| | 188.114.97.1 | 301 Moved Permanently | 0 B |
URL User Request GET HTTP/2IP 188.114.97.1:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: www.nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Sat, 21 Oct 2023 08:01:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 21 Oct 2023 09:01:12 GMT
Location: https://www.nsw2u.com/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jBP0YiuLYsoaI44h%2FuyBOyGs64hjfQZV25dwxbHPieGzEmlDbuBt2phx4SG5BeUl7r2GGXqgn7ygEhJJBZk9dJf4efoWmv86ZLYSFBT7WA4V5UkT6f8C%2FP%2FSmWNL7mz8"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8197f8a76d180b31-OSL
alt-svc: h2=":443"; ma=60
|
|
| | 188.114.96.1 | 301 Moved Permanently | 16 kB |
URL User Request GET HTTP/2IP 188.114.96.1:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File typePNG image data, 350 x 350, 8-bit colormap, non-interlaced\012- data Hash134fce13c189ed0e483a1bddb6406204 eed559ac52e9731c56a1fb03eb94fc82e551bb66 723597ec6e9461e79c420faf0454170cf6f9243246a4fac3cef5f05a4b5be791
GET / HTTP/1.1
Host: www.nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Sat, 21 Oct 2023 08:01:15 GMT
content-type: text/html; charset=UTF-8
location: https://nsw2u.com/
x-powered-by: PHP/7.4.20
x-redirect-by: WordPress
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mmp4R61WjY5ddkbUplLhdDBh8dkmbHXhKz4P96Ew1oWp88E5iLubDzQ6S2F1rHmpYwivK7BWG0AI9HM0yVxr4jizIFRreyLmMvfVxPFG%2B1w%2FnoqlrT9tGeOsr35loELs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f894ef48569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| nsw2u.com/wp-content/plugins/ad-inserter/images/ads.png | 172.67.150.79 | 200 OK | 95 B |
URL GET HTTP/3nsw2u.com/wp-content/plugins/ad-inserter/images/ads.png IP 172.67.150.79:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File typePNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data Hash71a50dbba44c78128b221b7df7bb51f1 0ec63b140374ba704a58fa0c743cb357683313dd 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
GET /wp-content/plugins/ad-inserter/images/ads.png HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: image/png
content-length: 95
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Fri, 22 Sep 2023 09:31:12 GMT
cf-cache-status: HIT
age: 40789
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uNlijq62CfsXIL6X1dwXCuiKFjDlkI62%2FUhHfTPQqQaHUefvo8elCvpmxh5nmiCR512%2F3BvgbBb58PnE9ypIAEMOvQgYmhrm02D7yd4LK8a%2FSVWh%2FLGuTdkxyLM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8197f8bddb5a56bf-OSL
alt-svc: h3=":443"; ma=86400
|
|
| i0.wp.com/images.vfl.ru/ii/1679750390/4e99e8e1/38826367.jpg?ssl=1 | 192.0.77.2 | 200 OK | 32 kB |
URL GET HTTP/2i0.wp.com/images.vfl.ru/ii/1679750390/4e99e8e1/38826367.jpg?ssl=1 IP 192.0.77.2:443
CertificateIssuerSectigo Limited Subject*.wp.com Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37 ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 549x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Hash3dde27351094fd110611b7099df7612d 1f8633afc647ab96114d9cd7b87b2e1bd9d73fae f7118208621987432e4309b2429b3ca26191166ec2b5b4dfab15204958f9de33
GET /images.vfl.ru/ii/1679750390/4e99e8e1/38826367.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: image/webp
content-length: 31608
last-modified: Sat, 25 Mar 2023 13:28:37 GMT
expires: Tue, 25 Mar 2025 01:28:37 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1679750390/4e99e8e1/38826367.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "5948b74d64865dea"
vary: Accept
x-nc: HIT arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| i0.wp.com/images.vfl.ru/ii/1696250976/cac8d0a1/39022607.jpg?ssl=1 | 192.0.77.2 | 200 OK | 44 kB |
URL GET HTTP/2i0.wp.com/images.vfl.ru/ii/1696250976/cac8d0a1/39022607.jpg?ssl=1 IP 192.0.77.2:443
CertificateIssuerSectigo Limited Subject*.wp.com Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37 ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 549x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Hash75c6cf85f705a0e0864e59824ab2c735 cab75b114fd4bfefe79a88008824f651801bd557 8e2a80cbd5c939e48360b46716bf1cd7598ad513f525a34ae9b2a3f549c0d18e
GET /images.vfl.ru/ii/1696250976/cac8d0a1/39022607.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: image/webp
content-length: 44016
last-modified: Mon, 02 Oct 2023 12:52:59 GMT
expires: Thu, 02 Oct 2025 00:52:59 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1696250976/cac8d0a1/39022607.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "88dd70ee97fb240b"
vary: Accept
x-nc: HIT arn 2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/nsw2u.png?w=216&ssl=1 | 192.0.77.2 | 200 OK | 2.8 kB |
URL GET HTTP/2i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/nsw2u.png?w=216&ssl=1 IP 192.0.77.2:443
CertificateIssuerSectigo Limited Subject*.wp.com Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37 ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image\012- data Hash948c6dc3d3c1e2e9d315418f6eabe2bf ed06ff1f0994f3be033f22d808241d3fcca9d1e8 3a2e29960ba6130c22ce96089a7592ae91b6a0d6a11595a10daaa9662522ad0b
GET /nsw2u.com/wp-content/uploads/2022/07/nsw2u.png?w=216&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: image/webp
content-length: 2836
last-modified: Sat, 24 Sep 2022 18:25:42 GMT
expires: Tue, 24 Sep 2024 06:25:42 GMT
cache-control: public, max-age=63115200
link: <https://nsw2u.com/wp-content/uploads/2022/07/nsw2u.png>; rel="canonical"
x-content-type-options: nosniff
etag: "0101732b85ce3bdc"
vary: Accept
x-nc: HIT arn 4
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| i0.wp.com/game-2u.com/wp-content/uploads/2023/09/An-Ankou-v0222d-PC.jpg?ssl=1 | 192.0.77.2 | 200 OK | 10 kB |
URL GET HTTP/2i0.wp.com/game-2u.com/wp-content/uploads/2023/09/An-Ankou-v0222d-PC.jpg?ssl=1 IP 192.0.77.2:443
CertificateIssuerSectigo Limited Subject*.wp.com Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37 ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 241x339, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Hash4194598bae0dc0733e8732ad557525c1 6c5be826efc0485a36d2e704bd55ca3356235c37 98b5857fef17bdee14fee745c166eff60e57d68b5419421f3e729a88701b29d5
GET /game-2u.com/wp-content/uploads/2023/09/An-Ankou-v0222d-PC.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: image/webp
content-length: 10288
last-modified: Wed, 18 Oct 2023 11:59:51 GMT
expires: Fri, 17 Oct 2025 23:59:51 GMT
cache-control: public, max-age=63115200
link: <https://game-2u.com/wp-content/uploads/2023/09/An-Ankou-v0222d-PC.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "f7ff9dbe7ff441fb"
vary: Accept
x-nc: HIT arn 3
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| i0.wp.com/game-2u.com/wp-content/uploads/2023/10/Block-Story-v1320-PC.jpg?ssl=1 | 192.0.77.2 | 200 OK | 12 kB |
URL GET HTTP/2i0.wp.com/game-2u.com/wp-content/uploads/2023/10/Block-Story-v1320-PC.jpg?ssl=1 IP 192.0.77.2:443
CertificateIssuerSectigo Limited Subject*.wp.com Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37 ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 241x339, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Hashbe4a35999a33329ce02169058d41f5c1 580f63153a5937d92680337f3e1bac5ff8e02251 bf3bcbce1e4cdcb640b3bd5444e8fcb71e61bb4d54470bc8d0d2b10cd54ed939
GET /game-2u.com/wp-content/uploads/2023/10/Block-Story-v1320-PC.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: image/webp
content-length: 11816
last-modified: Wed, 18 Oct 2023 11:59:51 GMT
expires: Fri, 17 Oct 2025 23:59:51 GMT
cache-control: public, max-age=63115200
link: <https://game-2u.com/wp-content/uploads/2023/10/Block-Story-v1320-PC.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "6567df7edcc776bd"
vary: Accept
x-nc: HIT arn 5
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| i0.wp.com/game-2u.com/wp-content/uploads/2023/10/Nomad-Survival-Build-12453970-PC.jpg?ssl=1 | 192.0.77.2 | 200 OK | 13 kB |
URL GET HTTP/2i0.wp.com/game-2u.com/wp-content/uploads/2023/10/Nomad-Survival-Build-12453970-PC.jpg?ssl=1 IP 192.0.77.2:443
CertificateIssuerSectigo Limited Subject*.wp.com Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37 ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 241x339, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Hash518a42734de4847b8e8afced91bc3690 92e38ccff041bf4d778d6bd7498794e31e397e28 fd61b63ed6182c7e773a661db675eb589eb5c857b52065ff00da50346fe2a7ae
GET /game-2u.com/wp-content/uploads/2023/10/Nomad-Survival-Build-12453970-PC.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: image/webp
content-length: 13324
last-modified: Wed, 18 Oct 2023 11:59:51 GMT
expires: Fri, 17 Oct 2025 23:59:51 GMT
cache-control: public, max-age=63115200
link: <https://game-2u.com/wp-content/uploads/2023/10/Nomad-Survival-Build-12453970-PC.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "e9a47ef70678dc8d"
vary: Accept
x-nc: HIT arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| i0.wp.com/images.vfl.ru/ii/1696928090/cd438cd8/39032848.jpg?ssl=1 | 192.0.77.2 | 200 OK | 42 kB |
URL GET HTTP/2i0.wp.com/images.vfl.ru/ii/1696928090/cd438cd8/39032848.jpg?ssl=1 IP 192.0.77.2:443
CertificateIssuerSectigo Limited Subject*.wp.com Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37 ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 549x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Hashd4928f7b25fded3f8d8a950e9d163f32 d3c246313c0b85eb96b9bea998baeb1c8da5a7c5 6590cb89e20fcfe488bf87db73a0a86d040513f68b0711e6456c0a0da091bce4
GET /images.vfl.ru/ii/1696928090/cd438cd8/39032848.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: image/webp
content-length: 42380
last-modified: Tue, 10 Oct 2023 09:05:01 GMT
expires: Thu, 09 Oct 2025 21:05:01 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1696928090/cd438cd8/39032848.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "1f81867bb8a4a38b"
vary: Accept
x-nc: HIT arn 1
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | | 472 B |
IP 142.250.74.131:0
Hashd2f53b5d45c5c1e3e0ed129981832d95 56847aa5bc4806bc9b5125cf8871c1d47fdeda82 e23cb6948acde29d8e68e2d56eaa1d77d5bb0ef7eefb908854950b91cb17808e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Oct 2023 08:01:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| c0.wp.com/c/6.3.2/wp-includes/css/dist/block-library/style.min.css | 192.0.77.37 | 200 OK | 13 kB |
URL GET HTTP/2c0.wp.com/c/6.3.2/wp-includes/css/dist/block-library/style.min.css IP 192.0.77.37:443
CertificateIssuerSectigo Limited Subject*.wp.com Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37 ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File typeASCII text, with very long lines (53449) Hash03c0f2128c8dd615b1691c168f1d4456 defa44bed1f35ec899cfd358ca911390bca53e67 67447c3656caad630373253691f3e8f64467eafd6e7305c9b0e98111b0b41694
GET /c/6.3.2/wp-includes/css/dist/block-library/style.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Wed, 19 Jul 2023 11:13:55 GMT
content-encoding: br
