ec278ed1676fb95f02a9d1bb8ec58bd4144e42354460b44ee546b0

HTTP Headers

GET /gid.js?userId=ee5374c82c19416db62a65edb55afa0b HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:14 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://nsw2u.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=ee5374c82c19416db62a65edb55afa0b; expires=Thu, 14 Nov 2024 07:46:14 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

assets.nintendo.com/image/upload/c_fill,w_338/q_auto:best/f_auto/dpr_2.0/ncom/en_US/games/switch/p/pokemon-scarlet-switch/screenshot-gallery/screenshot04

104.110.18.102

200 OK

28 kB

URL GET HTTP/2
assets.nintendo.com/image/upload/c_fill,w_338/q_auto:best/f_auto/dpr_2.0/ncom/en_US/games/switch/p/pokemon-scarlet-switch/screenshot-gallery/screenshot04
IP
104.110.18.102:443
ASN
#16625 AKAMAI-AS

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjects4-san.cloudinary.com
Fingerprint4E:C1:3B:DC:E3:32:C1:69:12:1C:19:04:E4:13:1F:69:F1:C0:F3:B3
ValidityThu, 21 Sep 2023 07:54:05 GMT - Wed, 20 Dec 2023 07:54:04 GMT

File type
ISO Media, AVIF Image\012- data
Size
28 kB (28347 bytes)
Hash
2e56ddfee117b7258557f3e60cf48746
ee9d45cb104fb799ac66ccdb05c34a71a6a1d66e
75dfe38f0a74c409ee3c8dc8e83dc042857793622a18a3c2f3c7034d89536699

HTTP Headers

GET /image/upload/c_fill,w_338/q_auto:best/f_auto/dpr_2.0/ncom/en_US/games/switch/p/pokemon-scarlet-switch/screenshot-gallery/screenshot04 HTTP/1.1
Host: assets.nintendo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/avif
content-length: 28347
etag: "2e56ddfee117b7258557f3e60cf48746"
last-modified: Thu, 02 Mar 2023 15:14:32 GMT
date: Wed, 15 Nov 2023 07:46:14 GMT
cache-control: private, no-transform, immutable, max-age=31536000
access-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
access-control-allow-origin: *
accept-ranges: bytes
timing-allow-origin: *
server: Cloudinary
strict-transport-security: max-age=604800
vary: Accept,User-Agent
x-content-type-options: nosniff
server-timing: cld-akam;dur=316;cpu=58;start=2023-11-15T07:46:14.598Z;desc=miss,rtt;dur=0,content-info;desc="width=676,height=380,owidth=1280,oheight=720,obytes=152844",cloudinary;dur=152;start=2023-11-15T07:46:14.698Z
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8265e0effbcc56aa/1700034368630/kDbvuOxbMbBzSTX

104.17.2.184

24 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8265e0effbcc56aa/1700034368630/kDbvuOxbMbBzSTX
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 37 x 72, 8-bit/color RGB, non-interlaced\012- data
Size
24 kB (24523 bytes)
Hash
00586997903f4cfed1c6d1e32396f742
b961bea04fcb280ef6f7a14c81263d1f96df435c
7cf3d84179fb56bd27584c62d0a8c4740fca81df86d8808b116dafb958af15e8

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/i/8265e0effbcc56aa/1700034368630/kDbvuOxbMbBzSTX HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/6o4it/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:10 GMT
content-type: image/png
server: cloudflare
cf-ray: 8265e0fd7d7456aa-OSL
alt-svc: h3=":443"; ma=86400

banquetunarmedgrater.com/advertisers.js

172.67.219.12

200 OK

0 B

URL GET HTTP/2
banquetunarmedgrater.com/advertisers.js
IP
172.67.219.12:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerGoogle Trust Services LLC
Subjectbanquetunarmedgrater.com
Fingerprint92:8E:AD:72:AC:AD:3B:21:99:CD:21:A0:9F:BD:F2:AF:0D:98:D8:57
ValidityThu, 09 Nov 2023 11:40:15 GMT - Wed, 07 Feb 2024 11:40:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 15 Nov 2023 07:46:15 GMT
content-type: application/javascript
content-length: 0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=172800
x-request-id: 559437c2e8f0ac763b84d3880feb17ac
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 15 Nov 2023 07:46:12 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PuSLOwUB6823sjlxSsroZurVUKp0S8RZFwVN4RIGCdwFG0Rh8xgEpqqccsxhr%2BzVbC%2F3M7lmYG4QbTMsmBuziL9ed0IxSfWsGBRCuhhDGXjJuXLToee0nPj5z33VsEQ9JDGYOfUI%2BMQw2Uk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8265e11bccb90b65-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

tenderlywomblink.com/watch.1536299683936.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22pok%C3%A9mon%22%2C%22scarlet%22%2C%22switch%22%2C%22nsp%22%2C%22xci%22%2C%22nsw2u%22%2C%22com%22%5D&refer=https%3A%2F%2Fnsw2u.com%2Fpokemon-scarlet-switch-nsp-xci-v201&tz=0&dev=e&res=14.2079&uuid=b06cf357-b568-439d-8b23-81ed3a606a25%3A2%3A1&shu=7f91c69806808485c9339ef625afd7272d11ca881d1f0926e2c352fd5193c1fe8cfd9c660d1478201dc4effb50c18e454a69e44e759d4145b2b9e41cb4dd8ed53627f726ba115870d8ee4fa43bfc5b419120791165662cb15face78d18b791&pst=1700034434&rmtc=t

192.243.61.227

200 OK

2.1 kB

URL GET HTTP/1.1
tenderlywomblink.com/watch.1536299683936.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22pok%C3%A9mon%22%2C%22scarlet%22%2C%22switch%22%2C%22nsp%22%2C%22xci%22%2C%22nsw2u%22%2C%22com%22%5D&refer=https%3A%2F%2Fnsw2u.com%2Fpokemon-scarlet-switch-nsp-xci-v201&tz=0&dev=e&res=14.2079&uuid=b06cf357-b568-439d-8b23-81ed3a606a25%3A2%3A1&shu=7f91c69806808485c9339ef625afd7272d11ca881d1f0926e2c352fd5193c1fe8cfd9c660d1478201dc4effb50c18e454a69e44e759d4145b2b9e41cb4dd8ed53627f726ba115870d8ee4fa43bfc5b419120791165662cb15face78d18b791&pst=1700034434&rmtc=t
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjecttenderlywomblink.com
Fingerprint63:B0:65:78:CF:23:17:27:6B:A3:F1:69:58:42:AB:29:22:50:52:DA
ValidityFri, 03 Nov 2023 10:31:57 GMT - Thu, 01 Feb 2024 10:31:56 GMT

File type
HTML document text\012- HTML document, ASCII text, with very long lines (2616)
Size
2.1 kB (2084 bytes)
Hash
559688fd94bc19e867f296b692e9c930
1176b4c60c5df092e6cceb62bfa8add0e6589dd5
98e5b1022f342caf95af90bb5e9caf6953678f0f1e7ec56fcd838ee2d8e41d45