expires: Sun, 20 Oct 2024 08:01:16 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| nsw2u.com/wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.31 | 172.67.150.79 | 200 OK | 22 B |
URL GET HTTP/3nsw2u.com/wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.31 IP 172.67.150.79:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File typeASCII text, with no line terminators Hash41bd53fe0ee631d5cfd895e18a53291d 9d9d3c42c53ad7f906cb083a0d2d37afb4537764 dfb2e16986e257b608b45d14396378a8f2ac6a7321c0dc2f13c66a33ec8e4a40
GET /wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.31 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
content-length: 22
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=24
expires: max-age=A10368000, public
last-modified: Fri, 22 Sep 2023 09:31:13 GMT
cf-cache-status: HIT
age: 40788
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y%2BYva4JDNJYLYMz6gtVaK5gVYt16NuF7icm1Wme9lYT4LE6OB2otCBYrmuFO%2FEOvJOBkWDW54XsZ9eRcmRq%2F93WOKIe9wcrxnsL%2BxqRgITyqeRVXtMoH%2FCbFJJ8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8197f8c09d8556bf-OSL
alt-svc: h3=":443"; ma=86400
|
|
| nsw2u.com/wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.31 | 172.67.150.79 | 200 OK | 23 B |
URL GET HTTP/3nsw2u.com/wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.31 IP 172.67.150.79:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File typeASCII text, with no line terminators Hashe509c98a0bcad0ce8e6248ac8eb31de1 ec5fe203df631088270b5f2b0b7a85498a2aeb8b 352ea4dd2d545563bef7eb0ba6d6ebfe4bc9d9e51ab00d9c925cb9e103edee63
GET /wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.31 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
content-length: 23
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=25
expires: max-age=A10368000, public
last-modified: Fri, 22 Sep 2023 09:31:13 GMT
cf-cache-status: HIT
age: 40788
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2GtYbUldl4Y9GqP6x8KYERuj%2FtZREQkv%2BEbAw6fCRMJpHYQoVWUGPZdA8hBDJ9cCsX84ZHz3P9Qf2NoFYAX0pa4TEcEXxbldmHRLDAvz0s0LcIDnRWCeP5DyKqM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8197f8c09d8456bf-OSL
alt-svc: h3=":443"; ma=86400
|
|
| c0.wp.com/c/6.3.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css | 192.0.77.37 | 200 OK | 2.4 kB |
URL GET HTTP/2c0.wp.com/c/6.3.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css IP 192.0.77.37:443
CertificateIssuerSectigo Limited Subject*.wp.com Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37 ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File typeASCII text, with very long lines (11256), with no line terminators Hash2b0dd7eecea03b4bdedb94ba622fdb03 703becba85161118dd6fc66af465428ef43f561c b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
GET /c/6.3.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
content-encoding: br
expires: Sun, 20 Oct 2024 08:01:16 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.3.2 | 104.17.24.14 | 200 OK | 3.2 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.3.2 IP 104.17.24.14:443
CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeASCII text, with very long lines (7862) Hash45bacd312d5098b4b59f563d8756c15d fa55e2cff078381e5365d95782a95a787d0b7192 3d9120fa621da6d613c1698b7014ec6bdf4620366e8f2b7b547059f4b6f6272b
GET /ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.3.2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript; charset=utf-8
content-length: 3150
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64942b38-c4e"
last-modified: Thu, 22 Jun 2023 11:06:32 GMT
cf-cdnjs-via: cfworker/r2
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 4390506
expires: Thu, 10 Oct 2024 08:01:16 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ypLAx4XidPDCukkU%2BO%2F5KKKV%2Fx7ylJEKJylAj3u7MVO%2F5Xhu07LizNqVcZOpP2iZc6vzTNLjsxQ5JvwfpCa3lP3Yxr3b3uKQUb53R90Ay3wsBTwFWXwSGeVdIJOFQu0oTj8Xjvp9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8197f8c1086c56be-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| c0.wp.com/c/6.3.2/wp-includes/js/mediaelement/wp-mediaelement.min.css | 192.0.77.37 | 200 OK | 2.2 kB |
URL GET HTTP/2c0.wp.com/c/6.3.2/wp-includes/js/mediaelement/wp-mediaelement.min.css IP 192.0.77.37:443
CertificateIssuerSectigo Limited Subject*.wp.com Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37 ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File typeASCII text, with very long lines (4186), with no line terminators Hashea958276b7de454bd3c2873f0dc47e5f b143f6e8e8f79d8f104c26b0057ef5514d763219 2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
GET /c/6.3.2/wp-includes/js/mediaelement/wp-mediaelement.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
content-encoding: br
expires: Sun, 20 Oct 2024 08:01:16 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.3.2 | 104.17.24.14 | 200 OK | 677 B |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.3.2 IP 104.17.24.14:443
CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeASCII text, with very long lines (1845) Hashf6a3dd4ecbf227acbafcff33d68dc71d 7421115ddcd5d436b89a1fd27e0cdce5a01978e6 30b2271be76ee2dd43122d0611f8aa498b9781f4cd03904ca12e12d2e91e9421
GET /ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.3.2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript; charset=utf-8
content-length: 677
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "60641588-750"
last-modified: Wed, 31 Mar 2021 06:24:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 662209
expires: Thu, 10 Oct 2024 08:01:16 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AuxoJsxeRArM0yESAnQ2EvtwGz%2BYjX6bti7i9HroPKw8xKd7PO0cxDpGPrD6ZQC3YbGeuMOHDkB1jNYiJIXfTohDkfJeJifNlYwzy7xn9e2UKWshmQhJlDU%2BJkfXwSjv%2BiTCgjX0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8197f8c1288d56be-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| nsw2u.com/wp-content/themes/posterpro/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 | 172.67.150.79 | 200 OK | 77 kB |
URL GET HTTP/3nsw2u.com/wp-content/themes/posterpro/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 IP 172.67.150.79:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data Hashaf7ae505a9eed503f8b8e6982036873e d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
GET /wp-content/themes/posterpro/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/wp-content/cache/wpfc-minified/fhg2umku/5qz0r.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:17 GMT
content-type: application/font-woff2
content-length: 77160
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
cf-cache-status: HIT
age: 40403
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pP4UJb4Va7k39x%2Flb9bjYpx2XR6ddZbE9nr1afRjUIwxJOv6Tnm4Wi2ExTwgAAp2aphFbR4DWIfd6Zqa34MCibUeabimWU6sY%2FPWtNhB1NVsYkemL4gPSLnBLAc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8197f8c1be3c56bf-OSL
alt-svc: h3=":443"; ma=86400
|
|
| nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.5.1 | 172.67.150.79 | 200 OK | 3.8 kB |
URL GET HTTP/3nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.5.1 IP 172.67.150.79:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
Hash87015559c535c9314bb1a8d6ed05597e b9e3b22a2bd7457d044551d5126a29bae25489a9 e5903bfc201247ffb215a9c8ca6b66cf2b77d63dc7c7953937619535dd394a7e
GET /wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.5.1 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Fri, 20 Oct 2023 08:20:23 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pNTdRhUUBH7Y01kMHXvgE6k%2BciOIO8Uey2FcoX1vWrh%2BDHS3eHDlsc3J0jXU%2Fn1duj5kSHTRz2LHsJnBR0139q8wmGy1Tju8wHNOn3xuW7V23opDYDjTI99jpUc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8c0cda656bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?resize=405%2C155&ssl=1 | 192.0.77.2 | 200 OK | 7.7 kB |
URL GET HTTP/2i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?resize=405%2C155&ssl=1 IP 192.0.77.2:443
CertificateIssuerSectigo Limited Subject*.wp.com Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37 ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 405x155, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Hash1f2664d6059193e6c1a59ee7ef14d1a0 46542860abd849426ea23d66c601ff0888d735db f685610012cd711cdf0f3f186e878030c152058d3705dd751d6048d480bc2621
GET /images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?resize=405%2C155&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:17 GMT
content-type: image/webp
content-length: 7712
last-modified: Sat, 11 Jun 2022 22:08:00 GMT
expires: Tue, 11 Jun 2024 10:08:00 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "416c01d7e07bbbbf"
vary: Accept
x-nc: HIT arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=UA-262573192-2 | 142.250.74.168 | 200 OK | 69 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=UA-262573192-2 IP 142.250.74.168:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint81:B9:A4:E4:E4:84:05:A7:F6:52:4F:E2:74:27:36:05:0D:74:15:89 ValidityThu, 28 Sep 2023 05:26:20 GMT - Thu, 21 Dec 2023 05:26:19 GMT
File typeASCII text, with very long lines (4179) Hashe270f689d0703e72b7a58a610ac88d56 22097bcb9127b879722784c05d62a11fe7fc798c 2cb09ac6f8d66e2e4413534a01b5859ee201afaea65826d0f4b5a7f59bd3a9d7
GET /gtag/js?id=UA-262573192-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 21 Oct 2023 08:01:17 GMT
expires: Sat, 21 Oct 2023 08:01:17 GMT
cache-control: private, max-age=900
last-modified: Sat, 21 Oct 2023 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 69231
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=0aa4f53ecbe8911b5307 | 172.67.150.79 | 200 OK | 3.6 kB |
URL GET HTTP/3nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=0aa4f53ecbe8911b5307 IP 172.67.150.79:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File typeASCII text, with very long lines (7553), with no line terminators Hash70c183398322d73b50b8b4abece239a9 e79dec738456aa7882ffbaf481eb13849da7c227 969eb11be3a2271857373fe0e1424232f62f24ebc4cac8cd532c35d43634c046
GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=0aa4f53ecbe8911b5307 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 12 Oct 2023 20:06:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s9aaTQ5AwQd1DN1kcCiL5IQfDGgXZm1kn8AFwnOLUf3qVX4%2B55ObAtYdrVXzhJV36DmNDyZRVzI0XRK2bxXl53RAerjTrhg%2FGGFPL8cl6JhVaj4gxAj5x3iXdqA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8c0fdcc56bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=192%2C192&ssl=1 | 192.0.77.2 | 200 OK | 2.6 kB |
URL GET HTTP/2i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=192%2C192&ssl=1 IP 192.0.77.2:443
CertificateIssuerSectigo Limited Subject*.wp.com Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37 ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image\012- data Hash513677192f138c2aba3a3847c320f723 7ce5b67d80a2c2dedf8685b08547bcc8bf012f99 d60495bc835271423ec6445708aceb3a068ed6f2ebfd796a86c9f9e134ca1788
GET /nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=192%2C192&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:17 GMT
content-type: image/webp
content-length: 2568
last-modified: Sat, 24 Sep 2022 18:28:57 GMT
expires: Tue, 24 Sep 2024 06:28:57 GMT
cache-control: public, max-age=63115200
link: <https://nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png>; rel="canonical"
x-content-type-options: nosniff
etag: "deb437b05941c6de"
vary: Accept
x-nc: HIT arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=32%2C32&ssl=1 | 192.0.77.2 | 200 OK | 374 B |
URL GET HTTP/2i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=32%2C32&ssl=1 IP 192.0.77.2:443
CertificateIssuerSectigo Limited Subject*.wp.com Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37 ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image\012- data Hash43df8a9873aa31bb000672a677ac1640 4c1bcd8c3a797217d375df16b4bcab2d6a2763a3 d865b1c06cbff014e7c47cf5afb4332de4c95a537f86074e001b577c50aef07d
GET /nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=32%2C32&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:17 GMT
content-type: image/webp
content-length: 374
last-modified: Sat, 24 Sep 2022 18:25:44 GMT
expires: Tue, 24 Sep 2024 06:25:44 GMT
cache-control: public, max-age=63115200
link: <https://nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png>; rel="canonical"
x-content-type-options: nosniff
etag: "9a9a255d155ea6c0"
vary: Accept
x-nc: HIT arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| www.google-analytics.com/analytics.js | 142.250.74.110 | 200 OK | 21 kB |
URL GET HTTP/2www.google-analytics.com/analytics.js IP 142.250.74.110:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint81:B9:A4:E4:E4:84:05:A7:F6:52:4F:E2:74:27:36:05:0D:74:15:89 ValidityThu, 28 Sep 2023 05:26:20 GMT - Thu, 21 Dec 2023 05:26:19 GMT
File typeASCII text, with very long lines (2343) Hash575b5480531da4d14e7453e2016fe0bc e5c5f3134fe29e60b591c87ea85951f0aea36ee1 de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: object
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20994
date: Sat, 21 Oct 2023 07:48:51 GMT
expires: Sat, 21 Oct 2023 09:48:51 GMT
cache-control: public, max-age=7200
age: 746
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| nsw2u.com/wp-content/themes/posterpro/js/navigation.js?ver=20120206 | 172.67.150.79 | 200 OK | 82 kB |
URL GET HTTP/3nsw2u.com/wp-content/themes/posterpro/js/navigation.js?ver=20120206 IP 172.67.150.79:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
Hashc3a5b08af3e63049707797efe65eab86 f66ed251ef8c24614ff24376d472f2f394f7b93f d79752e33e156b5cb219ab45103fe0ed7d80f111533dd8eec42c57546b4da500
GET /wp-content/themes/posterpro/js/navigation.js?ver=20120206 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xpVRSiySaa9JQ5ziwSvKVjmRZiTRY6sZzUtpRolpsh1qhhIAQVFV72P%2FgMCGZnLt4p7rHL8jNBgDq1ujPOKi3Y2ib49DSGZ%2B5NhEiklXJzApe%2BdqSjObgsY%2Bol4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8c0fdcb56bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| nsw2u.com/wp-content/cache/wpfc-minified/6zu0bqmr/5qz0r.js | 172.67.150.79 | 200 OK | 78 kB |
URL GET HTTP/3nsw2u.com/wp-content/cache/wpfc-minified/6zu0bqmr/5qz0r.js IP 172.67.150.79:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File typeHTML document text\012- HTML document, ASCII text, with very long lines (2729) Hash351390b839bf683126e78afb44004636 5631ca683d75c60eb3dba2bed734716accbe5426 f9a6294ee0f29b05710d50c6f338bbf5465c1aa22a5d0a7a73e99bbe0845d4b0
GET /wp-content/cache/wpfc-minified/6zu0bqmr/5qz0r.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Tue, 29 Aug 2023 11:06:03 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bn1Zccocnm0b5dLarvofnEFjjnrb7fb5TVadfqHNVeqPOpXYbtRYzD1HzZTGLX1Esc5bDJztlT8vViWmTIC%2B%2FAWoGSrT4zRoTLUC99X47LKUN9BaXzWY4IbGttw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8c0fdd656bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| definedbootnervous.com/a45922fa4966955cecdffbdde5347ae5/invoke.js | 173.233.137.44 | 200 OK | 11 kB |
URL GET HTTP/1.1definedbootnervous.com/a45922fa4966955cecdffbdde5347ae5/invoke.js IP 173.233.137.44:443
CertificateIssuerLet's Encrypt Subjectdefinedbootnervous.com FingerprintFE:CF:3A:96:3E:47:C4:AA:55:62:56:91:23:16:FC:0A:94:CC:D9:DC ValidityTue, 19 Sep 2023 06:24:07 GMT - Mon, 18 Dec 2023 06:24:06 GMT
File typeexported SGML document, ASCII text, with very long lines (29673), with no line terminators Hashd87a182707920d7664c1ace9f12b53c1 1164f79c904bcd13669dbb0fe14ed1c8c941ff25 aaed11c14a669e672932b0d75843c883d05884f5a12a86084b85675d4f1f1fb2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /a45922fa4966955cecdffbdde5347ae5/invoke.js HTTP/1.1
Host: definedbootnervous.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 21 Oct 2023 08:01:18 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ea362c6438e42b9dec121918b9cbd0f9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| ocsp.r2m03.amazontrust.com/ | 143.204.53.97 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP 143.204.53.97:0
Hashc67f0a14b1fe40836817578c61608b30 a682e3e1de5c638f0521db86638bc192a2bc2edc 44d745eea6b121b9ff2b85520fcbd410c9a77dea8f58263d374e061572403301
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 21 Oct 2023 08:01:18 GMT
Last-Modified: Sat, 21 Oct 2023 06:16:06 GMT
Server: ECAcc (amb/6AB2)
X-Cache: Miss from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: QKlQIdlvDLUDHbJoBf_FB5XNwzl1DHRUuxQmzQ5MPiA9naX278-rzQ==
Age: 6312
|
|
| pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.6242979951594859 | 192.0.76.3 | 200 OK | 50 B |
URL GET HTTP/2pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.6242979951594859 IP 192.0.76.3:443
CertificateIssuerSectigo Limited Subject*.wp.com Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37 ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File typeGIF image data, version 89a, 6 x 5\012- data Hashe4d673a55c5656f19ef81563fb10884c 1f2d8ed221d39329251ad3a6ff1edb20b7219443 f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
GET /g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.6242979951594859 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:18 GMT
content-type: image/gif
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| | 172.67.150.79 | 200 OK | 0 B |
URL User Request GET HTTP/2IP 172.67.150.79:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD / HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Cookie: _ga_V5K7GYT3S4=GS1.1.1697875278.1.0.1697875278.0.0.0; _ga=GA1.1.1692317278.1697875279; _ga_HS5Y0K7QPG=GS1.1.1697875278.1.0.1697875278.0.0.0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:18 GMT
content-type: text/html
last-modified: Fri, 20 Oct 2023 20:36:49 GMT
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store, must-revalidate
pragma: no-cache
expires: Mon, 29 Oct 1923 20:30:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sz50yPvsCZYkEHX2KBV3iQrNL6oEjNETgc29WBPqGfd6nIibuG4BI1Y9n%2BZPbto1XXj6VI0B8hj%2BimCA2EoULbarCT%2FMoTaMM2B0fRZ20YuV1jtv5%2B2AZkv03FA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8ca9da856bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| professionalswebcheck.com/stats | 35.157.243.66 | 200 OK | 40 B |
URL GET HTTP/2professionalswebcheck.com/stats IP 35.157.243.66:443
CertificateIssuerAmazon Subjectprofessionalswebcheck.com Fingerprint75:E9:08:FD:96:58:C7:98:43:E8:21:27:A8:E9:B9:A4:55:28:F2:0C ValidityWed, 30 Aug 2023 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash8a2ed8630319def421de06ba54e7efd8 c2a855fb801188a66eb1840ff8c46ff153806ddf 5d24c3f89d60ef9647ff95bed78c26d707d4b0fda4ee658f5b658c0e566d02e5
GET /stats HTTP/1.1
Host: professionalswebcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 21 Oct 2023 08:01:18 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://nsw2u.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=8787e4ad-373a-416a-b5a3-9fd8a0395a58:3:1; expires=Tue, 18 Oct 2033 08:01:18 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | | 470 B |
IP 142.250.74.131:0
Hash9142cbcb95ede4fb11bec79d679d6044 13aa5fc30f8e08aa6d26044ef1138c1483c2cb61 764bd3e6e5e72e0c180472cbff2acbe4a0719beb2b32e4bbf037872b6f77d95c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 82
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Oct 2023 08:01:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 470
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/wp-polyfill.min.js | 192.0.77.37 | 200 OK | 31 kB |
URL GET HTTP/2c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/wp-polyfill.min.js IP 192.0.77.37:443
CertificateIssuerSectigo Limited Subject*.wp.com Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37 ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File typeUnicode text, UTF-8 text, with very long lines (16142), with no line terminators Hash94dfdbe80f36b3be63ce74ff1135b996 5e05077d99e736af42b2da70e428e7f7df556dd4 4c0ced2cb3830d045cdd74f745fd4d6dcb082d8edd3a9fe46e39295e30cb8032
GET /c/6.3.2/wp-includes/js/dist/vendor/wp-polyfill.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 27 Jun 2023 14:24:19 GMT
content-encoding: br
expires: Sun, 20 Oct 2024 08:01:16 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/regenerator-runtime.min.js | 192.0.77.37 | 200 OK | 53 kB |
URL GET HTTP/2c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/regenerator-runtime.min.js IP 192.0.77.37:443
CertificateIssuerSectigo Limited Subject*.wp.com Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37 ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File typeASCII text, with very long lines (6607), with no line terminators Hash9a4f28a615173df36cb84be2b345816e f709263841708d9e40268f24a0072ff4fe811b35 6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6
GET /c/6.3.2/wp-includes/js/dist/vendor/regenerator-runtime.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 07 Feb 2023 15:56:37 GMT
content-encoding: br
expires: Sun, 20 Oct 2024 08:01:16 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | | 470 B |
IP 142.250.74.131:0
Hash9142cbcb95ede4fb11bec79d679d6044 13aa5fc30f8e08aa6d26044ef1138c1483c2cb61 764bd3e6e5e72e0c180472cbff2acbe4a0719beb2b32e4bbf037872b6f77d95c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 82
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Oct 2023 08:01:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 470
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=1280&resize=1280&ssl=1 | 192.0.77.2 | 200 OK | 7.7 kB |
URL GET HTTP/2i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=1280&resize=1280&ssl=1 IP 192.0.77.2:443
CertificateIssuerSectigo Limited Subject*.wp.com Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37 ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 405x155, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Hash1f2664d6059193e6c1a59ee7ef14d1a0 46542860abd849426ea23d66c601ff0888d735db f685610012cd711cdf0f3f186e878030c152058d3705dd751d6048d480bc2621
GET /images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=1280&resize=1280&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:18 GMT