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1536299683936.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22pok%C3%A9mon%22%2C%22scarlet%22%2C%22switch%22%2C%22nsp%22%2C%22xci%22%2C%22nsw2u%22%2C%22com%22%5D&refer=https%3A%2F%2Fnsw2u.com%2Fpokemon-scarlet-switch-nsp-xci-v201&tz=0&dev=e&res=14.2079&uuid=b06cf357-b568-439d-8b23-81ed3a606a25%3A2%3A1&shu=7f91c69806808485c9339ef625afd7272d11ca881d1f0926e2c352fd5193c1fe8cfd9c660d1478201dc4effb50c18e454a69e44e759d4145b2b9e41cb4dd8ed53627f726ba115870d8ee4fa43bfc5b419120791165662cb15face78d18b791&pst=1700034434&rmtc=t HTTP/1.1
Host: tenderlywomblink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
Referer: https://nsw2u.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=19067264; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTA2NzI2NCwiayI6ImE0NTkyMmZhNDk2Njk1NWNlY2RmZmJkZGU1MzQ3YWU1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNDQ5ODA3LCJwaWQiOjE2MjY3OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjozMiwicHQiOjQsInBrIjoibWh2ZzFhbXRhIiwiY3BrcyI6eyAiMjgiOiJlZDZjYTVlYjhhYmM5YTg2NGZmYTM5MTE1Nzk5YjY0MSIsIjI5IjoiM2EyMjZhNjY0MGE2NDQ2ZGJjN2NkYzk2ZWNjNmIzZTgifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjE3OTA4ODk0OCwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMjQzODYsImJuIjoiRmlyZWZveCIsImJ2IjoiMTExLjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9uc3cydS5jb20vcG9rZW1vbi1zY2FybGV0LXN3aXRjaC1uc3AteGNpLXYyMDEifX0.tI9SkPF-FxRvsF5p31NvmEZxnVotPBSlF3dbRtB9Li4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 15 Nov 2023 07:46:15 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://nsw2u.com
Access-Control-Allow-Origin: https://nsw2u.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=b06cf357-b568-439d-8b23-81ed3a606a25:2:1; expires=Wed, 22 Nov 2023 07:46:15 GMT; secure; SameSite=None
iprcf205dbc2ca877a2ef74dd46fd6f0d4f2=3570421; expires=Wed, 15 Nov 2023 11:46:15 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 16 Nov 2023 07:46:15 GMT; secure; SameSite=None
uncs=1; expires=Thu, 16 Nov 2023 07:46:15 GMT; secure; SameSite=None
pdhtkv32=true; expires=Thu, 16 Nov 2023 07:46:15 GMT; secure; SameSite=None
uncs32=1; expires=Thu, 16 Nov 2023 07:46:15 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e9a2e2ac23e10909acbf19de077dd8c7
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

publisherride.com/pixel/purst?dl=0&th=0&sc=0&rs=3647&rd=3647&fd=602&bv=23.11.v.1&tmpl=70

192.243.59.20

200 OK

0 B

URL GET HTTP/1.1
publisherride.com/pixel/purst?dl=0&th=0&sc=0&rs=3647&rd=3647&fd=602&bv=23.11.v.1&tmpl=70
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectpublisherride.com
Fingerprint27:3A:72:E4:3A:3C:FF:E4:9A:67:0A:B5:71:82:26:D3:8E:10:80:69
ValidityMon, 09 Oct 2023 12:45:43 GMT - Sun, 07 Jan 2024 12:45:42 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=3647&rd=3647&fd=602&bv=23.11.v.1&tmpl=70 HTTP/1.1
Host: publisherride.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 15 Nov 2023 07:46:15 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

secure.gravatar.com/avatar/5da753b289d968447fe42d2f645ed501?s=45&d=monsterid&r=g

192.0.73.2

200 OK

2.4 kB

URL GET HTTP/2
secure.gravatar.com/avatar/5da753b289d968447fe42d2f645ed501?s=45&d=monsterid&r=g
IP
192.0.73.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.gravatar.com
Fingerprint40:4E:21:9D:74:27:BC:64:DC:8B:81:06:B1:0E:76:4E:0D:AE:2B:C6
ValidityWed, 23 Nov 2022 00:00:00 GMT - Sun, 24 Dec 2023 23:59:59 GMT

File type
PNG image data, 45 x 45, 8-bit/color RGB, non-interlaced\012- data
Size
2.4 kB (2358 bytes)
Hash
6d8bb7152bc9433d4eb6ef95260e46cc
a10321855e9e989f32e04b9f8cdbc6c06b2ff329
b31b687e853310d499c10405a1c5f12009071136a85b2c9471a7c3c6276636d5

HTTP Headers

GET /avatar/5da753b289d968447fe42d2f645ed501?s=45&d=monsterid&r=g HTTP/1.1
Host: secure.gravatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:15 GMT
content-type: image/png
content-length: 2358
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
link: <https://www.gravatar.com/avatar/5da753b289d968447fe42d2f645ed501?s=45&d=monsterid&r=g>; rel="canonical"
access-control-allow-origin: *
expires: Wed, 15 Nov 2023 07:51:15 GMT
cache-control: max-age=300
x-nc: HIT arn 1
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg

45.133.44.10

200 OK

25 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint62:DE:BA:BA:30:E9:EE:15:E9:24:B9:C5:BF:E1:7E:39:8B:20:E5:42
ValiditySun, 24 Sep 2023 23:04:02 GMT - Sat, 23 Dec 2023 23:04:01 GMT

File type
JPEG image data, baseline, precision 8, 320x50, components 3\012- data
Size
25 kB (24714 bytes)
Hash
d465d02b90e928dfd9d9846e102a9dac
22f7333777bec813bd9a7b870913a2b79b6d2fe4
e393d4f1c6b5d4973e157f0f10764b92037dc18239500f42b72bed8ecef462fd

HTTP Headers

GET /cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 15 Nov 2023 07:46:15 GMT
content-type: image/jpeg
content-length: 24714
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 14:06:18 GMT
etag: "62e1465a-608a"
expires: Fri, 17 Nov 2023 07:46:15 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

friendshipmale.com/sfp.js

104.21.234.32

200 OK

86 kB

URL GET HTTP/2
friendshipmale.com/sfp.js
IP
104.21.234.32:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT

File type

Size
86 kB (85471 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 15 Nov 2023 07:46:15 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 389e64673ae10c2a549ba29cd39509ba
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 15 Nov 2023 07:46:14 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aBcxjg4y5G2HRaN8ebj14cI5wt54%2BDOjgUEP4H8LZ7gEcq0tVNMjiK%2FNQ4hccdqAYF2rVNwubXBIMgZXPMxBh03XZJiO2SIWDDb5%2FdLnQMceybi7buuUKjrAe2CB1%2Bj0VyooQWs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8265e11ae8214c79-HEL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

nsw2u.com/wp-content/cache/wpfc-minified/fhg2umku/5qz0r.css

104.21.88.34

200 OK

143 kB

URL GET HTTP/3
nsw2u.com/wp-content/cache/wpfc-minified/fhg2umku/5qz0r.css
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type

Size
143 kB (142808 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/cache/wpfc-minified/fhg2umku/5qz0r.css HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:11 GMT
content-type: text/css
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=147784
expires: max-age=A10368000, public
last-modified: Tue, 29 Aug 2023 11:06:03 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 26564
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZwxMBtpHc6Qbjaj2W79IHIE6V%2BpSNSZcG%2B81UvXJGVbVHjLAyVw4byTO2pDvRKuNnEUQV%2B5k5PZTkbM9YwS2Dh4z8oVxCZNbrnkH%2Bw59G0eaVHVhK4szuGUzBto%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8265e105a99cb505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/cache/wpfc-minified/6zu0bqmr/5qz0r.js

104.21.88.34

200 OK

2.7 kB

URL GET HTTP/3
nsw2u.com/wp-content/cache/wpfc-minified/6zu0bqmr/5qz0r.js
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
HTML document text\012- HTML document, ASCII text, with very long lines (2883), with no line terminators
Size
2.7 kB (2729 bytes)
Hash
192dc990f772721ea75e1c0ccc9032a4
60e0e0bef73be3f726656e21c7f2d32e7f921b12
fb624dd9bcadd9025b413f814918ec1a9146e7c7c257b2209bda3a709e8cc1d7

HTTP Headers

GET /wp-content/cache/wpfc-minified/6zu0bqmr/5qz0r.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=2817
expires: max-age=A10368000, public
last-modified: Tue, 29 Aug 2023 11:06:03 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 26563
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1BTBMwB8Whdw7vFgdMl6DRgNaM4TK1AnUANdUgs4w55Z6DwJUPRLPIXDOsbiQuXoPOyqIGWVu71rIEqL0SvMzGoao1quCaQDy89nG6czvHQHy65dtWUuxyRbP%2BU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8265e10d4ef9b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

i0.wp.com/images.vfl.ru/ii/1699348157/9f9c4ad8/39052978.jpg?resize=200%2C200&ssl=1

192.0.77.2

200 OK

6.2 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1699348157/9f9c4ad8/39052978.jpg?resize=200%2C200&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
6.2 kB (6246 bytes)
Hash
9764c621b708fdc3d3e92f233c3bec91
cc595c034107b8c1825ea14b3a96a3b64e3b314d
7a6bb947436d1d6774f5cb69ae03a756a1883222ee8126a5c6f8b9172ebe41ef

HTTP Headers

GET /images.vfl.ru/ii/1699348157/9f9c4ad8/39052978.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:14 GMT
content-type: image/webp
content-length: 6246
last-modified: Tue, 14 Nov 2023 02:38:39 GMT
expires: Thu, 13 Nov 2025 14:38:39 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1699348157/9f9c4ad8/39052978.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "56872b799dc2e048"
vary: Accept
x-nc: HIT arn 1
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

mgnetu.com/js/full-page-script.js

188.114.96.1

200 OK

2.2 kB

URL GET HTTP/2
mgnetu.com/js/full-page-script.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerGoogle Trust Services LLC
Subjectmgnetu.com
Fingerprint0E:28:BD:16:0C:4B:02:FE:6E:91:FA:1B:2B:AB:C5:2D:A8:72:DF:64
ValiditySat, 04 Nov 2023 11:38:44 GMT - Fri, 02 Feb 2024 11:38:43 GMT

File type
C source, ASCII text, with very long lines (2222), with no line terminators
Size
2.2 kB (2153 bytes)
Hash
0f0a8906d260aade1f7f26ef729fb8bb
bba38288d01f698353166ee9a17908d1bb622a79
0a439b87c4d18a47b47832a83e8ff521faf1ecc0e04c07992875da4761d53308

HTTP Headers

GET /js/full-page-script.js HTTP/1.1
Host: mgnetu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Wed, 15 Nov 2023 08:51:01 GMT
last-modified: Thu, 19 Dec 2019 15:37:58 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 600911
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a0%2F8blqinxgvJva5PIklcavuFOlHpI4jln1jYGitzZbIfyLq2ui99SPR0I%2BFGdVmYHtMYtmNpTuHvXvT%2BPOb%2Ff7HOys2XIkdX79gBXbOJMaJUrhlnmb2Q8X%2BvuWH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8265e10dccfd7128-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

c0.wp.com/c/6.4.1/wp-includes/js/jquery/jquery.min.js

192.0.77.37

200 OK

88 kB

URL GET HTTP/2
c0.wp.com/c/6.4.1/wp-includes/js/jquery/jquery.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65447)
Size
88 kB (87553 bytes)
Hash
826eb77e86b02ab7724fe3d0141ff87c
79cd3587d565afe290076a8d36c31c305a573d18
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

HTTP Headers

GET /c/6.4.1/wp-includes/js/jquery/jquery.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Mon, 28 Aug 2023 17:14:23 GMT
content-encoding: br
expires: Thu, 14 Nov 2024 07:46:12 GMT
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.4

104.21.88.34

200 OK

4.6 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.4
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (4844), with no line terminators
Size
4.6 kB (4580 bytes)
Hash
0c25d30efd4aa460ab9922a3bcfb8c42
6522ee0dc866d20cd8d11109932d9d80a48a3db7
36de60ec7c408ce665901d0e775647c744c39969c0bada78d156819eeeedf103

HTTP Headers

GET /wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.4 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Wed, 01 Nov 2023 08:22:15 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 26800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6HWGbM3n%2B39vISOJN3gNeuqFiqqB8NodzLzqTIMy7yvBqKLD4r3dF2ZwdlHKhEn2ziF3gTF8QXuABpGbFDhFm%2FPk6LEZvikGLBrHjhfWFLS3hkfXY0lzBCmeftQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8265e10d0ed3b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/themes/posterpro/js/navigation.js?ver=20120206

104.21.88.34

200 OK

1.4 kB

URL GET HTTP/3
nsw2u.com/wp-content/themes/posterpro/js/navigation.js?ver=20120206
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (1413), with no line terminators
Size
1.4 kB (1406 bytes)
Hash
fb7fedcbc4898509446641bf9fd08189
374a4aa4443cc7d7fe9cdc45c1c7d723cd259f64
61ee64c9534a923b25e7faa8542df84482423ee82601c3c6fca192063f975e47

HTTP Headers

GET /wp-content/themes/posterpro/js/navigation.js?ver=20120206 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=2279
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 26563
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vJunRmd5U9IoSBK2%2BgtvzszS16R0o0%2FPUZ7FMgMosinENlyM1pggGaUJ0ME91ntcHWhfrguSo%2BqWfjYaMWXj6dOMUsYCmvx8KZFIxj5kBCpiRt0kDujOdpu1Fd8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8265e10d2ee3b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nukeluck.net/5/3812660/?oo=1&aab=1

139.45.197.243

200 OK

2.7 kB

URL GET HTTP/2
nukeluck.net/5/3812660/?oo=1&aab=1
IP
139.45.197.243:443
ASN
#9002 RETN Limited