content-type: image/webp
content-length: 7712
last-modified: Sun, 19 Feb 2023 09:06:57 GMT
expires: Tue, 18 Feb 2025 21:06:57 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "95d72d4081ab31e0"
vary: Accept
x-nc: HIT arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| my.rtmark.net/gid.js?userId=0dd4d74c64f14d7e8acbb68fa2405f5a | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=0dd4d74c64f14d7e8acbb68fa2405f5a IP 139.45.195.8:443
CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42 ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT
File typeJSON data\012- , ASCII text Hash87d25646c27372f7475e9c2ce2d0dfd4 442f6c02db8c69aa7d3f68b197d44ab3517d568a 79d95bfed20b816cfda5c9af344644313fdf9824b79b7ae5ce80d69b340ee408
GET /gid.js?userId=0dd4d74c64f14d7e8acbb68fa2405f5a HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:19 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://nsw2u.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0dd4d74c64f14d7e8acbb68fa2405f5a; expires=Sun, 20 Oct 2024 08:01:19 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| c0.wp.com/c/6.3.2/wp-includes/js/dist/i18n.min.js | 192.0.77.37 | 200 OK | 74 kB |
URL GET HTTP/2c0.wp.com/c/6.3.2/wp-includes/js/dist/i18n.min.js IP 192.0.77.37:443
CertificateIssuerSectigo Limited Subject*.wp.com Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37 ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
Hashc2c4e2a562e06e1cb22293a5b920aca6 a7b5a369ac4883f1ee7fa701b238d20238b675ca 698e93fe491cc7bbf07a470579a33dbd0db53c19142b7be41ebfd39a23aef11f
GET /c/6.3.2/wp-includes/js/dist/i18n.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 28 Jun 2023 20:08:46 GMT
content-encoding: br
expires: Sun, 20 Oct 2024 08:01:16 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| images.vfl.ru/ii/1694604934/0d07e435/39009949.jpg | 78.24.223.39 | 200 OK | 57 kB |
URL GET HTTP/1.1images.vfl.ru/ii/1694604934/0d07e435/39009949.jpg IP 78.24.223.39:443
CertificateIssuerGoogle Trust Services LLC Subject*.vfl.ru FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04 ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.9], baseline, precision 8, 432x700, components 3\012- data Hash1b3e32337bbde3922e0e9f72aa72002d 100b45332c71a4eb2e6c66d6de40bcc83f29c989 e67f85bbe57ff956ee312dda7de903700030b79bb4ef76d09c192a5da9a33751
GET /ii/1694604934/0d07e435/39009949.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Oct 2023 08:01:19 GMT
Content-Type: image/jpeg
Content-Length: 56936
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Wed, 13 Sep 2023 11:35:34 GMT
ETag: "65019e86-de68"
Expires: Mon, 20 Nov 2023 08:01:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
|
|
| images.vfl.ru/ii/1692466089/24d36bc8/38995517.jpg | 78.24.223.39 | 200 OK | 67 kB |
URL GET HTTP/1.1images.vfl.ru/ii/1692466089/24d36bc8/38995517.jpg IP 78.24.223.39:443
CertificateIssuerGoogle Trust Services LLC Subject*.vfl.ru FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04 ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.9], baseline, precision 8, 432x700, components 3\012- data Hash81eb51e7c3a0df2a962b5b00d61669ff 42c531b818a0bc7e01c602c8668f21065d8cd67d 9ee994cfc66772056b1ae42f4012412d4a9f49fc8250c2c22153e54caed7b965
GET /ii/1692466089/24d36bc8/38995517.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Oct 2023 08:01:19 GMT
Content-Type: image/jpeg
Content-Length: 66636
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Sat, 19 Aug 2023 17:28:09 GMT
ETag: "64e0fba9-1044c"
Expires: Mon, 20 Nov 2023 08:01:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
|
|
| images.vfl.ru/ii/1696499345/2d834ce4/39025715.jpg | 78.24.223.39 | 200 OK | 46 kB |
URL GET HTTP/1.1images.vfl.ru/ii/1696499345/2d834ce4/39025715.jpg IP 78.24.223.39:443
CertificateIssuerGoogle Trust Services LLC Subject*.vfl.ru FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04 ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.10], baseline, precision 8, 432x700, components 3\012- data Hashd54f3e961e843224381b52420787300b b24ff4dd6ff0b3c210ac80ccec30d1612bfb2c70 230c8719f7ff0cd67d89b8c5052dcc864b6c7ebbb62bf2ec21228af727652049
GET /ii/1696499345/2d834ce4/39025715.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Oct 2023 08:01:19 GMT
Content-Type: image/jpeg
Content-Length: 45689
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Thu, 05 Oct 2023 09:49:05 GMT
ETag: "651e8691-b279"
Expires: Mon, 20 Nov 2023 08:01:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
|
|
| nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=a812fafe63c2ca6c059f | 172.67.150.79 | 200 OK | 110 kB |
URL GET HTTP/3nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=a812fafe63c2ca6c059f IP 172.67.150.79:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File typeUnicode text, UTF-8 text, with very long lines (65453) Size110 kB (109998 bytes) Hash3c7e73dd02f57abb6fec8fadea6e35b0 dfec9a1a86ae00e26c0067bd8c8b7ea4860239c8 d4e76d642b11df90fe1e33c420b70c975a23eebc7aea1416a272439ea9903019
GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=a812fafe63c2ca6c059f HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Cookie: _ga_V5K7GYT3S4=GS1.1.1697875278.1.0.1697875278.0.0.0; _ga=GA1.1.1692317278.1697875279; _ga_HS5Y0K7QPG=GS1.1.1697875278.1.0.1697875278.0.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:18 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 12 Oct 2023 20:06:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40790
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gm18x3vQkjrgRCDfNZseCU2kNRj%2B1kom3Adjl0y%2BYBnMjewJWTgXqjkTKKTOYgiGQsBZPoJbdkNBFRuCXlHl2VmfPRXeRDrhJds9vY6ln%2FYVRHx5GRaQ4bnA2LI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8cbaecf56bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| images.vfl.ru/ii/1692466506/8e093ade/38995519.jpg | 78.24.223.39 | 200 OK | 62 kB |
URL GET HTTP/1.1images.vfl.ru/ii/1692466506/8e093ade/38995519.jpg IP 78.24.223.39:443
CertificateIssuerGoogle Trust Services LLC Subject*.vfl.ru FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04 ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.9], baseline, precision 8, 432x700, components 3\012- data Hashf5ca0775d6b4c6d61ccb84d080eab5b3 71044f9bb69af45e4f171cf7e7c0ff3c9bcdfb1f a968f61a9dcb9774217eee6c6298381b912ef95f00d273c551485c5d73930696
GET /ii/1692466506/8e093ade/38995519.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Oct 2023 08:01:19 GMT
Content-Type: image/jpeg
Content-Length: 61571
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Sat, 19 Aug 2023 17:35:06 GMT
ETag: "64e0fd4a-f083"
Expires: Mon, 20 Nov 2023 08:01:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
|
|
| images.vfl.ru/ii/1696685701/62d0c090/39029484.jpg | 78.24.223.39 | 200 OK | 49 kB |
URL GET HTTP/1.1images.vfl.ru/ii/1696685701/62d0c090/39029484.jpg IP 78.24.223.39:443
CertificateIssuerGoogle Trust Services LLC Subject*.vfl.ru FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04 ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.10], baseline, precision 8, 432x700, components 3\012- data Hash8e7b79d6c30061407ac3d34ea574df2d 7a12a067aeb0a418da610f83c212cd64a82260e5 d6e68fb9216f1e77d3f45bbf91163ed3a0a88f4fd58f28d743c60e12be18e471
GET /ii/1696685701/62d0c090/39029484.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Oct 2023 08:01:19 GMT
Content-Type: image/jpeg
Content-Length: 49174
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Sat, 07 Oct 2023 13:35:01 GMT
ETag: "65215e85-c016"
Expires: Mon, 20 Nov 2023 08:01:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
|
|
| images.vfl.ru/ii/1696713535/648489ee/39029634.jpg | 78.24.223.39 | 200 OK | 31 kB |
URL GET HTTP/1.1images.vfl.ru/ii/1696713535/648489ee/39029634.jpg IP 78.24.223.39:443
CertificateIssuerGoogle Trust Services LLC Subject*.vfl.ru FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04 ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.10], baseline, precision 8, 412x667, components 3\012- data Hasha415bdab5e6150241178552746fe5d71 3cb9afec132f0cf1a88e83abc0b77614ee20f5b6 8155cd0c598eeeb3df53fc23087d819333a91d25521f7f8401241b279e13bf35
GET /ii/1696713535/648489ee/39029634.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Oct 2023 08:01:19 GMT
Content-Type: image/jpeg
Content-Length: 31191
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Sat, 07 Oct 2023 21:18:55 GMT
ETag: "6521cb3f-79d7"
Expires: Mon, 20 Nov 2023 08:01:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
|
|
| doruffleton.com/5/3812660/?oo=1&aab=1 | 139.45.197.244 | 200 OK | 1.3 kB |
URL GET HTTP/2doruffleton.com/5/3812660/?oo=1&aab=1 IP 139.45.197.244:443
CertificateIssuerLet's Encrypt Subjectdoruffleton.com Fingerprint8D:99:65:BD:FF:22:4C:6B:41:72:27:BC:29:02:01:7C:6F:06:33:89 ValiditySat, 07 Oct 2023 07:17:50 GMT - Fri, 05 Jan 2024 07:17:49 GMT
File typeJSON data\012- , ASCII text, with very long lines (2756), with no line terminators Hash6bcf3a49a877ba1ee3ab6d85348f8cb6 1aafea5d458d6b5157c80eb5d67eae1ee689a687 694f9b2b838b53ea9ad919dd21a495c9a9c59165128de7d69d4c91c2a6adde29
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /5/3812660/?oo=1&aab=1 HTTP/1.1
Host: doruffleton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:18 GMT
content-type: application/json
x-trace-id: 65ba9348faae0c67a029b3a59bf5637e
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://nsw2u.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0dd4d74c64f14d7e8acbb68fa2405f5a; expires=Sun, 20 Oct 2024 08:01:18 GMT; path=/; secure; SameSite=None
oaidts=1697875278; expires=Sun, 20 Oct 2024 08:01:18 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| overcrummythrift.com/ed/6c/a5/ed6ca5eb8abc9a864ffa39115799b641.js | 192.243.61.227 | 200 OK | 24 kB |
URL GET HTTP/1.1overcrummythrift.com/ed/6c/a5/ed6ca5eb8abc9a864ffa39115799b641.js IP 192.243.61.227:443
ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectovercrummythrift.com FingerprintC5:DE:2C:A4:57:98:D8:44:14:FB:0C:82:17:99:DA:E5:AB:8C:7D:C8 ValidityTue, 10 Oct 2023 08:21:33 GMT - Mon, 08 Jan 2024 08:21:32 GMT
File typeASCII text, with very long lines (60119) Hashd887ee21cc53720d63a4e09ce0fa4eeb b47652dfef4c396c54ea6d91c01c2b974096d3b9 f34d7e4d33660eb8ddc7b8926a0b8c2b1edb170cc5fd007ecf1a35abc352c0c2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ed/6c/a5/ed6ca5eb8abc9a864ffa39115799b641.js HTTP/1.1
Host: overcrummythrift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 21 Oct 2023 08:01:19 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-2814-3-layer=1; expires=Wed, 25 Oct 2023 08:01:19 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ec6d1a31e03f46caa16565b45fc48004
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=500&resize=500&ssl=1 | 192.0.77.2 | 200 OK | 7.7 kB |
URL GET HTTP/2i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=500&resize=500&ssl=1 IP 192.0.77.2:443