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnukeluck.net
Fingerprint10:9E:8F:E3:6A:F8:48:21:94:4C:23:4D:4E:96:D5:07:46:36:8E:4F
ValiditySun, 08 Oct 2023 09:09:43 GMT - Sat, 06 Jan 2024 09:09:42 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2989), with no line terminators
Size
2.7 kB (2749 bytes)
Hash
35369f1fd1048fa760c6ab85bbae36f5
e9317ff8e47a53b1ee476c082ec1294656bfea1f
5854d05d6db22e140ebe85f658c712e0cfcd2c582f7108c2ff5ddff75824695c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/3812660/?oo=1&aab=1 HTTP/1.1
Host: nukeluck.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:14 GMT
content-type: application/json
x-trace-id: e931b1f6409e3b999a0608fb053dd2de
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://nsw2u.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=ee5374c82c19416db62a65edb55afa0b; expires=Thu, 14 Nov 2024 07:46:14 GMT; path=/; secure; SameSite=None
oaidts=1700034374; expires=Thu, 14 Nov 2024 07:46:14 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

nsw2u.com/wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115

104.21.88.34

200 OK

588 B

URL GET HTTP/3
nsw2u.com/wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (590), with no line terminators
Size
588 B (588 bytes)
Hash
072681a33ce7210615bd105a4a4ad160
de2827a281b89704e5d34e16dd29527302437d07
ca2b92d6682e943ae7db0898c6221cd9b25a002626fdf43ef49db19a764f29a5

HTTP Headers

GET /wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=880
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 28622
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NsfxaqcCbf0vQAyId9qBOON6eH5rYx%2B1QxTjEXbOEvyclqPEWWh00F9ZbOJ4SA74wcQzB3FMj9RrfnZOqojSHCYwg1%2BReGmqbdarCEMwVzBm8bPCFAGgPsIuFQ0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8265e10d2ee2b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1694673843

104.21.88.34

200 OK

5.9 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1694673843
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (5952), with no line terminators
Size
5.9 kB (5920 bytes)
Hash
5ecc149f83c93130e779865519676bb8
e5227e6c4788ddcc459943bc0cf12556f85cf1a3
10d610f0fe2c2cf9516ef64a62bd09f01fec2f489ff2abe76d62aee5131497e4

HTTP Headers

GET /wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1694673843 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=10733
expires: max-age=A10368000, public
last-modified: Thu, 14 Sep 2023 06:44:03 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 26785
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xp245uBRfDpAEyvqG3%2Fv%2BVoXZYGNfn7wosMQh99x3XVkWpPpDcWplKlKwnwB0RVlhLwn6s%2BhkqsM3h%2FmkEWDdDKKlQa5W5d2MOYwMrWQdHvWh7ZisJe0qE7Bi8s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8265e10cfeb7b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

i0.wp.com/images.vfl.ru/ii/1692466089/24d36bc8/38995517.jpg?resize=200%2C200&ssl=1

192.0.77.2

200 OK

9.6 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1692466089/24d36bc8/38995517.jpg?resize=200%2C200&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
9.6 kB (9636 bytes)
Hash
6bb6b1c02ea1cb9a4a4c74619c128eb0
336be32487f51e2561d2a3e14fc0accaac2e7ad8
dfc2f048571b25e928ad2967410a951bac6c9c5df466f1800ea4db005e36442e

HTTP Headers

GET /images.vfl.ru/ii/1692466089/24d36bc8/38995517.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:14 GMT
content-type: image/webp
content-length: 9636
last-modified: Sun, 12 Nov 2023 14:43:48 GMT
expires: Wed, 12 Nov 2025 02:43:48 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1692466089/24d36bc8/38995517.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "c9cf56e5874d4c26"
vary: Accept
x-nc: HIT arn 8
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=200%2C200&ssl=1&resize=200%2C200

192.0.77.2

200 OK

2.7 kB

URL GET HTTP/2
i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=200%2C200&ssl=1&resize=200%2C200
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.7 kB (2734 bytes)
Hash
ae58f5f8d93958f30ee4edffe1e3c6bb
7957b10b6f0faabd5ffc655a9698ca0bbc6bd708
dd21bb2f24c912107f1df2b4f6adc9ac747047e1c911a4f5319aa8966e532f1c

HTTP Headers

GET /nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=200%2C200&ssl=1&resize=200%2C200 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:14 GMT
content-type: image/webp
content-length: 2734
last-modified: Sun, 12 Nov 2023 16:29:32 GMT
expires: Wed, 12 Nov 2025 04:29:32 GMT
cache-control: public, max-age=63115200
link: <https://nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png>; rel="canonical"
x-content-type-options: nosniff
etag: "3702322264174c55"
vary: Accept
x-nc: HIT arn 8
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

c0.wp.com/c/6.4.1/wp-includes/js/dist/url.min.js

192.0.77.37

200 OK

9.6 kB

URL GET HTTP/2
c0.wp.com/c/6.4.1/wp-includes/js/dist/url.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (11016), with no line terminators
Size
9.6 kB (9629 bytes)
Hash
1182019e3541cbb1ae0c57a02c77e3c2
03fce017e1ba2a5c745e57ab4a021af36c68a60a
93e8a741e2ef129ebe45332d38120ba5d425d50386c9c5e6df73e60d768756db

HTTP Headers

GET /c/6.4.1/wp-includes/js/dist/url.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 26 Sep 2023 14:23:26 GMT
content-encoding: br
expires: Thu, 14 Nov 2024 07:46:12 GMT
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

c0.wp.com/c/6.4.1/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js

192.0.77.37

200 OK

8.2 kB

URL GET HTTP/2
c0.wp.com/c/6.4.1/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (8365), with no line terminators
Size
8.2 kB (8171 bytes)
Hash
08e6714eaf3cfe8f3c7839f22d90ba4e
94fdad68854d0d3482b877aef7ba7c2eb265c621
e424039d5a737a1bda8a5ded60919e5067085729310762eebb09c20e07d249c8

HTTP Headers

GET /c/6.4.1/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 18 Jan 2023 11:16:33 GMT
content-encoding: br
expires: Thu, 14 Nov 2024 07:46:12 GMT
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

142.250.74.2

200 OK

153 kB

URL GET HTTP/2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP
142.250.74.2:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint30:DF:10:0D:E2:AE:CA:7A:5E:20:03:00:80:D2:EB:DD:4D:3A:F3:10
ValidityMon, 16 Oct 2023 08:02:29 GMT - Mon, 08 Jan 2024 08:02:28 GMT

File type
ASCII text, with very long lines (3968)
Size
153 kB (152935 bytes)
Hash
1a986a9a8d9b515ce7247dc5db402885
018f7fee3520f92c0d4aa79b87476b154bd4199b
31d270b65d0e4352ba19ca7455bfb6cb213bd518ed0f7c5bc3b1d317f312d2b5

HTTP Headers

GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 15 Nov 2023 07:46:14 GMT
expires: Wed, 15 Nov 2023 07:46:14 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 10271772397554648527
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 52695
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1695333094/924a0c46/39014176.jpg?resize=200%2C200&ssl=1