CertificateIssuerSectigo Limited Subject*.wp.com Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37 ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 405x155, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Hash1f2664d6059193e6c1a59ee7ef14d1a0 46542860abd849426ea23d66c601ff0888d735db f685610012cd711cdf0f3f186e878030c152058d3705dd751d6048d480bc2621
GET /images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=500&resize=500&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:19 GMT
content-type: image/webp
content-length: 7712
last-modified: Sun, 19 Feb 2023 09:06:19 GMT
expires: Tue, 18 Feb 2025 21:06:19 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "6b02d3dbdaa697a7"
vary: Accept
x-nc: HIT arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| overcrummythrift.com/watch.554176852134.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22nsw2u%22%2C%22com%22%2C%22download%22%2C%22switch%22%2C%22roms%22%2C%22eshop%22%2C%22nsp%22%2C%22xci%22%2C%22nsz%22%5D&refer=https%3A%2F%2Fnsw2u.com%2F&tz=0&dev=e&res=14.2079&uuid=8787e4ad-373a-416a-b5a3-9fd8a0395a58%3A3%3A1&shu=0f88ab52672ecd5a23615d10de272b6711ffb319fd29331a97a49cd190afa6c8fdc3e9b999e891fe3d76e46cfd62690ff627759e3339c50ffb9130c1ddd884acdd8d10201ea999b7ba46c8dc4a55f0ad9e47a3135afc1101baeeb0f46d7f94&pst=1697875339&rmtc=t | 192.243.61.227 | 200 OK | 2.1 kB |
URL GET HTTP/1.1overcrummythrift.com/watch.554176852134.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22nsw2u%22%2C%22com%22%2C%22download%22%2C%22switch%22%2C%22roms%22%2C%22eshop%22%2C%22nsp%22%2C%22xci%22%2C%22nsz%22%5D&refer=https%3A%2F%2Fnsw2u.com%2F&tz=0&dev=e&res=14.2079&uuid=8787e4ad-373a-416a-b5a3-9fd8a0395a58%3A3%3A1&shu=0f88ab52672ecd5a23615d10de272b6711ffb319fd29331a97a49cd190afa6c8fdc3e9b999e891fe3d76e46cfd62690ff627759e3339c50ffb9130c1ddd884acdd8d10201ea999b7ba46c8dc4a55f0ad9e47a3135afc1101baeeb0f46d7f94&pst=1697875339&rmtc=t IP 192.243.61.227:443
ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectovercrummythrift.com FingerprintC5:DE:2C:A4:57:98:D8:44:14:FB:0C:82:17:99:DA:E5:AB:8C:7D:C8 ValidityTue, 10 Oct 2023 08:21:33 GMT - Mon, 08 Jan 2024 08:21:32 GMT
File typeHTML document text\012- HTML document, ASCII text, with very long lines (2620) Hash099bfbf69434fe9733228bd0af866d0e 19a16d7ebda1b53385bd7dedd5850f7d4add9965 21e289affb9de9bba0512aea26bab55040dc531252e25aeebcfca26331811c9d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.554176852134.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22nsw2u%22%2C%22com%22%2C%22download%22%2C%22switch%22%2C%22roms%22%2C%22eshop%22%2C%22nsp%22%2C%22xci%22%2C%22nsz%22%5D&refer=https%3A%2F%2Fnsw2u.com%2F&tz=0&dev=e&res=14.2079&uuid=8787e4ad-373a-416a-b5a3-9fd8a0395a58%3A3%3A1&shu=0f88ab52672ecd5a23615d10de272b6711ffb319fd29331a97a49cd190afa6c8fdc3e9b999e891fe3d76e46cfd62690ff627759e3339c50ffb9130c1ddd884acdd8d10201ea999b7ba46c8dc4a55f0ad9e47a3135afc1101baeeb0f46d7f94&pst=1697875339&rmtc=t HTTP/1.1
Host: overcrummythrift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
Referer: https://nsw2u.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=19067264; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTA2NzI2NCwiayI6ImE0NTkyMmZhNDk2Njk1NWNlY2RmZmJkZGU1MzQ3YWU1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNDQ5ODA3LCJwaWQiOjE2MjY3OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjozMiwicHQiOjQsInBrIjoibWh2ZzFhbXRhIiwiY3BrcyI6eyAiMjgiOiJlZDZjYTVlYjhhYmM5YTg2NGZmYTM5MTE1Nzk5YjY0MSIsIjI5IjoiM2EyMjZhNjY0MGE2NDQ2ZGJjN2NkYzk2ZWNjNmIzZTgifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjE3OTA4ODk0OCwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMjQzODYsImJuIjoiRmlyZWZveCIsImJ2IjoiMTExLjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9uc3cydS5jb20vIn19.whvp_sQpIdUSm4SK7_ZQxkz-uJBivC_dFSr-vXd5VZ4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 21 Oct 2023 08:01:19 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://nsw2u.com
Access-Control-Allow-Origin: https://nsw2u.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=8787e4ad-373a-416a-b5a3-9fd8a0395a58:3:1; expires=Sat, 28 Oct 2023 08:01:19 GMT; secure; SameSite=None
iprc2c5aed9644f49cff663a17f89e5f3ad1=3570421; expires=Sat, 21 Oct 2023 12:01:19 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 22 Oct 2023 08:01:19 GMT; secure; SameSite=None
uncs=1; expires=Sun, 22 Oct 2023 08:01:19 GMT; secure; SameSite=None
pdhtkv32=true; expires=Sun, 22 Oct 2023 08:01:19 GMT; secure; SameSite=None
uncs32=1; expires=Sun, 22 Oct 2023 08:01:19 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 983bfbb0071039470f535c867d6a8df4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| ocsp.pki.goog/s/gts1p5/KIQBreNUShI | 142.250.74.131 | | 472 B |
URL ocsp.pki.goog/s/gts1p5/KIQBreNUShI IP 142.250.74.131:0
Hashe3b79da79d90325b5601115cac9f5ba3 e162325b64244371d58d280f0c5aeca3a5373798 756076c006264f5e0096557de6907eed2bb82be64306ebd71d583623efe9010e
POST /s/gts1p5/KIQBreNUShI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Oct 2023 08:01:19 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| friendshipmale.com/sfp.js | 172.64.101.19 | 200 OK | 28 kB |
URL GET HTTP/2friendshipmale.com/sfp.js IP 172.64.101.19:443
CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37 ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT
File typeUnicode text, UTF-8 text, with very long lines (65529), with no line terminators Hash2d0450888479d4ddda305bd96206b240 5b4595aab1cd3f854718e05db9be0c65a12ab2f6 44de073e74ff24c6b1c0fe1f3ac5b33d793560e85ef24fb6ce89e76c2cf90af6
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 21 Oct 2023 08:01:19 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: d248770d99d0fbfc0164287da2ad09d0
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 21 Oct 2023 08:01:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R6Ne0h04tNgIvM757STjFXgS0RTj%2Fr6FK3mQaBQ1OALjf7OQ8guiSU2upGx63OERd5NeaYYWW%2BklT8JvjcuXHjhkvZX4c5zIP6G%2FHLKiLa8W2OTpKm%2BgX3aAeUUpuzEbcIlDa%2F8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8197f8d1b90c76c5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg | 45.133.44.9 | 200 OK | 25 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg IP 45.133.44.9:443
ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com Fingerprint62:DE:BA:BA:30:E9:EE:15:E9:24:B9:C5:BF:E1:7E:39:8B:20:E5:42 ValiditySun, 24 Sep 2023 23:04:02 GMT - Sat, 23 Dec 2023 23:04:01 GMT
File typeJPEG image data, baseline, precision 8, 320x50, components 3\012- data Hashd465d02b90e928dfd9d9846e102a9dac 22f7333777bec813bd9a7b870913a2b79b6d2fe4 e393d4f1c6b5d4973e157f0f10764b92037dc18239500f42b72bed8ecef462fd
GET /cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 21 Oct 2023 08:01:19 GMT
content-type: image/jpeg
content-length: 24714
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 14:06:18 GMT
etag: "62e1465a-608a"
expires: Mon, 23 Oct 2023 08:01:19 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| absentlyrindbulk.com/pixel/purst?dl=0&th=0&sc=0&rs=9582&rd=9582&fd=1053&bv=23.10.v.28&tmpl=70 | 173.233.137.36 | 200 OK | 0 B |
URL GET HTTP/1.1absentlyrindbulk.com/pixel/purst?dl=0&th=0&sc=0&rs=9582&rd=9582&fd=1053&bv=23.10.v.28&tmpl=70 IP 173.233.137.36:443
CertificateIssuerLet's Encrypt Subjectabsentlyrindbulk.com Fingerprint8F:3F:22:D9:6F:90:66:4F:C4:25:34:80:FD:94:56:B4:A0:72:93:50 ValidityTue, 10 Oct 2023 08:40:27 GMT - Mon, 08 Jan 2024 08:40:26 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/purst?dl=0&th=0&sc=0&rs=9582&rd=9582&fd=1053&bv=23.10.v.28&tmpl=70 HTTP/1.1
Host: absentlyrindbulk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 21 Oct 2023 08:01:19 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| banquetunarmedgrater.com/advertisers.js | 172.67.177.178 | 200 OK | 0 B |
URL GET HTTP/2banquetunarmedgrater.com/advertisers.js IP 172.67.177.178:443
CertificateIssuerGoogle Trust Services LLC Subjectbanquetunarmedgrater.com Fingerprint77:2B:76:51:D0:51:70:02:2E:BF:B7:9B:02:8B:5A:A4:91:FA:0B:9E ValidityMon, 11 Sep 2023 08:34:11 GMT - Sun, 10 Dec 2023 08:34:10 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 21 Oct 2023 08:01:19 GMT
content-type: application/javascript
content-length: 0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=172800
x-request-id: ffb369917fd2446639f8ada2c3307380
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 21 Oct 2023 08:01:18 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p8fmQuyHsOQJWE5fyf4OeeMn3q58OmbMprxSI%2Bs%2FTLnqCWtXo66l%2BLI3gWQPg3LTktd9CKbATMacp1GOrV1cjypXLMPfCa7VDn%2BMSGrZlbN6uDlHS7A2I%2BN9gxeMq1Q9y9xlYw0FB%2FTIw1U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8197f8d24e38b509-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/s/gts1p5/KIQBreNUShI | 142.250.74.131 | | 472 B |
URL ocsp.pki.goog/s/gts1p5/KIQBreNUShI IP 142.250.74.131:0
Hashe3b79da79d90325b5601115cac9f5ba3 e162325b64244371d58d280f0c5aeca3a5373798 756076c006264f5e0096557de6907eed2bb82be64306ebd71d583623efe9010e
POST /s/gts1p5/KIQBreNUShI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Oct 2023 08:01:19 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| nsw2u.com/wp-content/plugins/chp-ads-block-detector/assets/img/icon.png | 172.67.150.79 | 200 OK | 16 kB |
URL GET HTTP/3nsw2u.com/wp-content/plugins/chp-ads-block-detector/assets/img/icon.png IP 172.67.150.79:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File typePNG image data, 350 x 350, 8-bit colormap, non-interlaced\012- data Hash134fce13c189ed0e483a1bddb6406204 eed559ac52e9731c56a1fb03eb94fc82e551bb66 723597ec6e9461e79c420faf0454170cf6f9243246a4fac3cef5f05a4b5be791
GET /wp-content/plugins/chp-ads-block-detector/assets/img/icon.png HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: image/png
content-length: 15671
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:29:33 GMT
cf-cache-status: HIT
age: 40789
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2e5SfGIL%2ByaaKA%2FKwMIN6Uy0QG0D5IL1QO20K%2Fmm1Bn1FzeaBCXBht1FN08y0%2FvWX%2BxXFyHNb6Eyvk4TVYk6zFr5KIc935DypY9fVlAzW8QGgc%2BgRy2TQ882UvI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8197f8bdab4956bf-OSL
alt-svc: h3=":443"; ma=86400
|
|
| nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-ajax-search.min.js?ver=5.5.2 | 172.67.150.79 | 200 OK | 68 kB |
URL GET HTTP/3nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-ajax-search.min.js?ver=5.5.2 IP 172.67.150.79:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-content/plugins/add-search-to-menu/public/js/ivory-ajax-search.min.js?ver=5.5.2 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:31:33 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9x0uIoi7JdOf6DaqbL%2BfT1StgXsXMMubbmQWL4XuLKQRAnE7fua%2BQY8ZUqf2z66O4kDJ4C%2FA%2BBt4RLpkhcZhbrrH3L%2Bkz67ozCXBtil2XBy7MDBkXdx%2FxjtRHiA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8c0bda156bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.min.js | 172.67.150.79 | 200 OK | 124 kB |
URL GET HTTP/3nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.min.js IP 172.67.150.79:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File typeASCII text, with very long lines (32024) Size124 kB (123510 bytes) Hash7ed39eb42c8c450b59a24bab9cfa7fae 7fdd3fee90709f703fac533b6061864fcd7ec206 35ddb1ce73a4ac4f4792b00c8b8c56cbf857910ada5e2a0183d898b01adc16bb
GET /wp-content/themes/posterpro/foundation/js/foundation.min.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HMryh1fPlFAJaIYUFrsepZXDpSnzLh1DRuTNW9vM%2BvntUXHAy0AUxGmkF%2Fpv72pufdOVOjULofqbDP3wBMmmMrBXwmFECZqpFXbUORZpu7zE2X9EVUuf7Nr27Jc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8c0edb856bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| doruffleton.com/?rb=S8cFZHcIYTsrkkf8Cc45NkpQepTz1AYd4vrdPLAYRT1Xj2e8QYtsNZy2yMTceRiWiFUXxeHhlHDPgCiGUfKBNhhrjTqDqhdtqZOXIZ4j1nB1-Au3HOB-vyWlcGcYZArMpUTmfJZQMJwCdcxI-NF8E_nNasLymwmwvb7s4nkLbFE6-oJwy3eM1MFddtGMaujczMipooN7y86b9M4kH4CRmQ%3D%3D&request_ab2=0&zoneid=3812660&js_build=iclick-v1.610.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=2&pl=https%3A%2F%2Fnsw2u.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.610.0&bs=b63af232-4092-4f9e-be91-b5516ac44133&userId=0dd4d74c64f14d7e8acbb68fa2405f5a&m=link | 139.45.197.244 | 200 OK | 1.6 kB |
URL GET HTTP/2doruffleton.com/?rb=S8cFZHcIYTsrkkf8Cc45NkpQepTz1AYd4vrdPLAYRT1Xj2e8QYtsNZy2yMTceRiWiFUXxeHhlHDPgCiGUfKBNhhrjTqDqhdtqZOXIZ4j1nB1-Au3HOB-vyWlcGcYZArMpUTmfJZQMJwCdcxI-NF8E_nNasLymwmwvb7s4nkLbFE6-oJwy3eM1MFddtGMaujczMipooN7y86b9M4kH4CRmQ%3D%3D&request_ab2=0&zoneid=3812660&js_build=iclick-v1.610.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=2&pl=https%3A%2F%2Fnsw2u.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.610.0&bs=b63af232-4092-4f9e-be91-b5516ac44133&userId=0dd4d74c64f14d7e8acbb68fa2405f5a&m=link IP 139.45.197.244:443
CertificateIssuerLet's Encrypt Subjectdoruffleton.com Fingerprint8D:99:65:BD:FF:22:4C:6B:41:72:27:BC:29:02:01:7C:6F:06:33:89 ValiditySat, 07 Oct 2023 07:17:50 GMT - Fri, 05 Jan 2024 07:17:49 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1649), with no line terminators Hash5ab6fb5308c1bf5cc8006f989b0cc23b 703934de4567363f3f67924e8862be9fbd85d1b4 2addb056219b2b8febb1370d55ee07838524f3ef487744b73d353b9d22afff22
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?rb=S8cFZHcIYTsrkkf8Cc45NkpQepTz1AYd4vrdPLAYRT1Xj2e8QYtsNZy2yMTceRiWiFUXxeHhlHDPgCiGUfKBNhhrjTqDqhdtqZOXIZ4j1nB1-Au3HOB-vyWlcGcYZArMpUTmfJZQMJwCdcxI-NF8E_nNasLymwmwvb7s4nkLbFE6-oJwy3eM1MFddtGMaujczMipooN7y86b9M4kH4CRmQ%3D%3D&request_ab2=0&zoneid=3812660&js_build=iclick-v1.610.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=2&pl=https%3A%2F%2Fnsw2u.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.610.0&bs=b63af232-4092-4f9e-be91-b5516ac44133&userId=0dd4d74c64f14d7e8acbb68fa2405f5a&m=link HTTP/1.1
Host: doruffleton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nsw2u.com/
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Cookie: OAID=0dd4d74c64f14d7e8acbb68fa2405f5a; oaidts=1697875278
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:19 GMT
content-type: application/json
x-trace-id: 3efa427ec1dfe7a017245ac44cd8c236
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://nsw2u.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0dd4d74c64f14d7e8acbb68fa2405f5a; expires=Sun, 20 Oct 2024 08:01:19 GMT; path=/; secure; SameSite=None
oaidts=1697875279; expires=Sun, 20 Oct 2024 08:01:19 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 28 Oct 2023 08:01:19 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| c0.wp.com/c/6.3.2/wp-includes/js/dist/url.min.js | 192.0.77.37 | 200 OK | 9.1 kB |
URL GET HTTP/2c0.wp.com/c/6.3.2/wp-includes/js/dist/url.min.js IP 192.0.77.37:443
CertificateIssuerSectigo Limited Subject*.wp.com Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37 ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File typeUnicode text, UTF-8 text, with very long lines (10357), with no line terminators Hash93d89333b0ea716b0dded414b6fd690e bea26f3b7bf556a03bf81259459154e5728de2cb acab68f8aa0636ce9058f6bf3d72d59dede88fb7111dd75532dcbd572ecb8722
GET /c/6.3.2/wp-includes/js/dist/url.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 27 Jun 2023 14:24:19 GMT
content-encoding: br
expires: Sun, 20 Oct 2024 08:01:16 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.3.2 | 104.17.24.14 | 200 OK | 3.1 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.3.2 IP 104.17.24.14:443
CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeASCII text, with very long lines (3166), with no line terminators Hash268941a21977d78e5375571a621395be e31219f1b0ded9a8cc5834a977297006fedd2c07 b6e184987af8853a448d3300cecb87e5c9c91adcf6af8bde29199a9d94bc3cd7
GET /ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.3.2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript; charset=utf-8
content-length: 1101
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "60641588-bf7"
last-modified: Wed, 31 Mar 2021 06:24:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 12396891
expires: Thu, 10 Oct 2024 08:01:16 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FOvqWGUBK9FIibm2rRQEWE8rjXHBntZ1DNqFREEIdX6p53b3Y2fdLB7llJ0sofsNzru4crreerMy0%2FCd2RnXKm30EHRup5v8CXlOWupRK9wkfRpPOWJqr23WoaS%2FvIXqKEiqE%2BkG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8197f8c1288b56be-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| c0.wp.com/c/6.3.2/wp-includes/js/jquery/jquery.min.js | 192.0.77.37 | 200 OK | 88 kB |
URL GET HTTP/2c0.wp.com/c/6.3.2/wp-includes/js/jquery/jquery.min.js IP 192.0.77.37:443
CertificateIssuerSectigo Limited Subject*.wp.com Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37 ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File typeASCII text, with very long lines (65447) Hashff04dd1ef5c67998d8652330c0441689 5e6ff5bd5240181a8bdea983837f39ac231dac4d 5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164
GET /c/6.3.2/wp-includes/js/jquery/jquery.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 26 May 2023 11:33:35 GMT
content-encoding: br
expires: Sun, 20 Oct 2024 08:01:16 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.css?minify=false&ver=ae1ab3cfcf7670b1d705 | 172.67.150.79 | 200 OK | 36 kB |
URL GET HTTP/3nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.css?minify=false&ver=ae1ab3cfcf7670b1d705 IP 172.67.150.79:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.css?minify=false&ver=ae1ab3cfcf7670b1d705 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Cookie: _ga_V5K7GYT3S4=GS1.1.1697875278.1.0.1697875278.0.0.0; _ga=GA1.1.1692317278.1697875279; _ga_HS5Y0K7QPG=GS1.1.1697875278.1.0.1697875278.0.0.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:18 GMT
content-type: text/css
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 12 Oct 2023 20:06:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40790
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kWmUThdrOOiS5Wrgyvv6m0nmcFQev5gdcgn34tzVwqN1o17JhOe0hS0%2BtBUYM1pd%2BrxIYjMWdqq8JZG94knUaWdmYB7HuS%2BL7%2Bpowtcvq160OQkoMQhURNPXh8U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8cbaed056bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/css/lazyload.css?ver=4.5.1 | 172.67.150.79 | 200 OK | 399 B |
URL GET HTTP/3nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/css/lazyload.css?ver=4.5.1 IP 172.67.150.79:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File typeASCII text, with very long lines (423), with no line terminators Hashed94fa94e236140899a07d0bb24f233d 8e7f16eda1a41233d4d0f19264382b6222959b6c 2fb43730229e7993c5976889479bdd4488ce1cab9f939f11d7bba6e327c9a5df
GET /wp-content/plugins/featured-image-from-url/includes/html/css/lazyload.css?ver=4.5.1 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: text/css
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Fri, 20 Oct 2023 08:20:23 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40789
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qP%2FIzMv2DYrBen0MVvOprdeXiymp35%2FTvwaCGaGA4TLptjJ4hJ%2Bvaz3QGdYNxlI1sna7uFujCzkJOacyB1Ak7JM1aPoMslzojglWlMeh%2BYNaVksVwj9rB9UkIOs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8bddb5856bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.5.1 | 172.67.150.79 | 200 OK | 8.0 kB |
URL GET HTTP/3nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.5.1 IP 172.67.150.79:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File typeASCII text, with very long lines (8246), with no line terminators Hash95e8541b1c7d8d1c6d971b8a1254f05e a0a315f535cefee969c8f938ae9133beb051b51d 94d90d0cae68aae94246413284189ad0fd41bca226dcfc1d3394f25087df2ede
GET /wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.5.1 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Fri, 20 Oct 2023 08:20:23 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j6pjXkED%2BZoIk5oN0nXftE9vp4eM%2BYe14mhMkSQmi%2F2GRYh82f9FQ0hQgNrgn0oEtbDF3Cizf58U0ApyiAhmfNMsk1HIVY1VmaQnOYcC%2FAQFSIuVDXPwIw3%2FvgY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8c0edb656bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| stats.wp.com/w.js?ver=202342 | 192.0.76.3 | 200 OK | 11 kB |
URL GET HTTP/2stats.wp.com/w.js?ver=202342 IP 192.0.76.3:443
CertificateIssuerSectigo Limited Subject*.wp.com Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37 ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File typeASCII text, with very long lines (10778), with no line terminators Hashf6c87bc49e7646c7ccda489b9defc829 9003fc52b4c4014b4bd9fe2f4506440b299478b2 e97d12898ebf1039197a2a1c2f87bfe3b56f93eca2bfe60a46a1053fab7ad860
GET /w.js?ver=202342 HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:17 GMT
content-type: application/javascript
vary: Accept-Encoding
x-minify: t
x-minify-cache: hit
etag: W/10813-1684464982349.1523
content-encoding: br
expires: Mon, 14 Oct 2024 22:59:47 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-V5K7GYT3S4&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 229 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=G-V5K7GYT3S4&l=dataLayer&cx=c IP 142.250.74.168:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint81:B9:A4:E4:E4:84:05:A7:F6:52:4F:E2:74:27:36:05:0D:74:15:89 ValidityThu, 28 Sep 2023 05:26:20 GMT - Thu, 21 Dec 2023 05:26:19 GMT
File typeASCII text, with very long lines (5788) Size229 kB (228891 bytes) Hash8ae2b751a5e73fa3fbb58a72dff2881c f45721d161c83844258500fc27fb4242d20de1ed 66189b971bac09e032b95af5631af2503655647425fe9db9f0249093cbefe9e4
GET /gtag/js?id=G-V5K7GYT3S4&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 21 Oct 2023 08:01:17 GMT
expires: Sat, 21 Oct 2023 08:01:17 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 81154
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| fonts.googleapis.com/css?family=Open+Sans%3A100%2C300%2C400%2C700&ver=6.3.2 | 142.250.74.106 | 200 OK | 8.3 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Open+Sans%3A100%2C300%2C400%2C700&ver=6.3.2 IP 142.250.74.106:443
CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint28:23:2B:8B:2D:09:6C:BB:06:7A:35:80:95:BB:F8:03:41:C8:99:2C ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT
File typeASCII text, with very long lines (8472), with no line terminators Hash3f5613f7160c3b6638dbbe32b93f8e97 62d3566bc0e2a74456c2bebb6d280be511402791 5d5d0961816e9953501ec925709e8c23de9e3add0dd57ccbc3f4402a0f53207c
GET /css?family=Open+Sans%3A100%2C300%2C400%2C700&ver=6.3.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 21 Oct 2023 08:01:16 GMT
date: Sat, 21 Oct 2023 08:01:16 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| nsw2u.com/wp-content/cache/wpfc-minified/7kcuf8x0/5qz0r.js | 172.67.150.79 | 200 OK | 6.2 kB |
URL GET HTTP/3nsw2u.com/wp-content/cache/wpfc-minified/7kcuf8x0/5qz0r.js IP 172.67.150.79:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File typeASCII text, with very long lines (6303), with no line terminators Hashf9853427f0beb8a283ac3cdabe910ad6 8fcd5776a89dbe61bde8c23df7abd40148d0a336 1d280a7d6bcd1ea74968f32131f53c6a7b39468f6d7f9a21543fef8525b405ca
GET /wp-content/cache/wpfc-minified/7kcuf8x0/5qz0r.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Tue, 29 Aug 2023 11:06:03 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7XZvXZ4gMha%2F8UYqo3aoTSM58k7c0tulpRV0GpUdE989hOT%2BRmxtpFnWhYdFHLkgRQbgKRAP4v3K56QNG8LIgB3f7JCHIQRvDIi7SvdOlmPspEgtmdU1%2BRsEN3k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8c10dd856bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| c0.wp.com/c/6.3.2/wp-includes/js/jquery/jquery-migrate.min.js | 192.0.77.37 | 200 OK | 14 kB |
URL GET HTTP/2c0.wp.com/c/6.3.2/wp-includes/js/jquery/jquery-migrate.min.js IP 192.0.77.37:443
CertificateIssuerSectigo Limited Subject*.wp.com Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37 ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File typeASCII text, with very long lines (13479) Hash9ffeb32e2d9efbf8f70caabded242267 3ad0c10e501ac2a9bfa18f9cd7e700219b378738 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
GET /c/6.3.2/wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 09 Jun 2023 05:49:24 GMT
content-encoding: br
expires: Sun, 20 Oct 2024 08:01:16 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| images.vfl.ru/ii/1697025199/2d40d0fc/39033877.jpg | 78.24.223.39 | 200 OK | 71 kB |
URL GET HTTP/1.1images.vfl.ru/ii/1697025199/2d40d0fc/39033877.jpg IP 78.24.223.39:443
CertificateIssuerGoogle Trust Services LLC Subject*.vfl.ru FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04 ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.10], baseline, precision 8, 432x700, components 3\012- data Hashc9578ce1b30a7957a4f58916181545c1 5edd16bdbdd4c4caacd7ba9408b15b01bbb765fe 881c108606af7bdf549477962370e9b2e17f1473a875354f37a09c634e34d492
GET /ii/1697025199/2d40d0fc/39033877.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Oct 2023 08:01:19 GMT
Content-Type: image/jpeg
Content-Length: 70673
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Wed, 11 Oct 2023 11:53:19 GMT
ETag: "65268caf-11411"
Expires: Mon, 20 Nov 2023 08:01:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
|
|
| images.vfl.ru/ii/1696606849/450212ed/39028293.jpg | 78.24.223.39 | 200 OK | 86 kB |
URL GET HTTP/1.1images.vfl.ru/ii/1696606849/450212ed/39028293.jpg IP 78.24.223.39:443
CertificateIssuerGoogle Trust Services LLC Subject*.vfl.ru FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04 ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.10], baseline, precision 8, 432x700, components 3\012- data Hashf31e59ed8b4014e8c240b752b138ca58 92fe10034473f9c1939631c2c50642bfa521bf0f 2e559285efef0bb13f7cb134710ea244f456a76074859562fff2cd86952aed87
GET /ii/1696606849/450212ed/39028293.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Oct 2023 08:01:19 GMT
Content-Type: image/jpeg
Content-Length: 85525
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Fri, 06 Oct 2023 15:40:49 GMT
ETag: "65202a81-14e15"
Expires: Mon, 20 Nov 2023 08:01:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
|
|
| c0.wp.com/c/6.3.2/wp-includes/js/dist/hooks.min.js | 192.0.77.37 | 200 OK | 4.6 kB |
URL GET HTTP/2c0.wp.com/c/6.3.2/wp-includes/js/dist/hooks.min.js IP 192.0.77.37:443
CertificateIssuerSectigo Limited Subject*.wp.com Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37 ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File typeASCII text, with very long lines (4704), with no line terminators Hash414c8462f6209b4905f767c8ba5c787d a80b8b79908e6cdf11648f810e707a75c859cda3 007c3734a3f7737d74061ab5b96905dcb14ba1f88e7a6df55364b9d9573e3ce1
GET /c/6.3.2/wp-includes/js/dist/hooks.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 27 Jun 2023 14:24:19 GMT
content-encoding: br
expires: Sun, 20 Oct 2024 08:01:16 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| nsw2u.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js | 172.67.150.79 | 200 OK | 12 kB |
URL GET HTTP/3nsw2u.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js IP 172.67.150.79:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File typeASCII text, with very long lines (12331) Hash88a769d2fe35899fd45a332a0a032cc0 514c6c1d8475d17e412849a4c90159517d0fa10a ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
last-modified: Mon, 16 Oct 2023 11:32:23 GMT
etag: W/"652d1f47-302c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4XgWdCU4ec7GPTN71%2FyLDmSDNNYvAyPFnPdgHZ7P6pAAPtbLqKYOhnWIHxxKCC%2BfEuuuTcfKv6thNgAxKuHfj2%2Fys%2BYIDi3Doweb6W%2Fxs37f%2F1IJZxXMW0CxaZ4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8197f8bddb5b56bf-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Mon, 23 Oct 2023 08:01:16 GMT
cache-control: max-age=172800, public
content-encoding: gzip
|
|
| nsw2u.com/wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115 | 172.67.150.79 | 200 OK | 880 B |
URL GET HTTP/3nsw2u.com/wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115 IP 172.67.150.79:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File typeASCII text, with very long lines (965), with no line terminators Hashfa7fe6b99dd294598a44154cb2f424b7 78a909d97e5dfeffa1e1311e2c7ad8633d768960 9600c505b5d0d438a661c90d7b6ef5c6098024ff4e16e58a3577d5d0c837237f
GET /wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DA8fxiB3oR0SPNJsP98Q76Pr6sBVRgyQKZjyYswK0LG991ncvZ8J7%2Bg8kvsI0wLuGBRGQcHUs4ylPrLhhOxHpNL7b8LwziVbkUlgc0xWE%2FkfRVpHf4rTe2IbUFs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8c0edbb56bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| www.googletagmanager.com/gtag/js?id=G-HS5Y0K7QPG&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 215 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=G-HS5Y0K7QPG&l=dataLayer&cx=c IP 142.250.74.168:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint81:B9:A4:E4:E4:84:05:A7:F6:52:4F:E2:74:27:36:05:0D:74:15:89 ValidityThu, 28 Sep 2023 05:26:20 GMT - Thu, 21 Dec 2023 05:26:19 GMT
File typeASCII text, with very long lines (4179) Size215 kB (214598 bytes) Hash3df08b577f9316760bce2839503a1ab6 0e31b3601310d0dbbb56a3d8ca63ece87bc86a92 cf738c56ad6b49abc628b69178c2872f3a2cba5f6a44a136855924cc1cbffd73
GET /gtag/js?id=G-HS5Y0K7QPG&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 21 Oct 2023 08:01:17 GMT
expires: Sat, 21 Oct 2023 08:01:17 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 77353
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=be4054ef01b79af42428 | 172.67.150.79 | 200 OK | 79 kB |
URL GET HTTP/3nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=be4054ef01b79af42428 IP 172.67.150.79:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=be4054ef01b79af42428 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Cookie: _ga_V5K7GYT3S4=GS1.1.1697875278.1.0.1697875278.0.0.0; _ga=GA1.1.1692317278.1697875279; _ga_HS5Y0K7QPG=GS1.1.1697875278.1.0.1697875278.0.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:18 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 12 Oct 2023 20:06:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40790
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ncPe9ApbNa4%2BmyTRDpWUsc2Cydsb88ltDAP7ip9SAVI%2BYSqzrA0jV9wdoKtT0D7NK1H0SPGfsoQ1FG7JvRRq%2BVZQ7Hyz4XNuBmTpG3mnW2D51SlFw9mjQPsFQBw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8cbaed256bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| nsw2u.com/wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.31 | 172.67.150.79 | 200 OK | 21 B |
URL GET HTTP/3nsw2u.com/wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.31 IP 172.67.150.79:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File typeASCII text, with no line terminators Hash169a5dd1261e0d434162d1af68acbbcd c18d59ed069049b012a61a8e6b958bfb25bc1b71 82b3dabc6615507ef352f36aa08a805d409e883f8024fd01fda43175b6b67b38
GET /wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.31 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
content-length: 21
cache-control: public, max-age=16070400
cf-bgj: minify
expires: max-age=A10368000, public
last-modified: Fri, 22 Sep 2023 09:31:14 GMT
cf-cache-status: HIT
age: 40788
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WBRH6Ve8%2Bo%2FKE3rrvgo13dS9kaeYEdmkQ7ulBlx1I7rsQO4jO1zOIpr%2Fls6r8ZRoLvgP5sCs8nbbLpmW3TD3bX97Tj6WWdTw4z15Mq813WmNINsPYx784RAcDE4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8197f8c0ad8856bf-OSL
alt-svc: h3=":443"; ma=86400
|
|
| nsw2u.com/wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.31 | 172.67.150.79 | 200 OK | 110 B |
URL GET HTTP/3nsw2u.com/wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.31 IP 172.67.150.79:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File typeASCII text, with no line terminators Hash70cd599fb1a952f67216cc82829f9ada 74cfae7f053f69abf2dce9cb74c962a83b8ba8bf 1fa8347df53b4287898f910b10e189b287e5610aa9d6cd322fb53d487b37a56d
GET /wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.31 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=112
expires: max-age=A10368000, public
last-modified: Fri, 22 Sep 2023 09:31:13 GMT
cf-cache-status: HIT
age: 40788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WnP%2FP1oeON83anCaivwbuzKP7RQQ7wEAGbq7tyx1%2Fgusm8CR6G82IFGqI6sGbt6FeQv5t%2F9Ew3gR7peEMCW4dRmnmBE%2BrvEXRUd3QHQITuEwZSn3cFJc6rhyZAo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8197f8c0ad8956bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| doruffleton.com/tag.min.js | 139.45.197.244 | 200 OK | 81 kB |
URL GET HTTP/2doruffleton.com/tag.min.js IP 139.45.197.244:443
CertificateIssuerLet's Encrypt Subjectdoruffleton.com Fingerprint8D:99:65:BD:FF:22:4C:6B:41:72:27:BC:29:02:01:7C:6F:06:33:89 ValiditySat, 07 Oct 2023 07:17:50 GMT - Fri, 05 Jan 2024 07:17:49 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hash2c433b3a7bd223a09d253bc43a4b0e1b 6b4d75928278e355515d83228c12b33a7054ec08 09f60ff073f52f912ab3522789cf0379dc3846f444566af619d2af5f1af459b8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /tag.min.js HTTP/1.1
Host: doruffleton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:18 GMT
content-type: text/javascript; charset=utf-8
content-length: 25495
content-encoding: br
x-trace-id: 8992916997cece46d4b4f4d85394902b
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Fri, 20 Oct 2023 10:49:02 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| nsw2u.com/wp-content/cache/wpfc-minified/fhg2umku/5qz0r.css | 172.67.150.79 | 200 OK | 148 kB |
URL GET HTTP/3nsw2u.com/wp-content/cache/wpfc-minified/fhg2umku/5qz0r.css IP 172.67.150.79:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
Size148 kB (147784 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-content/cache/wpfc-minified/fhg2umku/5qz0r.css HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: text/css
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Tue, 29 Aug 2023 11:06:03 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40789
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X899czGoxTnwzkZk%2F839ZNJ8sUC2uWxAelYcPSKWM991nn91Y0XWuAacx0GYxPxRh%2FNtYYkg6dzbfgq7abGK5npj6ed3nHW7wtkv6v0Etm7%2Fg9nVV6KX%2BSi6lmY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8bd4b0d56bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.core.js | 172.67.150.79 | 200 OK | 14 kB |
URL GET HTTP/3nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.core.js IP 172.67.150.79:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
Hash0e78b1db7d662e95ae8c3506146b080a 9f1675c87a306e4dd45f84d0b7ac484ae506245e 6e79424f448b401656e2384514c9332a4baa6ab4d458ba048655e01f4b1c60f2
GET /wp-content/themes/posterpro/foundation/js/foundation.core.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ja7C%2BSzsgUY6NeVbqVePAnhGFCAmZ47HxYpYvsTpZOa5as0%2BkbLpiS2TdR2vRf%2FewrVAsG%2FKbY5kSGdQOUxwusg79AXERk8lr6h0Y028J0%2FyX6rI%2BNYeww1HTq4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8c0edba56bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js | 192.0.77.37 | 200 OK | 8.2 kB |
URL GET HTTP/2c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js IP 192.0.77.37:443
CertificateIssuerSectigo Limited Subject*.wp.com Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37 ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File typeASCII text, with very long lines (8365), with no line terminators Hash08e6714eaf3cfe8f3c7839f22d90ba4e 94fdad68854d0d3482b877aef7ba7c2eb265c621 e424039d5a737a1bda8a5ded60919e5067085729310762eebb09c20e07d249c8
GET /c/6.3.2/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 18 Jan 2023 11:16:33 GMT
content-encoding: br
expires: Sun, 20 Oct 2024 08:01:16 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| pagead2.googlesyndication.com/pagead/js/adsbygoogle.js | 142.250.74.130 | 200 OK | 148 kB |
URL GET HTTP/2pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP 142.250.74.130:443
CertificateIssuerGoogle Trust Services LLC Subject*.g.doubleclick.net FingerprintA4:04:A4:CD:74:4A:5D:D5:E5:B7:37:26:D7:25:FC:00:CC:C5:4A:4F ValidityThu, 28 Sep 2023 05:26:19 GMT - Thu, 21 Dec 2023 05:26:18 GMT
File typeASCII text, with very long lines (3968) Size148 kB (147522 bytes) Hasha3312559d459e0e42277a4e01477657d 7c1d2efa8286295df4c8c2c7ea1922629d91e392 9c07e19d6062957e779c57f54d47fc9f11440053911faeb3883b771fe9f7393e
GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 21 Oct 2023 08:01:18 GMT
expires: Sat, 21 Oct 2023 08:01:18 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 11389023952349986819
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 50981
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| nsw2u.com/wp-content/cache/wpfc-minified/ehn7s3j8/dmlqt.css | 172.67.150.79 | 200 OK | 15 kB |
URL GET HTTP/3nsw2u.com/wp-content/cache/wpfc-minified/ehn7s3j8/dmlqt.css IP 172.67.150.79:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File typeASCII text, with very long lines (6817) Hash1fee9d9ba9d8cc17b88610f753052dd1 b8608a7bcb05bcca68814671bb114871f2c97f0e f50cc3d3d3714cc7aae738eb19b41f70b1eec94c290f8985af4dcd36dcfad0dd
GET /wp-content/cache/wpfc-minified/ehn7s3j8/dmlqt.css HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: text/css
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sun, 03 Sep 2023 08:56:51 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40789
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CXtWewYZPirrF5onWRVo7hAw1hxJlz4ws6WOEdtrPDGJ5%2BwbyFM%2B7JIFWhM3fX%2FB%2Bl0%2BWQz%2BK%2BOJ3mTgvaa5o3O80xerRVv%2FuA0VhB1EAckPOdvf843jwHUlvj4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8bd3b0456bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188 | 172.67.150.79 | 200 OK | 701 B |
URL GET HTTP/3nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188 IP 172.67.150.79:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File typeASCII text, with very long lines (727), with no line terminators Hashe8b1dbb3b1a9bc1b59010bd6f7035465 c9d0ec84d9184c72ea6335c67193d25a90e003af 18c991e1cdc15a5c427215cf20569d60a7aa9bc32f1f7a2382640782a6e5bfe7
GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 12 Oct 2023 20:06:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fveFNd%2FMzpYGqDo%2F9PnbEJQEYchyh7T3Zqli1annja6dhk4xqfwIRyaKiYfUgHgtn8RUJYE3VN0KQHKQg9mPKHa7Cahfsy1kxamM8P6YIyvRICGdi2tQhcvbBIM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8c0fdd456bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| c0.wp.com/p/jetpack/12.7/css/jetpack.css | 192.0.77.37 | 200 OK | 101 kB |
URL GET HTTP/2c0.wp.com/p/jetpack/12.7/css/jetpack.css IP 192.0.77.37:443
CertificateIssuerSectigo Limited Subject*.wp.com Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37 ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
Size101 kB (100602 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/jetpack/12.7/css/jetpack.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 10 Oct 2023 19:16:20 GMT
content-encoding: br
expires: Sun, 20 Oct 2024 08:01:16 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| nsw2u.com/wp-content/cache/wpfc-minified/q8eepl4d/dmlqt.css | 172.67.150.79 | 200 OK | 8.1 kB |
URL GET HTTP/3nsw2u.com/wp-content/cache/wpfc-minified/q8eepl4d/dmlqt.css IP 172.67.150.79:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File typeASCII text, with very long lines (8145), with no line terminators Hash734068ce5268bc23a7506f3e9e9f5d41 acf53910826dc6702a5fb8f2bf6aab44b17f4886 2dd5b45b7df3d954548b70324f5730bf593bcdab6dac3632cc19ac119e8912a8
GET /wp-content/cache/wpfc-minified/q8eepl4d/dmlqt.css HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: text/css
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sun, 03 Sep 2023 08:56:51 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40789
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nNYb2mFLQ3aAh0eILalX5KmMeyKB4zM6TGJMOs2Z8tUDrPmd1b1XPFPbHwyf69HQk%2BGeP3hhxxk8cz8jIER6nMNBFD%2BZuNnvwPbiLPgERUWV9ThlcQ9wODvmnjs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8bddb5956bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.2 | 172.67.150.79 | 200 OK | 4.6 kB |
URL GET HTTP/3nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.2 IP 172.67.150.79:443
CertificateIssuerLet's Encrypt Subjectnsw2u.com FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File typeASCII text, with very long lines (4857), with no line terminators Hash3c05b4818fda400788cc5c2f60d87ea4 01e544e8461be8bb14a13fb8be13cc1e8259858e db8170cdde3c954a075a4c1cfe836be73fc450ee8a298978470ca6a110284a08
GET /wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.2 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:31:33 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q1q4bD8pQYWU8k7E%2FHXuoRpCk%2F6YYrnYzUrZQz2x5x68fYt0chu0qbvRNjFgf%2F1hWKlLa47LL6aj%2Fo%2FD6ibWLUXcOSPjZnXIpavwETad1DFSTjClpmfHNO5Gxrk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8c0edb756bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| overcrummythrift.com/watch.554176852134.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22nsw2u%22%2C%22com%22%2C%22download%22%2C%22switch%22%2C%22roms%22%2C%22eshop%22%2C%22nsp%22%2C%22xci%22%2C%22nsz%22%5D&refer=https%3A%2F%2Fnsw2u.com%2F&tz=0&dev=e&res=14.2079&uuid=8787e4ad-373a-416a-b5a3-9fd8a0395a58%3A3%3A1 | 192.243.61.227 | 307 Temporary Redirect | 3.5 kB |
URL GET HTTP/1.1overcrummythrift.com/watch.554176852134.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22nsw2u%22%2C%22com%22%2C%22download%22%2C%22switch%22%2C%22roms%22%2C%22eshop%22%2C%22nsp%22%2C%22xci%22%2C%22nsz%22%5D&refer=https%3A%2F%2Fnsw2u.com%2F&tz=0&dev=e&res=14.2079&uuid=8787e4ad-373a-416a-b5a3-9fd8a0395a58%3A3%3A1 IP 192.243.61.227:443
ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectovercrummythrift.com FingerprintC5:DE:2C:A4:57:98:D8:44:14:FB:0C:82:17:99:DA:E5:AB:8C:7D:C8 ValidityTue, 10 Oct 2023 08:21:33 GMT - Mon, 08 Jan 2024 08:21:32 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.554176852134.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22nsw2u%22%2C%22com%22%2C%22download%22%2C%22switch%22%2C%22roms%22%2C%22eshop%22%2C%22nsp%22%2C%22xci%22%2C%22nsz%22%5D&refer=https%3A%2F%2Fnsw2u.com%2F&tz=0&dev=e&res=14.2079&uuid=8787e4ad-373a-416a-b5a3-9fd8a0395a58%3A3%3A1 HTTP/1.1
Host: overcrummythrift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sat, 21 Oct 2023 08:01:19 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://nsw2u.com
Access-Control-Allow-Origin: https://nsw2u.com
Access-Control-Allow-Credentials: true
Location: https://overcrummythrift.com/watch.554176852134.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22nsw2u%22%2C%22com%22%2C%22download%22%2C%22switch%22%2C%22roms%22%2C%22eshop%22%2C%22nsp%22%2C%22xci%22%2C%22nsz%22%5D&refer=https%3A%2F%2Fnsw2u.com%2F&tz=0&dev=e&res=14.2079&uuid=8787e4ad-373a-416a-b5a3-9fd8a0395a58%3A3%3A1&shu=0f88ab52672ecd5a23615d10de272b6711ffb319fd29331a97a49cd190afa6c8fdc3e9b999e891fe3d76e46cfd62690ff627759e3339c50ffb9130c1ddd884acdd8d10201ea999b7ba46c8dc4a55f0ad9e47a3135afc1101baeeb0f46d7f94&pst=1697875339&rmtc=t
Set-Cookie: u_pl=19067264; expires=Sun, 22 Oct 2023 08:01:19 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTA2NzI2NCwiayI6ImE0NTkyMmZhNDk2Njk1NWNlY2RmZmJkZGU1MzQ3YWU1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNDQ5ODA3LCJwaWQiOjE2MjY3OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjozMiwicHQiOjQsInBrIjoibWh2ZzFhbXRhIiwiY3BrcyI6eyAiMjgiOiJlZDZjYTVlYjhhYmM5YTg2NGZmYTM5MTE1Nzk5YjY0MSIsIjI5IjoiM2EyMjZhNjY0MGE2NDQ2ZGJjN2NkYzk2ZWNjNmIzZTgifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjE3OTA4ODk0OCwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMjQzODYsImJuIjoiRmlyZWZveCIsImJ2IjoiMTExLjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9uc3cydS5jb20vIn19.whvp_sQpIdUSm4SK7_ZQxkz-uJBivC_dFSr-vXd5VZ4; expires=Sat, 21 Oct 2023 08:02:19 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 42ab00a2c3caa9e0302b32bbf50ae1a5
Strict-Transport-Security: max-age=0; includeSubdomains
|
|