192.0.77.2

200 OK

7.7 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1695333094/924a0c46/39014176.jpg?resize=200%2C200&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
7.7 kB (7680 bytes)
Hash
83950dc98664645552ea6ea7040aec86
2d29be4d2a6c417bd446cf7852df0febf05b7e12
9c565808fa98fa2e0d1eb143a14723223019725fac90dedda99f405741f725f8

HTTP Headers

GET /images.vfl.ru/ii/1695333094/924a0c46/39014176.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:14 GMT
content-type: image/webp
content-length: 7680
last-modified: Mon, 13 Nov 2023 09:53:49 GMT
expires: Wed, 12 Nov 2025 21:53:49 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1695333094/924a0c46/39014176.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "49bf185e27c237a9"
vary: Accept
x-nc: HIT arn 6
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.css?minify=false&ver=51faa0beb0a072f9ab2c

104.21.88.34

200 OK

37 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.css?minify=false&ver=51faa0beb0a072f9ab2c
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type

Size
37 kB (36667 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.css?minify=false&ver=51faa0beb0a072f9ab2c HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0; _ga_V5K7GYT3S4=GS1.1.1700034374.1.0.1700034374.0.0.0; _ga=GA1.1.1058960485.1700034374; _ga_HS5Y0K7QPG=GS1.1.1700034374.1.0.1700034374.0.0.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:14 GMT
content-type: text/css
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=36682
expires: max-age=A10368000, public
last-modified: Tue, 14 Nov 2023 03:58:21 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 28624
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TShOV5EJXl8iFiu6UGgNwnONpTi2FsWj5d9gLmgfw%2Ff9MPimFaId5B6W4PBrkC99%2Fddaj92yic2Gq4S%2BK4uB3M9bhUQa2sPHgDJUOMimFN6XWIE57hcpzH47NRw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8265e1183943b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/css/lazyload.css?ver=4.5.1

104.21.88.34

200 OK

181 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/css/lazyload.css?ver=4.5.1
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with no line terminators
Size
181 B (181 bytes)
Hash
2b1417b2c8b1f76a0616ff553bf38296
d84080cdc7bd11cf7c56c306c42476c1d53e0554
0b94682b8ee56671ee8d7cd5c49de744ec21d7d5d036ce9d4007a8899037f418

HTTP Headers

GET /wp-content/plugins/featured-image-from-url/includes/html/css/lazyload.css?ver=4.5.1 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:11 GMT
content-type: text/css
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=399
expires: max-age=A10368000, public
last-modified: Fri, 20 Oct 2023 08:20:23 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 28622
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AJ7QHf8L5JOk0rmAhnN3cVQKyqpw5c%2FnSaKW1CxA6IDeRTQOc7gjsUojDrhz2KOdqU1Dv3%2FJzsxo2A5AokJBFL04n7O45%2BwVaq17HR073yzJqCFHVx2%2FAdNGgWs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8265e10609f4b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=UA-262573192-2

142.250.74.168

200 OK

190 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-262573192-2
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint3B:1D:9C:59:AC:F8:2F:47:8A:C6:AE:4F:88:F0:8D:84:C7:6A:47:DA
ValidityMon, 16 Oct 2023 08:02:30 GMT - Mon, 08 Jan 2024 08:02:29 GMT

File type
ASCII text, with very long lines (4179)
Size
190 kB (190055 bytes)
Hash
ea0b63a7d7dae6b7ba81a70918aa25f3
c1f36a565695d2e4484a3edac9fbd7d0f60e67dd
0e2e3083affbb1d7d5185ca8b76d8fe3c374c90e9d00ce746f6b3338bd23e256

HTTP Headers

GET /gtag/js?id=UA-262573192-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 15 Nov 2023 07:46:13 GMT
expires: Wed, 15 Nov 2023 07:46:13 GMT
cache-control: private, max-age=900
last-modified: Wed, 15 Nov 2023 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 68658
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

nukeluck.net/tag.min.js

139.45.197.243

200 OK

81 kB

URL GET HTTP/2
nukeluck.net/tag.min.js
IP
139.45.197.243:443
ASN
#9002 RETN Limited

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnukeluck.net
Fingerprint10:9E:8F:E3:6A:F8:48:21:94:4C:23:4D:4E:96:D5:07:46:36:8E:4F
ValiditySun, 08 Oct 2023 09:09:43 GMT - Sat, 06 Jan 2024 09:09:42 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
81 kB (80825 bytes)
Hash
5abde0fc3b9699dc0a48fcdcf03f2880
03cfe23ab6807bb8bfc6e0fa14ef8107154febbb
c4e8315404a215de9334442d12b72ebe5d3efaa06a50178db327c1493fdae168

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: nukeluck.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:14 GMT
content-type: text/javascript; charset=utf-8
content-length: 25507
content-encoding: br
x-trace-id: 0d2a6f1d2458fe9cce2eba45f882b337
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Mon, 13 Nov 2023 09:21:54 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.4355804617655903

192.0.76.3

200 OK

50 B

URL GET HTTP/2
pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.4355804617655903
IP
192.0.76.3:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
GIF image data, version 89a, 6 x 5\012- data
Size
50 B (50 bytes)
Hash
e4d673a55c5656f19ef81563fb10884c
1f2d8ed221d39329251ad3a6ff1edb20b7219443
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

HTTP Headers

GET /g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.4355804617655903 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:14 GMT
content-type: image/gif
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.core.js

104.21.88.34

200 OK

6.2 kB

URL GET HTTP/3
nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.core.js
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (6226), with no line terminators
Size
6.2 kB (6191 bytes)
Hash
321164d87fc8518009a6486a0090c547
b74dbdae6d36388be2631415b8024257c374a969
0bf8b102a09469a034a25023c219681a4c5e2eee57906832a56279cd41c96272

HTTP Headers

GET /wp-content/themes/posterpro/foundation/js/foundation.core.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=13696
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 26563
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ht1%2BcXVStnwAPJ9XW7IuLmBzyw%2FJOcAPyXN3gPuOVfFbkPGt7YoguGCjRoaNHZ%2BgH115R6zuw5Egw0zBwQhEM5SA%2B9yowAHApKsui36vXB90rs9Nc3zuEww%2B%2Bm0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8265e10d2ee1b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.32

104.21.88.34

200 OK

23 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.32
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with no line terminators
Size
23 B (23 bytes)
Hash
e509c98a0bcad0ce8e6248ac8eb31de1
ec5fe203df631088270b5f2b0b7a85498a2aeb8b
352ea4dd2d545563bef7eb0ba6d6ebfe4bc9d9e51ab00d9c925cb9e103edee63

HTTP Headers

GET /wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.32 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
content-length: 23
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=25
expires: max-age=A10368000, public
last-modified: Wed, 01 Nov 2023 03:59:20 GMT
cf-cache-status: HIT
age: 28622
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ElD819QhavjArYoqzgpKCgkZtq30UErUqTRiWw8U%2FFUjaQZfiAqzPmllx7eIPzggpfA4GP3U%2BJFJrUhkOpHnfCc%2F8RBcCbXCjsGtCjP3GHRJo%2FmgXySU8jAYZrI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8265e10c8e68b505-OSL
alt-svc: h3=":443"; ma=86400

192.243.59.13

307 Temporary Redirect

3.5 kB

URL GET HTTP/1.1
tenderlywomblink.com/watch.1536299683936.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22pok%C3%A9mon%22%2C%22scarlet%22%2C%22switch%22%2C%22nsp%22%2C%22xci%22%2C%22nsw2u%22%2C%22com%22%5D&refer=https%3A%2F%2Fnsw2u.com%2Fpokemon-scarlet-switch-nsp-xci-v201&tz=0&dev=e&res=14.2079&uuid=b06cf357-b568-439d-8b23-81ed3a606a25%3A2%3A1
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjecttenderlywomblink.com
Fingerprint63:B0:65:78:CF:23:17:27:6B:A3:F1:69:58:42:AB:29:22:50:52:DA
ValidityFri, 03 Nov 2023 10:31:57 GMT - Thu, 01 Feb 2024 10:31:56 GMT

File type

Size
3.5 kB (3492 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1536299683936.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22pok%C3%A9mon%22%2C%22scarlet%22%2C%22switch%22%2C%22nsp%22%2C%22xci%22%2C%22nsw2u%22%2C%22com%22%5D&refer=https%3A%2F%2Fnsw2u.com%2Fpokemon-scarlet-switch-nsp-xci-v201&tz=0&dev=e&res=14.2079&uuid=b06cf357-b568-439d-8b23-81ed3a606a25%3A2%3A1 HTTP/1.1
Host: tenderlywomblink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Wed, 15 Nov 2023 07:46:14 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://nsw2u.com
Access-Control-Allow-Origin: https://nsw2u.com
Access-Control-Allow-Credentials: true
Location: https://tenderlywomblink.com/watch.1536299683936.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22pok%C3%A9mon%22%2C%22scarlet%22%2C%22switch%22%2C%22nsp%22%2C%22xci%22%2C%22nsw2u%22%2C%22com%22%5D&refer=https%3A%2F%2Fnsw2u.com%2Fpokemon-scarlet-switch-nsp-xci-v201&tz=0&dev=e&res=14.2079&uuid=b06cf357-b568-439d-8b23-81ed3a606a25%3A2%3A1&shu=7f91c69806808485c9339ef625afd7272d11ca881d1f0926e2c352fd5193c1fe8cfd9c660d1478201dc4effb50c18e454a69e44e759d4145b2b9e41cb4dd8ed53627f726ba115870d8ee4fa43bfc5b419120791165662cb15face78d18b791&pst=1700034434&rmtc=t
Set-Cookie: u_pl=19067264; expires=Thu, 16 Nov 2023 07:46:14 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTA2NzI2NCwiayI6ImE0NTkyMmZhNDk2Njk1NWNlY2RmZmJkZGU1MzQ3YWU1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNDQ5ODA3LCJwaWQiOjE2MjY3OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjozMiwicHQiOjQsInBrIjoibWh2ZzFhbXRhIiwiY3BrcyI6eyAiMjgiOiJlZDZjYTVlYjhhYmM5YTg2NGZmYTM5MTE1Nzk5YjY0MSIsIjI5IjoiM2EyMjZhNjY0MGE2NDQ2ZGJjN2NkYzk2ZWNjNmIzZTgifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjE3OTA4ODk0OCwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMjQzODYsImJuIjoiRmlyZWZveCIsImJ2IjoiMTExLjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9uc3cydS5jb20vcG9rZW1vbi1zY2FybGV0LXN3aXRjaC1uc3AteGNpLXYyMDEifX0.tI9SkPF-FxRvsF5p31NvmEZxnVotPBSlF3dbRtB9Li4; expires=Wed, 15 Nov 2023 07:47:14 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0e417a7489e537108d843e8e8d732bac
Strict-Transport-Security: max-age=0; includeSubdomains

nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.5.1

104.21.88.34

200 OK

5.3 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.5.1
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (5375), with no line terminators
Size
5.3 kB (5332 bytes)
Hash
7c9f427c3cfca6c5eac34a30c424d274
a5c957de7d44541200b323faa367eacfe745ac45
e7732b32debdbb9716a65f31ecc426f0e704a8fdeedcb0049b3015a507d26aed

HTTP Headers

GET /wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.5.1 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=8005
expires: max-age=A10368000, public
last-modified: Fri, 20 Oct 2023 08:20:23 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 26800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0cDedscHycvY0BqlrHN%2FtV1S7g4Y9QNAlxgzSN%2FxVTrCVZsxSFTp6TWpQyvliR45eC0%2Bs0dTlC2hoWGFBSNQuBH24dxxduqki%2BPcLWOfxk7pjKp6Gr0w0%2FMAUII%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8265e10d0ec5b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

i0.wp.com/images.vfl.ru/ii/1698869969/975fdc2d/39049203.jpg?resize=200%2C200&ssl=1

192.0.77.2

200 OK

8.3 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1698869969/975fdc2d/39049203.jpg?resize=200%2C200&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
8.3 kB (8298 bytes)
Hash
51569663038f8f6353b9eaaea5b5036a
cd955cc0204b005b7aff88024bec7e5bfc4a60f9
b53ab91d292e06b360cd1692d2316fff980992fe0aede0d83776396febac4bd3

HTTP Headers

GET /images.vfl.ru/ii/1698869969/975fdc2d/39049203.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:14 GMT
content-type: image/webp
content-length: 8298
last-modified: Tue, 14 Nov 2023 14:41:22 GMT
expires: Fri, 14 Nov 2025 02:41:22 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1698869969/975fdc2d/39049203.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "629459c18a4b7cc9"
vary: Accept
x-nc: HIT arn 4
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=a812fafe63c2ca6c059f

104.21.88.34

200 OK

77 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=a812fafe63c2ca6c059f
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type

Size
77 kB (77225 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=a812fafe63c2ca6c059f HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0; _ga_V5K7GYT3S4=GS1.1.1700034374.1.0.1700034374.0.0.0; _ga=GA1.1.1058960485.1700034374; _ga_HS5Y0K7QPG=GS1.1.1700034374.1.0.1700034374.0.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:14 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=77230
expires: max-age=A10368000, public
last-modified: Tue, 14 Nov 2023 03:58:21 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 26800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pk17ZPnh%2BfO1ZnNF7gGtxh7TOasf%2FbW64GAreOca1fClye%2FX%2F1%2FRisBm6WzQsiZv6R791GzK1ND5NJBywpnwDYOuChgArhJdNbC12ek8AThBtny0a7oYNT2Mc7s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8265e118393eb505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nukeluck.net/?rb=Yp-nvXin9kOQqHEd8Jpsol3OkdrYBHXwxxVtLLuznOTQUyxAbM6EHP5TJ2R4XMMj4FpmLiKoAT1vWaNlX7ouPtt0a_qK0JMSBDnqTj8GZiGAt5VdPrlXr8y3AbWVQsrcZx1L-O-uPMajsdPh-c0tt504pxHCxZakCB4hFD3lBvL0kuEHkLhXj-X5CVmZKeiaudXqALZ6nWHJxtZkyrCvXg%3D%3D&request_ab2=0&zoneid=3812660&js_build=iclick-1.627.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=2&pl=https%3A%2F%2Fnsw2u.com%2Fpokemon-scarlet-switch-nsp-xci-v201&drf=https%3A%2F%2Fnsw2u.com%2Fpokemon-scarlet-switch-nsp-xci-v201%3F__cf_chl_tk%3D3bfMvs9oQLJ5YXwC8wTDq2xN.48t4pS0OxSRMrYesvM-1700034367-0-gaNycGzNCvs&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-1.627.0&bs=8db5d7e0-6833-4aa5-93eb-1ce7002a03a9&userId=ee5374c82c19416db62a65edb55afa0b&m=link

139.45.197.243

200 OK

2.4 kB

URL GET HTTP/2
nukeluck.net/?rb=Yp-nvXin9kOQqHEd8Jpsol3OkdrYBHXwxxVtLLuznOTQUyxAbM6EHP5TJ2R4XMMj4FpmLiKoAT1vWaNlX7ouPtt0a_qK0JMSBDnqTj8GZiGAt5VdPrlXr8y3AbWVQsrcZx1L-O-uPMajsdPh-c0tt504pxHCxZakCB4hFD3lBvL0kuEHkLhXj-X5CVmZKeiaudXqALZ6nWHJxtZkyrCvXg%3D%3D&request_ab2=0&zoneid=3812660&js_build=iclick-1.627.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=2&pl=https%3A%2F%2Fnsw2u.com%2Fpokemon-scarlet-switch-nsp-xci-v201&drf=https%3A%2F%2Fnsw2u.com%2Fpokemon-scarlet-switch-nsp-xci-v201%3F__cf_chl_tk%3D3bfMvs9oQLJ5YXwC8wTDq2xN.48t4pS0OxSRMrYesvM-1700034367-0-gaNycGzNCvs&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-1.627.0&bs=8db5d7e0-6833-4aa5-93eb-1ce7002a03a9&userId=ee5374c82c19416db62a65edb55afa0b&m=link
IP
139.45.197.243:443
ASN
#9002 RETN Limited

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnukeluck.net
Fingerprint10:9E:8F:E3:6A:F8:48:21:94:4C:23:4D:4E:96:D5:07:46:36:8E:4F
ValiditySun, 08 Oct 2023 09:09:43 GMT - Sat, 06 Jan 2024 09:09:42 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2419), with no line terminators
Size
2.4 kB (2389 bytes)
Hash
4e7f17cd1e7d2819250f3a739718a2f3
5853abcece1fdb38797f045d9b4029b102d41753
c56dbbe2acbf74ea5ea597d3fde7b56d41035d7cef1c3f797b2e32a04b8993e7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=Yp-nvXin9kOQqHEd8Jpsol3OkdrYBHXwxxVtLLuznOTQUyxAbM6EHP5TJ2R4XMMj4FpmLiKoAT1vWaNlX7ouPtt0a_qK0JMSBDnqTj8GZiGAt5VdPrlXr8y3AbWVQsrcZx1L-O-uPMajsdPh-c0tt504pxHCxZakCB4hFD3lBvL0kuEHkLhXj-X5CVmZKeiaudXqALZ6nWHJxtZkyrCvXg%3D%3D&request_ab2=0&zoneid=3812660&js_build=iclick-1.627.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=2&pl=https%3A%2F%2Fnsw2u.com%2Fpokemon-scarlet-switch-nsp-xci-v201&drf=https%3A%2F%2Fnsw2u.com%2Fpokemon-scarlet-switch-nsp-xci-v201%3F__cf_chl_tk%3D3bfMvs9oQLJ5YXwC8wTDq2xN.48t4pS0OxSRMrYesvM-1700034367-0-gaNycGzNCvs&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-1.627.0&bs=8db5d7e0-6833-4aa5-93eb-1ce7002a03a9&userId=ee5374c82c19416db62a65edb55afa0b&m=link HTTP/1.1
Host: nukeluck.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nsw2u.com/
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Cookie: OAID=ee5374c82c19416db62a65edb55afa0b; oaidts=1700034374
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:15 GMT
content-type: application/json
x-trace-id: e7869f8d31ecc837761c5dff9c572191
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://nsw2u.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=ee5374c82c19416db62a65edb55afa0b; expires=Thu, 14 Nov 2024 07:46:14 GMT; path=/; secure; SameSite=None
oaidts=1700034374; expires=Thu, 14 Nov 2024 07:46:14 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Wed, 22 Nov 2023 07:46:14 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

c0.wp.com/c/6.4.1/wp-includes/js/mediaelement/wp-mediaelement.min.css

192.0.77.37

200 OK

4.2 kB

URL GET HTTP/2
c0.wp.com/c/6.4.1/wp-includes/js/mediaelement/wp-mediaelement.min.css
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (4186), with no line terminators
Size
4.2 kB (4186 bytes)
Hash
ea958276b7de454bd3c2873f0dc47e5f
b143f6e8e8f79d8f104c26b0057ef5514d763219
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

HTTP Headers

GET /c/6.4.1/wp-includes/js/mediaelement/wp-mediaelement.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:11 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
content-encoding: br
expires: Thu, 14 Nov 2024 07:46:11 GMT
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

c0.wp.com/c/6.4.1/wp-includes/js/jquery/jquery-migrate.min.js

192.0.77.37

200 OK

14 kB

URL GET HTTP/2
c0.wp.com/c/6.4.1/wp-includes/js/jquery/jquery-migrate.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (13479)
Size
14 kB (13577 bytes)
Hash
9ffeb32e2d9efbf8f70caabded242267
3ad0c10e501ac2a9bfa18f9cd7e700219b378738
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

HTTP Headers

GET /c/6.4.1/wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 09 Jun 2023 05:49:24 GMT
content-encoding: br
expires: Thu, 14 Nov 2024 07:46:12 GMT
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1682670498/e2628a74/38887693.jpg?resize=200%2C200&ssl=1

192.0.77.2

200 OK

12 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1682670498/e2628a74/38887693.jpg?resize=200%2C200&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
12 kB (11548 bytes)
Hash
40ee351733ab49e6333c8cd8f9204f0e
5ea00d07554f9b5d5670eb20be3fe207a842a042
61a456ab20d2baa18d82a7e7347b91050f418e744e432bb1fe0060bf968d28ed

HTTP Headers

GET /images.vfl.ru/ii/1682670498/e2628a74/38887693.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:14 GMT
content-type: image/webp
content-length: 11548
last-modified: Tue, 14 Nov 2023 21:47:27 GMT
expires: Fri, 14 Nov 2025 09:47:27 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1682670498/e2628a74/38887693.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "007571011c4d7d0a"
vary: Accept
x-nc: HIT arn 7
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/cache/wpfc-minified/7jrap5ys/5qz0r.js

104.21.88.34

200 OK

930 B

URL GET HTTP/3
nsw2u.com/wp-content/cache/wpfc-minified/7jrap5ys/5qz0r.js
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (948), with no line terminators
Size
930 B (930 bytes)
Hash
92a0f658ade1a0adb0087647807c2aa8
f1c28b9fb810292e99af27d045ecae634c54a8fe
c182cae7a9f370f7e086216462defa30da23ad1edf872c2a8e7a9ccf291e8f56

HTTP Headers

GET /wp-content/cache/wpfc-minified/7jrap5ys/5qz0r.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=1107
expires: max-age=A10368000, public
last-modified: Tue, 29 Aug 2023 11:06:03 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 28593
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I92GqOX%2F2GX6UqqhdpLVK0s0XQgpBamlcfoATtpQuT%2F6KgRXp6KT8Ci4sy5CgyBgRItCCxftQVbfl5KPhsQsLVJVtYpQDU7Vr7YZjkj8Pd1fdE6VbIZ7doWRVG8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8265e10d5f0cb505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

professionalswebcheck.com/stats

52.59.122.145

200 OK

40 B

URL GET HTTP/2
professionalswebcheck.com/stats
IP
52.59.122.145:443
ASN
#16509 AMAZON-02

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerAmazon
Subjectprofessionalswebcheck.com
Fingerprint75:E9:08:FD:96:58:C7:98:43:E8:21:27:A8:E9:B9:A4:55:28:F2:0C
ValidityWed, 30 Aug 2023 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
ab2b19da22e5b18e2dcd6e912faad56c
68a6dc0f79991ea47565d38b8eec75ec60e73c8e
1117679811f695b7e1ec90736e7be0694e5f69832f95f80af08f47a29c447ce8

HTTP Headers

GET /stats HTTP/1.1
Host: professionalswebcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 15 Nov 2023 07:46:14 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://nsw2u.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=b06cf357-b568-439d-8b23-81ed3a606a25:2:1; expires=Sat, 12 Nov 2033 07:46:14 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=cd1953e27d96b3ba0ce2

104.21.88.34

200 OK

78 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=cd1953e27d96b3ba0ce2
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type

Size
78 kB (78255 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=cd1953e27d96b3ba0ce2 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0; _ga_V5K7GYT3S4=GS1.1.1700034374.1.0.1700034374.0.0.0; _ga=GA1.1.1058960485.1700034374; _ga_HS5Y0K7QPG=GS1.1.1700034374.1.0.1700034374.0.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:14 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=78804
expires: max-age=A10368000, public
last-modified: Tue, 14 Nov 2023 03:58:21 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 27397
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CAk1JFV3tFyiDleiQZ3qztZ7dP8YsxnRnyZDwCR8%2F5To4I%2FmlHi8gihF4N%2F%2FB6sM8qznn0PGOsm0g%2F8%2FFhr9poh51e6ASetrIjp7s0ZOg29PMoIG0N5CF5dOhzw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8265e1183944b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

c0.wp.com/c/6.4.1/wp-includes/js/comment-reply.min.js

192.0.77.37

200 OK

3.0 kB

URL GET HTTP/2
c0.wp.com/c/6.4.1/wp-includes/js/comment-reply.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (3056), with no line terminators
Size
3.0 kB (2981 bytes)
Hash
dc7f90d513295c29acc441fe114a2cab
ca9e5069d9afc4aa13ab2e152313dfb476e842ef
f87915c58d8c25473c726646b58d2fe0ba9a136987571e6c810aba3c67b4f74c

HTTP Headers

GET /c/6.4.1/wp-includes/js/comment-reply.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 08 Apr 2022 20:07:18 GMT
content-encoding: br
expires: Thu, 14 Nov 2024 07:46:12 GMT
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

definedbootnervous.com/a45922fa4966955cecdffbdde5347ae5/invoke.js

173.233.137.36

200 OK

30 kB

URL GET HTTP/1.1
definedbootnervous.com/a45922fa4966955cecdffbdde5347ae5/invoke.js
IP
173.233.137.36:443
ASN
#7979 SERVERS-COM

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectdefinedbootnervous.com
FingerprintFE:CF:3A:96:3E:47:C4:AA:55:62:56:91:23:16:FC:0A:94:CC:D9:DC
ValidityTue, 19 Sep 2023 06:24:07 GMT - Mon, 18 Dec 2023 06:24:06 GMT

File type
exported SGML document, ASCII text, with very long lines (29673), with no line terminators
Size
30 kB (29673 bytes)
Hash
d8226b47aeba60d17416f4b170df0486
942e11fc46b370d0ce1bb677ec9bef4ade45b715
6cb7da6837b238677eb7442c70d2ffc1fdf0cdf25d5f24e6154bf797156f2dd5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /a45922fa4966955cecdffbdde5347ae5/invoke.js HTTP/1.1
Host: definedbootnervous.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 15 Nov 2023 07:46:14 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 36ba6756eb8f61a722ff22464a9d93e3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

nsw2u.com/wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.32

104.21.88.34

200 OK

110 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.32
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with no line terminators
Size
110 B (110 bytes)
Hash
70cd599fb1a952f67216cc82829f9ada
74cfae7f053f69abf2dce9cb74c962a83b8ba8bf
1fa8347df53b4287898f910b10e189b287e5610aa9d6cd322fb53d487b37a56d

HTTP Headers

GET /wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.32 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=112
expires: max-age=A10368000, public
last-modified: Wed, 01 Nov 2023 03:59:20 GMT
cf-cache-status: HIT
age: 28622
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X3zeeZfWp%2BKs120LWxCQwKCl6NBhMHJop9nUY%2Be22lfCLDLFyFiuBAJoxUkkEzHsnvPGJlLwvW6YnLMd7eBOImUQzGA8tqf7Iq0dNWjI7etbTQ6I5qlBbZmgYME%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8265e10cfeadb505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=c4973b0b0a57b1114aa1

104.21.88.34

200 OK

7.6 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=c4973b0b0a57b1114aa1
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (7804), with no line terminators
Size
7.6 kB (7553 bytes)
Hash
ba01c26c159ae9a8ae89dcdaa65ef979
364c1e48bedde76da660ac88a5513fc12eb6b248
9f3c484b0961d939951092f12ab6a70232f29f0213e77bd2f8abea3d88296e2c

HTTP Headers

GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=c4973b0b0a57b1114aa1 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/pokemon-scarlet-switch-nsp-xci-v201
Cookie: cf_clearance=w8MTQKp2gPBCiVzltHJpFPJcQYeeGzikSM2HT_2TgDY-1700034367-0-1-69b0ef05.6b0d8b6b.438cce4a-160.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 15 Nov 2023 07:46:12 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
cf-bgj: minify
expires: max-age=A10368000, public
last-modified: Tue, 14 Nov 2023 03:58:21 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 27398
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zkLkmpHoxI%2B21KH%2BJqPZ5%2BVnYw5TfWA0FlfForU%2BIgLUurrTCv2CaaR5pNN1TgejvroayQXz9ocAFNsEd%2F1PDumaSI17B4Dfz5Ya1qMOAogehHheE2LYzflZqCM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8265e10d2ee5b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (77)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP