Report - www.nsw2u.com/

Report Overview

Submitted URL
www.nsw2u.com/
IP
188.114.96.1
ASN
#13335 CLOUDFLARENET
Submitted
2023-10-21 08:01:31
Access
public
Website Title
nsw2u.com | Download Switch Roms eShop NSP XCI NSZ
Final URL
nsw2u.com/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
16

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.googletagmanager.com	75	2011-11-11	2013-05-22	2023-10-21	1.3 kB	514 kB	142.250.74.168
doruffleton.com	unknown	2023-02-08	2023-02-09	2023-10-18	1.9 kB	87 kB	139.45.197.244
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12	2023-10-21	443 B	25 kB	45.133.44.9
absentlyrindbulk.com	unknown	2023-10-10	2023-10-10	2023-10-20	484 B	467 B	173.233.137.36
banquetunarmedgrater.com	unknown	2022-08-04	2022-08-04	2023-10-20	409 B	845 B	172.67.177.178
pagead2.googlesyndication.com	101	2003-01-21	2021-02-20	2023-10-21	449 B	148 kB	142.250.74.130
nsw2u.com	unknown	2020-12-05	2020-12-20	2023-10-15	14 kB	915 kB	172.67.150.79
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-10-20	1.7 kB	3.5 kB	142.250.74.131
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2023-10-20	1.4 kB	9.9 kB	104.17.24.14
www.google-analytics.com	40	2005-07-18	2012-10-03	2023-10-18	408 B	22 kB	142.250.74.110
definedbootnervous.com	unknown	2023-05-22	2023-05-22	2023-10-14	435 B	12 kB	173.233.137.44
my.rtmark.net	9054	2014-10-29	2015-02-04	2023-10-20	453 B	738 B	139.45.195.8
www.nsw2u.com	unknown	2020-12-05	2022-09-25	2022-12-06	736 B	17 kB	188.114.97.1
i0.wp.com	3021	1997-03-28	2013-09-17	2023-10-20	5.8 kB	189 kB	192.0.77.2
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2023-10-21	340 B	942 B	143.204.53.97
images.vfl.ru	275945	2001-02-13	2012-10-04	2023-10-17	3.5 kB	470 kB	78.24.223.39
friendshipmale.com	unknown	2022-10-21	2022-10-21	2023-10-19	395 B	28 kB	172.64.101.19
c0.wp.com	6988	1997-03-28	2018-09-24	2023-10-20	5.3 kB	406 kB	192.0.77.37
pixel.wp.com	2545	1997-03-28	2017-01-30	2023-10-20	496 B	239 B	192.0.76.3
professionalswebcheck.com	unknown	2022-04-01	2022-04-02	2023-10-20	424 B	416 B	35.157.243.66
overcrummythrift.com	unknown	2023-10-10	2023-10-10	2023-10-20	3.0 kB	34 kB	192.243.61.227
stats.wp.com	2711	1997-03-28	2017-01-30	2023-10-20	400 B	11 kB	192.0.76.3
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2023-10-21	461 B	8.9 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-10-21	medium	definedbootnervous.com	Sinkholed
2023-10-21	medium	doruffleton.com	Sinkholed
2023-10-21	medium	overcrummythrift.com	Sinkholed
2023-10-21	medium	overcrummythrift.com	Sinkholed
2023-10-21	medium	absentlyrindbulk.com	Sinkholed
2023-10-21	medium	doruffleton.com	Sinkholed
2023-10-21	medium	doruffleton.com	Sinkholed
2023-10-21	medium	overcrummythrift.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (64)

	URL	Size	First Seen	Last Seen
	nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188	701 B	2023-05-10	2024-07-27
Pretty URL nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188 IP 172.67.150.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-10 12:45:08 Last Seen2024-07-27 00:06:18 Times Seen6225 Hash 328b8123661abdd5f4a0c695e7aa9dcc 4164f78bb52e9f2bfbb7ae5fd519b4638063c1f0 27dd9b075cc59cf5f3c0f6ee075f4bd113782d81ce30a4f16aac669ecfdc4fa2 Loading...

	unknown	70 B	2023-03-08	2024-07-13
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:05:06 Last Seen2024-07-13 05:38:46 Times Seen105 Hash dab1184244d47ac25667c940eff90dfc 6cd473b92e1956bd305f0056a46f18b6a4dfd80f 071ab71aea40b26ed6bb74deeb4fb203bd381f3e418588089f4a46d36b3daa07 Loading...

	nsw2u.com/sandbox%20eval%20code	128 B	2023-05-06	2024-07-27
Pretty URL nsw2u.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-06 01:21:43 Last Seen2024-07-27 02:00:14 Times Seen23933 Hash 23c336606ee3a6d444b305153fa0e2e2 473a2111970ae2a94b373e656d20c4bd4184d703 305375d5052f6a14434d2d338f852f0f4f04fb26495f88a5d62b6afde2e2cc60 Loading...

	nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.5.1	8.0 kB	2023-03-29	2024-07-13
Pretty URL nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.5.1 IP 172.67.150.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:25:58 Last Seen2024-07-13 05:38:46 Times Seen103 Hash e65cb4d4cd399c1b09798edfcea1b41e 49a2a4a502ac7e2c15727c3b7fd6e3d9d5960ff2 d2e0e4ea817ec2075d8ad25c70e9c8e124df393088286cfe1e75dd56069abc2b Loading...

	nsw2u.com/wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.31	110 B	2023-03-08	2024-07-02
Pretty URL nsw2u.com/wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.31 IP 172.67.150.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:02:15 Last Seen2024-07-02 00:15:36 Times Seen60 Hash b7d8aab20ec0137a23e4ff03411bd06c bd7e901bbf5968d13abb3dee762244715541bdfe 651cbb53c3e67a452582c597784a988f2ad5db132c709c279a23ad74b9917448 Loading...

	unknown	187 B	2023-10-15	2023-11-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-15 00:59:56 Last Seen2023-11-15 08:46:30 Times Seen10 Hash 91f51021b7facfc276086d27fa65c473 26171fc83df06a093b5760bb0ea2b78f9aacefee e67e7ca5672b9d50d3020a0ea25054f83a552dc00c9377e164bcc9bf34463fdf Loading...

	unknown	90 B	2023-05-25	2024-07-02
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-05-25 07:37:48 Last Seen2024-07-02 00:15:36 Times Seen52 Hash 08fde8ea209fc5fc4fdb2a9c614edaf8 7b54ed7f80a3c3187c406e0c3d9ad247516a05fa ec939e7c2a87ddbb495dbe67a38c2291826a37c7c00e03f22ba7fb05d290349a Loading...

	c0.wp.com/c/6.3.2/wp-includes/js/dist/i18n.min.js	9.4 kB	2023-08-08	2024-07-27
Pretty URL c0.wp.com/c/6.3.2/wp-includes/js/dist/i18n.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-08 23:25:56 Last Seen2024-07-27 01:39:05 Times Seen19647 Hash c2c4e2a562e06e1cb22293a5b920aca6 a7b5a369ac4883f1ee7fa701b238d20238b675ca 698e93fe491cc7bbf07a470579a33dbd0db53c19142b7be41ebfd39a23aef11f Loading...

	cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.3.2	7.9 kB	2023-03-07	2024-07-27
Pretty URL cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.3.2 IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:08 Last Seen2024-07-27 01:56:10 Times Seen4288 Hash 45bacd312d5098b4b59f563d8756c15d fa55e2cff078381e5365d95782a95a787d0b7192 3d9120fa621da6d613c1698b7014ec6bdf4620366e8f2b7b547059f4b6f6272b Loading...

	unknown	145 B	2023-05-11	2024-07-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 18:42:32 Last Seen2024-07-02 00:15:36 Times Seen25 Hash a23ba5b3c2d71c61ef5b40a4b5d84a17 8732a5e5f3d3bd88ddedb1cd24c2d17363e019d0 c2ec440a15201b83bbb8914f9e52de7f4455e44a992f6ab761b5bd62f3a1045b Loading...

	unknown	3.3 kB	2023-10-21	2023-10-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-21 10:01:34 Last Seen2023-10-21 10:01:34 Times Seen1 Hash 1b96b3f3baf250de04ee27395c0ecd27 2b5763dbc74be334d7cc03df730d60c8ebdb316f aadb72e56777043ffd5978babd496ef438793550f9054f510076609d4c615221 Loading...

	nsw2u.com/wp-content/cache/wpfc-minified/7kcuf8x0/5qz0r.js	6.2 kB	2023-09-23	2023-10-29
Pretty URL nsw2u.com/wp-content/cache/wpfc-minified/7kcuf8x0/5qz0r.js IP 172.67.150.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-23 16:46:34 Last Seen2023-10-29 19:39:38 Times Seen10 Hash 38fca9e0ca205130e3dddbdcda3b4a85 2c0ac19235a88fb361aff39bc0922e4b946c2c5e 43c8d614ba6e97fd9ee9dcf0ae49334ed5d601403ffe8551a74e1a9faf70efaa Loading...

	nsw2u.com/wp-content/cache/wpfc-minified/6zu0bqmr/5qz0r.js	2.8 kB	2023-06-26	2023-10-29
Pretty URL nsw2u.com/wp-content/cache/wpfc-minified/6zu0bqmr/5qz0r.js IP 172.67.150.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-26 20:11:26 Last Seen2023-10-29 19:39:38 Times Seen13 Hash 351390b839bf683126e78afb44004636 5631ca683d75c60eb3dba2bed734716accbe5426 f9a6294ee0f29b05710d50c6f338bbf5465c1aa22a5d0a7a73e99bbe0845d4b0 Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-07-27
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.110 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-07-27 04:04:32 Times Seen384357 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	unknown	134 B	2023-10-21	2023-10-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-21 10:01:34 Last Seen2023-10-21 10:01:34 Times Seen1 Hash 9cf40a03ca9032ffd8a53cc30b4ab81f d33fecf8ea7ce23a3a4a846f46b30e0a660abbf8 65aeb663deba1f501bc69edbf6be282e3e7a58129018ffde5ded71663f1131b9 Loading...

	unknown	68 B	2023-03-07	2024-07-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-07-27 03:56:15 Times Seen25169 Hash d30f13da1f424ee0383b76edc55881e1 7e348a5f57ab13eedbc4ed917cdeee5bb9f9bd46 cf01a621447e67a81629bc28276677c86c48fd72c44cba83a82448574aadfd60 Loading...

	stats.wp.com/w.js?ver=202342	11 kB	2023-05-15	2024-05-20
Pretty URL stats.wp.com/w.js?ver=202342 IP 192.0.76.3 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-15 15:42:40 Last Seen2024-05-20 18:55:22 Times Seen3950 Hash f6c87bc49e7646c7ccda489b9defc829 9003fc52b4c4014b4bd9fe2f4506440b299478b2 e97d12898ebf1039197a2a1c2f87bfe3b56f93eca2bfe60a46a1053fab7ad860 Loading...

	nsw2u.com/wp-content/themes/posterpro/js/navigation.js?ver=20120206	2.3 kB	2023-03-07	2024-07-13
Pretty URL nsw2u.com/wp-content/themes/posterpro/js/navigation.js?ver=20120206 IP 172.67.150.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39:41 Last Seen2024-07-13 18:44:55 Times Seen350 Hash c3a5b08af3e63049707797efe65eab86 f66ed251ef8c24614ff24376d472f2f394f7b93f d79752e33e156b5cb219ab45103fe0ed7d80f111533dd8eec42c57546b4da500 Loading...

	unknown	53 B	2023-03-12	2024-07-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 08:01:59 Last Seen2024-07-02 00:15:36 Times Seen29 Hash d3ead7e34b8fbb76cb63a9a39943859e 63fd3f10bd402ea5cc976e7bb1a45094edc3c9b7 9e66e7b215400aaa09d635b39effef5986bfb2e86a789c6fd4b8b36ffa52ba09 Loading...

	pagead2.googlesyndication.com/pagead/js/adsbygoogle.js	1.6 kB	2023-05-06	2024-07-27
Pretty URL pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP 142.250.74.130 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-06 01:21:43 Last Seen2024-07-27 02:00:14 Times Seen23778 Hash 2e9e391ad98fbe1b2de0b7b4fa9ca904 21d7771223e8286a06ad878af425094a40de32b5 1468d954f25ab75355f3c0f42cd9c84efd64a67922c47d3b69bdb6d0eb399e69 Loading...

	c0.wp.com/c/6.3.2/wp-includes/js/jquery/jquery-migrate.min.js	14 kB	2023-05-09	2024-07-27
Pretty URL c0.wp.com/c/6.3.2/wp-includes/js/jquery/jquery-migrate.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-09 19:21:05 Last Seen2024-07-27 03:56:16 Times Seen111326 Hash 9ffeb32e2d9efbf8f70caabded242267 3ad0c10e501ac2a9bfa18f9cd7e700219b378738 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89 Loading...

	nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.5.1	3.9 kB	2023-03-29	2024-02-26
Pretty URL nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.5.1 IP 172.67.150.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 21:02:17 Last Seen2024-02-26 05:33:40 Times Seen141 Hash 87015559c535c9314bb1a8d6ed05597e b9e3b22a2bd7457d044551d5126a29bae25489a9 e5903bfc201247ffb215a9c8ca6b66cf2b77d63dc7c7953937619535dd394a7e Loading...

	doruffleton.com/tag.min.js	81 kB	2023-10-20	2023-10-24
Pretty URL doruffleton.com/tag.min.js IP 139.45.197.244 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-20 12:59:20 Last Seen2023-10-24 20:11:50 Times Seen291 Hash 2c433b3a7bd223a09d253bc43a4b0e1b 6b4d75928278e355515d83228c12b33a7054ec08 09f60ff073f52f912ab3522789cf0379dc3846f444566af619d2af5f1af459b8 Loading...

	www.googletagmanager.com/gtag/js?id=G-HS5Y0K7QPG&l=dataLayer&cx=c	215 kB	2023-10-21	2023-10-21
Pretty URL www.googletagmanager.com/gtag/js?id=G-HS5Y0K7QPG&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-21 10:01:34 Last Seen2023-10-21 10:01:35 Times Seen2 Hash 3df08b577f9316760bce2839503a1ab6 0e31b3601310d0dbbb56a3d8ca63ece87bc86a92 cf738c56ad6b49abc628b69178c2872f3a2cba5f6a44a136855924cc1cbffd73 Loading...

	cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.3.2	1.9 kB	2023-03-07	2024-07-27
Pretty URL cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.3.2 IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:32:49 Last Seen2024-07-27 01:56:10 Times Seen5688 Hash f6a3dd4ecbf227acbafcff33d68dc71d 7421115ddcd5d436b89a1fd27e0cdce5a01978e6 30b2271be76ee2dd43122d0611f8aa498b9781f4cd03904ca12e12d2e91e9421 Loading...

	c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/regenerator-runtime.min.js	6.6 kB	2023-03-14	2024-07-26
Pretty URL c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/regenerator-runtime.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 07:30:15 Last Seen2024-07-26 17:59:10 Times Seen38631 Hash 9a4f28a615173df36cb84be2b345816e f709263841708d9e40268f24a0072ff4fe811b35 6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6 Loading...

	unknown	327 B	2023-06-05	2024-07-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-05 20:48:48 Last Seen2024-07-02 00:15:36 Times Seen25 Hash 0a55a8928cbca5bfac5a66c1723452e6 9f786632275f60fbb585193fa762b0dc5e711a51 7528db72a98a32805f731cc62e8a47bf9218f6e7d02183d9c77e73868e8884a0 Loading...

	nsw2u.com/sandbox%20eval%20code	147 B	2023-04-11	2024-07-27
Pretty URL nsw2u.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-07-27 04:04:32 Times Seen385008 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	unknown	116 B	2023-03-12	2024-07-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 08:01:59 Last Seen2024-07-02 00:15:36 Times Seen29 Hash 4733472fadbcf993b031e917e8c1a8bb 25a0a1bbaaefc39004ab2d28cfa0291c2920c8d3 2d901063b6ea17df1dac8e5cdcdecd6359fe0c8613a456bfc1f3b15b03dd5143 Loading...

	banquetunarmedgrater.com/advertisers.js	0 B	2023-03-07	2024-07-27
Pretty URL banquetunarmedgrater.com/advertisers.js IP 172.67.177.178 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-07-27 04:22:54 Times Seen41185128 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	294 B	2023-05-11	2023-10-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 18:42:32 Last Seen2023-10-30 14:42:44 Times Seen20 Hash f73754c10536a2e729f6d06f9e7f191f f69f394a68fcebecbce2ada0f6f8a91ffc077790 06dc51e59503bfca6c59b6050f0dba624b14358f3644d81a3f6605f6586151f6 Loading...

	unknown	1.4 kB	2023-10-21	2023-10-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-21 10:01:34 Last Seen2023-10-21 10:01:34 Times Seen1 Hash 86700c0e2662a8f57091453a874eecb6 fead3e1cc70babadc70973835289f17a7ad27f29 cb2f6663aaf8c48f2550769366eaad8a8d8fc60500de52e0b0221454ef49bd00 Loading...

	nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.2	4.6 kB	2023-03-07	2024-07-17
Pretty URL nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.2 IP 172.67.150.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:29 Last Seen2024-07-17 10:57:37 Times Seen923 Hash 3940eede2b6841663dddd9e946dec11e ccb59e18338a06a5f0168be0bd1677710f6d7bd4 b0fadf75681475e975bd2bdaceac6c08e8f5ef06f9a1c7fe9f3f7a571f5bc935 Loading...

	c0.wp.com/c/6.3.2/wp-includes/js/dist/hooks.min.js	4.6 kB	2023-08-08	2024-07-27
Pretty URL c0.wp.com/c/6.3.2/wp-includes/js/dist/hooks.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-08 23:25:56 Last Seen2024-07-27 01:39:05 Times Seen21374 Hash 7bd48eb3bd568033e96caf0fb62e6690 b38066999294b99d92d95db5f38bc15707eb1f22 7868467c94a5aa0b3f11ef542f45287967f9627b3b5acdc86e47f8f77a126596 Loading...

	www.googletagmanager.com/gtag/js?id=G-V5K7GYT3S4&l=dataLayer&cx=c	229 kB	2023-10-21	2023-10-21
Pretty URL www.googletagmanager.com/gtag/js?id=G-V5K7GYT3S4&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-21 10:01:34 Last Seen2023-10-21 10:01:35 Times Seen2 Hash 8ae2b751a5e73fa3fbb58a72dff2881c f45721d161c83844258500fc27fb4242d20de1ed 66189b971bac09e032b95af5631af2503655647425fe9db9f0249093cbefe9e4 Loading...

	nsw2u.com/wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115	880 B	2023-03-07	2024-07-18
Pretty URL nsw2u.com/wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115 IP 172.67.150.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:25:13 Last Seen2024-07-18 12:00:16 Times Seen202 Hash 88744222f59f4700c6bc9212e12a653c df0bf43d60bed605eabbcb2776e0fbb46f1d1c05 4b179f8204186f3aa954f47cd81dbe86bf89c08edb8d5341b8e0697d99e35073 Loading...

	nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.min.js	124 kB	2023-03-07	2024-07-02
Pretty URL nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.min.js IP 172.67.150.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:57:57 Last Seen2024-07-02 09:04:02 Times Seen168 Hash 7ed39eb42c8c450b59a24bab9cfa7fae 7fdd3fee90709f703fac533b6061864fcd7ec206 35ddb1ce73a4ac4f4792b00c8b8c56cbf857910ada5e2a0183d898b01adc16bb Loading...

	nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=be4054ef01b79af42428	79 kB	2023-09-22	2023-11-28
Pretty URL nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=be4054ef01b79af42428 IP 172.67.150.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-22 00:36:34 Last Seen2023-11-28 22:45:16 Times Seen32 Hash 492b6d5195d2fbd9e612a20a9bd1a009 abd6a079460dc394397df83a9ea641ee03884c58 937ba827d294056f81fcab0e37e5769ca968072be205dcd7125fb61e5a7cdac9 Loading...

	c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js	8.2 kB	2023-03-13	2024-07-27
Pretty URL c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:32:06 Last Seen2024-07-27 03:56:16 Times Seen61189 Hash dda652db133fddb9b80a05c6d1b5c540 60c8514c57a5db2980c4b046b0dd479bd427357b c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4 Loading...

	definedbootnervous.com/a45922fa4966955cecdffbdde5347ae5/invoke.js	30 kB	2023-10-21	2023-10-21
Pretty URL definedbootnervous.com/a45922fa4966955cecdffbdde5347ae5/invoke.js IP 173.233.137.44 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-21 10:01:34 Last Seen2023-10-21 10:01:35 Times Seen2 Hash d87a182707920d7664c1ace9f12b53c1 1164f79c904bcd13669dbb0fe14ed1c8c941ff25 aaed11c14a669e672932b0d75843c883d05884f5a12a86084b85675d4f1f1fb2 Loading...

	nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=0aa4f53ecbe8911b5307	7.6 kB	2023-09-23	2023-11-28
Pretty URL nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=0aa4f53ecbe8911b5307 IP 172.67.150.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-23 16:46:34 Last Seen2023-11-28 22:45:16 Times Seen41 Hash 70c183398322d73b50b8b4abece239a9 e79dec738456aa7882ffbaf481eb13849da7c227 969eb11be3a2271857373fe0e1424232f62f24ebc4cac8cd532c35d43634c046 Loading...

	overcrummythrift.com/ed/6c/a5/ed6ca5eb8abc9a864ffa39115799b641.js	60 kB	2023-10-21	2023-10-21
Pretty URL overcrummythrift.com/ed/6c/a5/ed6ca5eb8abc9a864ffa39115799b641.js IP 192.243.61.227 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-21 10:01:34 Last Seen2023-10-21 10:01:35 Times Seen2 Hash d887ee21cc53720d63a4e09ce0fa4eeb b47652dfef4c396c54ea6d91c01c2b974096d3b9 f34d7e4d33660eb8ddc7b8926a0b8c2b1edb170cc5fd007ecf1a35abc352c0c2 Loading...

	www.googletagmanager.com/gtag/js?id=UA-262573192-2	191 kB	2023-10-21	2023-10-21
Pretty URL www.googletagmanager.com/gtag/js?id=UA-262573192-2 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-21 10:01:34 Last Seen2023-10-21 10:01:35 Times Seen2 Hash e270f689d0703e72b7a58a610ac88d56 22097bcb9127b879722784c05d62a11fe7fc798c 2cb09ac6f8d66e2e4413534a01b5859ee201afaea65826d0f4b5a7f59bd3a9d7 Loading...

	nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.core.js	14 kB	2023-03-08	2024-07-13
Pretty URL nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.core.js IP 172.67.150.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:39:55 Last Seen2024-07-13 05:38:47 Times Seen118 Hash 0e78b1db7d662e95ae8c3506146b080a 9f1675c87a306e4dd45f84d0b7ac484ae506245e 6e79424f448b401656e2384514c9332a4baa6ab4d458ba048655e01f4b1c60f2 Loading...

	unknown	244 B	2023-10-21	2023-10-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-21 10:01:34 Last Seen2023-10-21 10:01:34 Times Seen1 Hash f25c19a5de98a9d437a64f3ab177c9f9 fa9b7e79ebfd6aafbada1ec30c8cfe15b92d2ce5 f5fc4d722db65a21f35c6af539eb92abb95220bc3d5f9192db41dfb0f3c83d1d Loading...

	nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-ajax-search.min.js?ver=5.5.2	68 kB	2023-03-13	2024-07-22
Pretty URL nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-ajax-search.min.js?ver=5.5.2 IP 172.67.150.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:31:51 Last Seen2024-07-22 22:19:25 Times Seen253 Hash 51480f0afb0a30743ae59a3455633c75 2b46f094cb87015fa342da2bf1767413ec5c92b5 108cd01e5eaa34e9942ca8af9f8fe70271d3a3a5028fa085c628c162c3706d2d Loading...

	nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=a812fafe63c2ca6c059f	77 kB	2023-09-22	2024-01-17
Pretty URL nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=a812fafe63c2ca6c059f IP 172.67.150.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-22 00:36:34 Last Seen2024-01-17 09:00:22 Times Seen65 Hash 3c7e73dd02f57abb6fec8fadea6e35b0 dfec9a1a86ae00e26c0067bd8c8b7ea4860239c8 d4e76d642b11df90fe1e33c420b70c975a23eebc7aea1416a272439ea9903019 Loading...

	unknown	59 kB	2023-10-21	2023-10-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-21 10:01:34 Last Seen2023-10-21 10:01:34 Times Seen1 Hash 88b76a9d0b695baedac86e3d6d5c9d5f e5a4e4f4f20e0aa25e47568b332e5822dc76c057 589f3d490ae85cc5d4de6b11fe8e13d8b9394e6a72763089e0bf26374e6b5bc1 Loading...

	cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.3.2	3.1 kB	2023-03-07	2024-07-24
Pretty URL cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.3.2 IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:06:25 Last Seen2024-07-24 19:44:02 Times Seen558 Hash 94279a9a0c4060a96efcf1da47716f86 ea88b3fd8b01a8b86edfd0f4120cc9a834893018 d41c6733a8c4a3a7f08204de8e3d60e1d2baf17dd7f675a26830fb1047fac40a Loading...

	nsw2u.com/wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.31	22 B	2023-03-08	2024-07-02
Pretty URL nsw2u.com/wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.31 IP 172.67.150.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:02:15 Last Seen2024-07-02 00:15:39 Times Seen81 Hash 41bd53fe0ee631d5cfd895e18a53291d 9d9d3c42c53ad7f906cb083a0d2d37afb4537764 dfb2e16986e257b608b45d14396378a8f2ac6a7321c0dc2f13c66a33ec8e4a40 Loading...

	friendshipmale.com/sfp.js	86 kB	2023-08-25	2023-11-23
Pretty URL friendshipmale.com/sfp.js IP 172.64.101.19 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-25 12:30:49 Last Seen2023-11-23 01:47:35 Times Seen11542 Hash 2d0450888479d4ddda305bd96206b240 5b4595aab1cd3f854718e05db9be0c65a12ab2f6 44de073e74ff24c6b1c0fe1f3ac5b33d793560e85ef24fb6ce89e76c2cf90af6 Loading...

	nsw2u.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js	12 kB	2023-03-07	2024-07-27
Pretty URL nsw2u.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js IP 172.67.150.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-07-27 03:41:27 Times Seen49992 Hash 88a769d2fe35899fd45a332a0a032cc0 514c6c1d8475d17e412849a4c90159517d0fa10a ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142 Loading...

	c0.wp.com/c/6.3.2/wp-includes/js/jquery/jquery.min.js	88 kB	2023-06-13	2024-07-27
Pretty URL c0.wp.com/c/6.3.2/wp-includes/js/jquery/jquery.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-13 23:41:38 Last Seen2024-07-27 01:39:07 Times Seen48546 Hash ff04dd1ef5c67998d8652330c0441689 5e6ff5bd5240181a8bdea983837f39ac231dac4d 5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164 Loading...

	unknown	3.4 kB	2023-08-13	2023-10-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-13 04:23:46 Last Seen2023-10-30 14:42:44 Times Seen12 Hash 56707025a82573f275588f90b350d3ad f13b7c18e940908856144a8a4783f01984c5c4a7 163e5c7829763a6443786bf0b88bdf7756c6500d6394ecd344a02dd9ba947d27 Loading...

	unknown	451 B	2023-10-21	2023-10-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-21 10:01:34 Last Seen2023-10-21 10:01:34 Times Seen1 Hash d6f26fa42bcf49dfb16b9c1896a070e6 69e50efc31612bcb03b59e513ad1cf161fa8aa7e 7014bfa3f7d18903dff1b01314fcdfe38cb40efd212f66617c3b5a281ba983fb Loading...

	unknown	82 kB	2023-10-21	2023-10-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-21 10:01:34 Last Seen2023-10-21 10:01:34 Times Seen1 Hash 3901e66cc9367bbf9ee2b6c84212765e fc365605350b724e7dcb0559da6f49d12e2acc97 9a4bae87c9792eb4954318266de71530aa358ec3db4662213337a6ee887ef632 Loading...

	nsw2u.com/wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.31	23 B	2023-03-08	2024-07-02
Pretty URL nsw2u.com/wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.31 IP 172.67.150.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:02:15 Last Seen2024-07-02 00:15:39 Times Seen79 Hash e509c98a0bcad0ce8e6248ac8eb31de1 ec5fe203df631088270b5f2b0b7a85498a2aeb8b 352ea4dd2d545563bef7eb0ba6d6ebfe4bc9d9e51ab00d9c925cb9e103edee63 Loading...

	unknown	26 kB	2023-10-21	2023-10-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-21 10:01:34 Last Seen2023-10-21 10:01:34 Times Seen1 Hash 6bcb003af2e9006764277b17c7903942 d1b2b56f207eb3ad07df4ab73e8ab70f5ea129e1 cd12ce85c9966197aef71bd73573b0bc02a40c7e593ffe8b5f1cc7ad027c8c8b Loading...

	c0.wp.com/c/6.3.2/wp-includes/js/dist/url.min.js	9.1 kB	2023-08-08	2024-07-17
Pretty URL c0.wp.com/c/6.3.2/wp-includes/js/dist/url.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-08 23:54:07 Last Seen2024-07-17 10:57:35 Times Seen1001 Hash 16e2e46b37590d0f0b095e0dc1aaaf87 11fd26f35df888a81534699194516b5178c217a4 68355abe687cffeeefe36bc69855523ab4745d0e753f7417138f9a41259cce71 Loading...

	nsw2u.com/wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.31	21 B	2023-08-13	2024-07-02
Pretty URL nsw2u.com/wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.31 IP 172.67.150.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-13 04:23:46 Last Seen2024-07-02 00:15:38 Times Seen48 Hash 169a5dd1261e0d434162d1af68acbbcd c18d59ed069049b012a61a8e6b958bfb25bc1b71 82b3dabc6615507ef352f36aa08a805d409e883f8024fd01fda43175b6b67b38 Loading...

	c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/wp-polyfill.min.js	16 kB	2023-07-22	2024-07-27
Pretty URL c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/wp-polyfill.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-22 18:30:44 Last Seen2024-07-27 01:39:05 Times Seen14160 Hash 94dfdbe80f36b3be63ce74ff1135b996 5e05077d99e736af42b2da70e428e7f7df556dd4 4c0ced2cb3830d045cdd74f745fd4d6dcb082d8edd3a9fe46e39295e30cb8032 Loading...

	unknown	79 B	2023-03-07	2024-07-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:29 Last Seen2024-07-23 23:57:38 Times Seen742 Hash ab1b0ef42311479d7559bffd29ef8d7d ba1509057a5f82563a2b55a7379f4825fe35bcab 37bf8b4db5288941c20c28fd7c0b201d2270201a94739d64462744ffe6b52f79 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 75b0ebe5e06ae86f2546efa005619751	2.1 kB	2023-10-21	2023-10-21
Pretty Observations First Seen2023-10-21 10:01:34 Last Seen2023-10-21 10:01:34 Times Seen1 Hash 75b0ebe5e06ae86f2546efa005619751 4932c3d71e1f9d0d7a34bcbd9401d32a321baf80 2f12e6eb6a8be9021960f6fab1259286e0924021db24775ae0af121547f5a117 Loading...

	#2 Eval - 6d229e5c81f7934ab64a8bbeed0df2fa	6.3 kB	2023-10-21	2023-10-21
Pretty Observations First Seen2023-10-21 10:01:35 Last Seen2023-10-21 10:01:35 Times Seen1 Hash 6d229e5c81f7934ab64a8bbeed0df2fa f3904dae9e58e4e31e309c19fe21a5534da94fb1 60af7589fbf31ba3b67dc4804f4e331afe069f4463ef0bd11fd588a9a52ce0f4 Loading...

HTTP Transactions (92)

URL IP Response Size

www.nsw2u.com/

188.114.97.1

301 Moved Permanently

0 B

URL User Request GET HTTP/2
www.nsw2u.com/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: www.nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Sat, 21 Oct 2023 08:01:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 21 Oct 2023 09:01:12 GMT
Location: https://www.nsw2u.com/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jBP0YiuLYsoaI44h%2FuyBOyGs64hjfQZV25dwxbHPieGzEmlDbuBt2phx4SG5BeUl7r2GGXqgn7ygEhJJBZk9dJf4efoWmv86ZLYSFBT7WA4V5UkT6f8C%2FP%2FSmWNL7mz8"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8197f8a76d180b31-OSL
alt-svc: h2=":443"; ma=60

www.nsw2u.com/

188.114.96.1

301 Moved Permanently

16 kB

URL User Request GET HTTP/2
www.nsw2u.com/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
PNG image data, 350 x 350, 8-bit colormap, non-interlaced\012- data
Size
16 kB (15671 bytes)
Hash
134fce13c189ed0e483a1bddb6406204
eed559ac52e9731c56a1fb03eb94fc82e551bb66
723597ec6e9461e79c420faf0454170cf6f9243246a4fac3cef5f05a4b5be791

HTTP Headers

GET / HTTP/1.1
Host: www.nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sat, 21 Oct 2023 08:01:15 GMT
content-type: text/html; charset=UTF-8
location: https://nsw2u.com/
x-powered-by: PHP/7.4.20
x-redirect-by: WordPress
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mmp4R61WjY5ddkbUplLhdDBh8dkmbHXhKz4P96Ew1oWp88E5iLubDzQ6S2F1rHmpYwivK7BWG0AI9HM0yVxr4jizIFRreyLmMvfVxPFG%2B1w%2FnoqlrT9tGeOsr35loELs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f894ef48569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

nsw2u.com/wp-content/plugins/ad-inserter/images/ads.png

172.67.150.79

200 OK

95 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/ad-inserter/images/ads.png
IP
172.67.150.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Size
95 B (95 bytes)
Hash
71a50dbba44c78128b221b7df7bb51f1
0ec63b140374ba704a58fa0c743cb357683313dd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

HTTP Headers

GET /wp-content/plugins/ad-inserter/images/ads.png HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: image/png
content-length: 95
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Fri, 22 Sep 2023 09:31:12 GMT
cf-cache-status: HIT
age: 40789
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uNlijq62CfsXIL6X1dwXCuiKFjDlkI62%2FUhHfTPQqQaHUefvo8elCvpmxh5nmiCR512%2F3BvgbBb58PnE9ypIAEMOvQgYmhrm02D7yd4LK8a%2FSVWh%2FLGuTdkxyLM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8197f8bddb5a56bf-OSL
alt-svc: h3=":443"; ma=86400

i0.wp.com/images.vfl.ru/ii/1679750390/4e99e8e1/38826367.jpg?ssl=1

192.0.77.2

200 OK

32 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1679750390/4e99e8e1/38826367.jpg?ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 549x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
32 kB (31608 bytes)
Hash
3dde27351094fd110611b7099df7612d
1f8633afc647ab96114d9cd7b87b2e1bd9d73fae
f7118208621987432e4309b2429b3ca26191166ec2b5b4dfab15204958f9de33

HTTP Headers

GET /images.vfl.ru/ii/1679750390/4e99e8e1/38826367.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: image/webp
content-length: 31608
last-modified: Sat, 25 Mar 2023 13:28:37 GMT
expires: Tue, 25 Mar 2025 01:28:37 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1679750390/4e99e8e1/38826367.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "5948b74d64865dea"
vary: Accept
x-nc: HIT arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1696250976/cac8d0a1/39022607.jpg?ssl=1

192.0.77.2

200 OK

44 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1696250976/cac8d0a1/39022607.jpg?ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 549x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
44 kB (44016 bytes)
Hash
75c6cf85f705a0e0864e59824ab2c735
cab75b114fd4bfefe79a88008824f651801bd557
8e2a80cbd5c939e48360b46716bf1cd7598ad513f525a34ae9b2a3f549c0d18e

HTTP Headers

GET /images.vfl.ru/ii/1696250976/cac8d0a1/39022607.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: image/webp
content-length: 44016
last-modified: Mon, 02 Oct 2023 12:52:59 GMT
expires: Thu, 02 Oct 2025 00:52:59 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1696250976/cac8d0a1/39022607.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "88dd70ee97fb240b"
vary: Accept
x-nc: HIT arn 2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/nsw2u.png?w=216&ssl=1

192.0.77.2

200 OK

2.8 kB

URL GET HTTP/2
i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/nsw2u.png?w=216&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.8 kB (2836 bytes)
Hash
948c6dc3d3c1e2e9d315418f6eabe2bf
ed06ff1f0994f3be033f22d808241d3fcca9d1e8
3a2e29960ba6130c22ce96089a7592ae91b6a0d6a11595a10daaa9662522ad0b

HTTP Headers

GET /nsw2u.com/wp-content/uploads/2022/07/nsw2u.png?w=216&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: image/webp
content-length: 2836
last-modified: Sat, 24 Sep 2022 18:25:42 GMT
expires: Tue, 24 Sep 2024 06:25:42 GMT
cache-control: public, max-age=63115200
link: <https://nsw2u.com/wp-content/uploads/2022/07/nsw2u.png>; rel="canonical"
x-content-type-options: nosniff
etag: "0101732b85ce3bdc"
vary: Accept
x-nc: HIT arn 4
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/game-2u.com/wp-content/uploads/2023/09/An-Ankou-v0222d-PC.jpg?ssl=1

192.0.77.2

200 OK

10 kB

URL GET HTTP/2
i0.wp.com/game-2u.com/wp-content/uploads/2023/09/An-Ankou-v0222d-PC.jpg?ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 241x339, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
10 kB (10288 bytes)
Hash
4194598bae0dc0733e8732ad557525c1
6c5be826efc0485a36d2e704bd55ca3356235c37
98b5857fef17bdee14fee745c166eff60e57d68b5419421f3e729a88701b29d5

HTTP Headers

GET /game-2u.com/wp-content/uploads/2023/09/An-Ankou-v0222d-PC.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: image/webp
content-length: 10288
last-modified: Wed, 18 Oct 2023 11:59:51 GMT
expires: Fri, 17 Oct 2025 23:59:51 GMT
cache-control: public, max-age=63115200
link: <https://game-2u.com/wp-content/uploads/2023/09/An-Ankou-v0222d-PC.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "f7ff9dbe7ff441fb"
vary: Accept
x-nc: HIT arn 3
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/game-2u.com/wp-content/uploads/2023/10/Block-Story-v1320-PC.jpg?ssl=1

192.0.77.2

200 OK

12 kB

URL GET HTTP/2
i0.wp.com/game-2u.com/wp-content/uploads/2023/10/Block-Story-v1320-PC.jpg?ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 241x339, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
12 kB (11816 bytes)
Hash
be4a35999a33329ce02169058d41f5c1
580f63153a5937d92680337f3e1bac5ff8e02251
bf3bcbce1e4cdcb640b3bd5444e8fcb71e61bb4d54470bc8d0d2b10cd54ed939

HTTP Headers

GET /game-2u.com/wp-content/uploads/2023/10/Block-Story-v1320-PC.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: image/webp
content-length: 11816
last-modified: Wed, 18 Oct 2023 11:59:51 GMT
expires: Fri, 17 Oct 2025 23:59:51 GMT
cache-control: public, max-age=63115200
link: <https://game-2u.com/wp-content/uploads/2023/10/Block-Story-v1320-PC.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "6567df7edcc776bd"
vary: Accept
x-nc: HIT arn 5
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/game-2u.com/wp-content/uploads/2023/10/Nomad-Survival-Build-12453970-PC.jpg?ssl=1

192.0.77.2

200 OK

13 kB

URL GET HTTP/2
i0.wp.com/game-2u.com/wp-content/uploads/2023/10/Nomad-Survival-Build-12453970-PC.jpg?ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 241x339, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
13 kB (13324 bytes)
Hash
518a42734de4847b8e8afced91bc3690
92e38ccff041bf4d778d6bd7498794e31e397e28
fd61b63ed6182c7e773a661db675eb589eb5c857b52065ff00da50346fe2a7ae

HTTP Headers

GET /game-2u.com/wp-content/uploads/2023/10/Nomad-Survival-Build-12453970-PC.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: image/webp
content-length: 13324
last-modified: Wed, 18 Oct 2023 11:59:51 GMT
expires: Fri, 17 Oct 2025 23:59:51 GMT
cache-control: public, max-age=63115200
link: <https://game-2u.com/wp-content/uploads/2023/10/Nomad-Survival-Build-12453970-PC.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "e9a47ef70678dc8d"
vary: Accept
x-nc: HIT arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1696928090/cd438cd8/39032848.jpg?ssl=1

192.0.77.2

200 OK

42 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1696928090/cd438cd8/39032848.jpg?ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 549x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
42 kB (42380 bytes)
Hash
d4928f7b25fded3f8d8a950e9d163f32
d3c246313c0b85eb96b9bea998baeb1c8da5a7c5
6590cb89e20fcfe488bf87db73a0a86d040513f68b0711e6456c0a0da091bce4

HTTP Headers

GET /images.vfl.ru/ii/1696928090/cd438cd8/39032848.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: image/webp
content-length: 42380
last-modified: Tue, 10 Oct 2023 09:05:01 GMT
expires: Thu, 09 Oct 2025 21:05:01 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1696928090/cd438cd8/39032848.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "1f81867bb8a4a38b"
vary: Accept
x-nc: HIT arn 1
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d2f53b5d45c5c1e3e0ed129981832d95
56847aa5bc4806bc9b5125cf8871c1d47fdeda82
e23cb6948acde29d8e68e2d56eaa1d77d5bb0ef7eefb908854950b91cb17808e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Oct 2023 08:01:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

c0.wp.com/c/6.3.2/wp-includes/css/dist/block-library/style.min.css

192.0.77.37

200 OK

13 kB

URL GET HTTP/2
c0.wp.com/c/6.3.2/wp-includes/css/dist/block-library/style.min.css
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (53449)
Size
13 kB (13294 bytes)
Hash
03c0f2128c8dd615b1691c168f1d4456
defa44bed1f35ec899cfd358ca911390bca53e67
67447c3656caad630373253691f3e8f64467eafd6e7305c9b0e98111b0b41694

HTTP Headers

GET /c/6.3.2/wp-includes/css/dist/block-library/style.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Wed, 19 Jul 2023 11:13:55 GMT
content-encoding: br
expires: Sun, 20 Oct 2024 08:01:16 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.31

172.67.150.79

200 OK

22 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.31
IP
172.67.150.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with no line terminators
Size
22 B (22 bytes)
Hash
41bd53fe0ee631d5cfd895e18a53291d
9d9d3c42c53ad7f906cb083a0d2d37afb4537764
dfb2e16986e257b608b45d14396378a8f2ac6a7321c0dc2f13c66a33ec8e4a40

HTTP Headers

GET /wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.31 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
content-length: 22
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=24
expires: max-age=A10368000, public
last-modified: Fri, 22 Sep 2023 09:31:13 GMT
cf-cache-status: HIT
age: 40788
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y%2BYva4JDNJYLYMz6gtVaK5gVYt16NuF7icm1Wme9lYT4LE6OB2otCBYrmuFO%2FEOvJOBkWDW54XsZ9eRcmRq%2F93WOKIe9wcrxnsL%2BxqRgITyqeRVXtMoH%2FCbFJJ8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8197f8c09d8556bf-OSL
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.31

172.67.150.79

200 OK

23 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.31
IP
172.67.150.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with no line terminators
Size
23 B (23 bytes)
Hash
e509c98a0bcad0ce8e6248ac8eb31de1
ec5fe203df631088270b5f2b0b7a85498a2aeb8b
352ea4dd2d545563bef7eb0ba6d6ebfe4bc9d9e51ab00d9c925cb9e103edee63

HTTP Headers

GET /wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.31 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
content-length: 23
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=25
expires: max-age=A10368000, public
last-modified: Fri, 22 Sep 2023 09:31:13 GMT
cf-cache-status: HIT
age: 40788
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2GtYbUldl4Y9GqP6x8KYERuj%2FtZREQkv%2BEbAw6fCRMJpHYQoVWUGPZdA8hBDJ9cCsX84ZHz3P9Qf2NoFYAX0pa4TEcEXxbldmHRLDAvz0s0LcIDnRWCeP5DyKqM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8197f8c09d8456bf-OSL
alt-svc: h3=":443"; ma=86400

c0.wp.com/c/6.3.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css

192.0.77.37

200 OK

2.4 kB

URL GET HTTP/2
c0.wp.com/c/6.3.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (11256), with no line terminators
Size
2.4 kB (2416 bytes)
Hash
2b0dd7eecea03b4bdedb94ba622fdb03
703becba85161118dd6fc66af465428ef43f561c
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

HTTP Headers

GET /c/6.3.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
content-encoding: br
expires: Sun, 20 Oct 2024 08:01:16 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.3.2

104.17.24.14

200 OK

3.2 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.3.2
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (7862)
Size
3.2 kB (3150 bytes)
Hash
45bacd312d5098b4b59f563d8756c15d
fa55e2cff078381e5365d95782a95a787d0b7192
3d9120fa621da6d613c1698b7014ec6bdf4620366e8f2b7b547059f4b6f6272b

HTTP Headers

GET /ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.3.2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript; charset=utf-8
content-length: 3150
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64942b38-c4e"
last-modified: Thu, 22 Jun 2023 11:06:32 GMT
cf-cdnjs-via: cfworker/r2
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 4390506
expires: Thu, 10 Oct 2024 08:01:16 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ypLAx4XidPDCukkU%2BO%2F5KKKV%2Fx7ylJEKJylAj3u7MVO%2F5Xhu07LizNqVcZOpP2iZc6vzTNLjsxQ5JvwfpCa3lP3Yxr3b3uKQUb53R90Ay3wsBTwFWXwSGeVdIJOFQu0oTj8Xjvp9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8197f8c1086c56be-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

c0.wp.com/c/6.3.2/wp-includes/js/mediaelement/wp-mediaelement.min.css

192.0.77.37

200 OK

2.2 kB

URL GET HTTP/2
c0.wp.com/c/6.3.2/wp-includes/js/mediaelement/wp-mediaelement.min.css
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (4186), with no line terminators
Size
2.2 kB (2150 bytes)
Hash
ea958276b7de454bd3c2873f0dc47e5f
b143f6e8e8f79d8f104c26b0057ef5514d763219
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

HTTP Headers

GET /c/6.3.2/wp-includes/js/mediaelement/wp-mediaelement.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
content-encoding: br
expires: Sun, 20 Oct 2024 08:01:16 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.3.2

104.17.24.14

200 OK

677 B

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.3.2
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1845)
Size
677 B (677 bytes)
Hash
f6a3dd4ecbf227acbafcff33d68dc71d
7421115ddcd5d436b89a1fd27e0cdce5a01978e6
30b2271be76ee2dd43122d0611f8aa498b9781f4cd03904ca12e12d2e91e9421

HTTP Headers

GET /ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.3.2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript; charset=utf-8
content-length: 677
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "60641588-750"
last-modified: Wed, 31 Mar 2021 06:24:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 662209
expires: Thu, 10 Oct 2024 08:01:16 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AuxoJsxeRArM0yESAnQ2EvtwGz%2BYjX6bti7i9HroPKw8xKd7PO0cxDpGPrD6ZQC3YbGeuMOHDkB1jNYiJIXfTohDkfJeJifNlYwzy7xn9e2UKWshmQhJlDU%2BJkfXwSjv%2BiTCgjX0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8197f8c1288d56be-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

nsw2u.com/wp-content/themes/posterpro/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0

172.67.150.79

200 OK

77 kB

URL GET HTTP/3
nsw2u.com/wp-content/themes/posterpro/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
172.67.150.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

HTTP Headers

GET /wp-content/themes/posterpro/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/wp-content/cache/wpfc-minified/fhg2umku/5qz0r.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:17 GMT
content-type: application/font-woff2
content-length: 77160
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
cf-cache-status: HIT
age: 40403
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pP4UJb4Va7k39x%2Flb9bjYpx2XR6ddZbE9nr1afRjUIwxJOv6Tnm4Wi2ExTwgAAp2aphFbR4DWIfd6Zqa34MCibUeabimWU6sY%2FPWtNhB1NVsYkemL4gPSLnBLAc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8197f8c1be3c56bf-OSL
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.5.1

172.67.150.79

200 OK

3.8 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.5.1
IP
172.67.150.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text
Size
3.8 kB (3833 bytes)
Hash
87015559c535c9314bb1a8d6ed05597e
b9e3b22a2bd7457d044551d5126a29bae25489a9
e5903bfc201247ffb215a9c8ca6b66cf2b77d63dc7c7953937619535dd394a7e

HTTP Headers

GET /wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.5.1 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Fri, 20 Oct 2023 08:20:23 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pNTdRhUUBH7Y01kMHXvgE6k%2BciOIO8Uey2FcoX1vWrh%2BDHS3eHDlsc3J0jXU%2Fn1duj5kSHTRz2LHsJnBR0139q8wmGy1Tju8wHNOn3xuW7V23opDYDjTI99jpUc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8c0cda656bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?resize=405%2C155&ssl=1

192.0.77.2

200 OK

7.7 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?resize=405%2C155&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 405x155, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
7.7 kB (7712 bytes)
Hash
1f2664d6059193e6c1a59ee7ef14d1a0
46542860abd849426ea23d66c601ff0888d735db
f685610012cd711cdf0f3f186e878030c152058d3705dd751d6048d480bc2621

HTTP Headers

GET /images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?resize=405%2C155&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:17 GMT
content-type: image/webp
content-length: 7712
last-modified: Sat, 11 Jun 2022 22:08:00 GMT
expires: Tue, 11 Jun 2024 10:08:00 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "416c01d7e07bbbbf"
vary: Accept
x-nc: HIT arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-262573192-2

142.250.74.168

200 OK

69 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-262573192-2
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint81:B9:A4:E4:E4:84:05:A7:F6:52:4F:E2:74:27:36:05:0D:74:15:89
ValidityThu, 28 Sep 2023 05:26:20 GMT - Thu, 21 Dec 2023 05:26:19 GMT

File type
ASCII text, with very long lines (4179)
Size
69 kB (69231 bytes)
Hash
e270f689d0703e72b7a58a610ac88d56
22097bcb9127b879722784c05d62a11fe7fc798c
2cb09ac6f8d66e2e4413534a01b5859ee201afaea65826d0f4b5a7f59bd3a9d7

HTTP Headers

GET /gtag/js?id=UA-262573192-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 21 Oct 2023 08:01:17 GMT
expires: Sat, 21 Oct 2023 08:01:17 GMT
cache-control: private, max-age=900
last-modified: Sat, 21 Oct 2023 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 69231
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=0aa4f53ecbe8911b5307

172.67.150.79

200 OK

3.6 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=0aa4f53ecbe8911b5307
IP
172.67.150.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (7553), with no line terminators
Size
3.6 kB (3611 bytes)
Hash
70c183398322d73b50b8b4abece239a9
e79dec738456aa7882ffbaf481eb13849da7c227
969eb11be3a2271857373fe0e1424232f62f24ebc4cac8cd532c35d43634c046

HTTP Headers

GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=0aa4f53ecbe8911b5307 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 12 Oct 2023 20:06:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s9aaTQ5AwQd1DN1kcCiL5IQfDGgXZm1kn8AFwnOLUf3qVX4%2B55ObAtYdrVXzhJV36DmNDyZRVzI0XRK2bxXl53RAerjTrhg%2FGGFPL8cl6JhVaj4gxAj5x3iXdqA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8c0fdcc56bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=192%2C192&ssl=1

192.0.77.2

200 OK

2.6 kB

URL GET HTTP/2
i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=192%2C192&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.6 kB (2568 bytes)
Hash
513677192f138c2aba3a3847c320f723
7ce5b67d80a2c2dedf8685b08547bcc8bf012f99
d60495bc835271423ec6445708aceb3a068ed6f2ebfd796a86c9f9e134ca1788

HTTP Headers

GET /nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=192%2C192&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:17 GMT
content-type: image/webp
content-length: 2568
last-modified: Sat, 24 Sep 2022 18:28:57 GMT
expires: Tue, 24 Sep 2024 06:28:57 GMT
cache-control: public, max-age=63115200
link: <https://nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png>; rel="canonical"
x-content-type-options: nosniff
etag: "deb437b05941c6de"
vary: Accept
x-nc: HIT arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=32%2C32&ssl=1

192.0.77.2

200 OK

374 B

URL GET HTTP/2
i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=32%2C32&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
374 B (374 bytes)
Hash
43df8a9873aa31bb000672a677ac1640
4c1bcd8c3a797217d375df16b4bcab2d6a2763a3
d865b1c06cbff014e7c47cf5afb4332de4c95a537f86074e001b577c50aef07d

HTTP Headers

GET /nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=32%2C32&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:17 GMT
content-type: image/webp
content-length: 374
last-modified: Sat, 24 Sep 2022 18:25:44 GMT
expires: Tue, 24 Sep 2024 06:25:44 GMT
cache-control: public, max-age=63115200
link: <https://nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png>; rel="canonical"
x-content-type-options: nosniff
etag: "9a9a255d155ea6c0"
vary: Accept
x-nc: HIT arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

www.google-analytics.com/analytics.js

142.250.74.110

200 OK

21 kB

URL GET HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.110:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint81:B9:A4:E4:E4:84:05:A7:F6:52:4F:E2:74:27:36:05:0D:74:15:89
ValidityThu, 28 Sep 2023 05:26:20 GMT - Thu, 21 Dec 2023 05:26:19 GMT

File type
ASCII text, with very long lines (2343)
Size
21 kB (20994 bytes)
Hash
575b5480531da4d14e7453e2016fe0bc
e5c5f3134fe29e60b591c87ea85951f0aea36ee1
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: object
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20994
date: Sat, 21 Oct 2023 07:48:51 GMT
expires: Sat, 21 Oct 2023 09:48:51 GMT
cache-control: public, max-age=7200
age: 746
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

nsw2u.com/wp-content/themes/posterpro/js/navigation.js?ver=20120206

172.67.150.79

200 OK

82 kB

URL GET HTTP/3
nsw2u.com/wp-content/themes/posterpro/js/navigation.js?ver=20120206
IP
172.67.150.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text
Size
82 kB (81954 bytes)
Hash
c3a5b08af3e63049707797efe65eab86
f66ed251ef8c24614ff24376d472f2f394f7b93f
d79752e33e156b5cb219ab45103fe0ed7d80f111533dd8eec42c57546b4da500

HTTP Headers

GET /wp-content/themes/posterpro/js/navigation.js?ver=20120206 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xpVRSiySaa9JQ5ziwSvKVjmRZiTRY6sZzUtpRolpsh1qhhIAQVFV72P%2FgMCGZnLt4p7rHL8jNBgDq1ujPOKi3Y2ib49DSGZ%2B5NhEiklXJzApe%2BdqSjObgsY%2Bol4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8c0fdcb56bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/cache/wpfc-minified/6zu0bqmr/5qz0r.js

172.67.150.79

200 OK

78 kB

URL GET HTTP/3
nsw2u.com/wp-content/cache/wpfc-minified/6zu0bqmr/5qz0r.js
IP
172.67.150.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
HTML document text\012- HTML document, ASCII text, with very long lines (2729)
Size
78 kB (78365 bytes)
Hash
351390b839bf683126e78afb44004636
5631ca683d75c60eb3dba2bed734716accbe5426
f9a6294ee0f29b05710d50c6f338bbf5465c1aa22a5d0a7a73e99bbe0845d4b0

HTTP Headers

GET /wp-content/cache/wpfc-minified/6zu0bqmr/5qz0r.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Tue, 29 Aug 2023 11:06:03 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bn1Zccocnm0b5dLarvofnEFjjnrb7fb5TVadfqHNVeqPOpXYbtRYzD1HzZTGLX1Esc5bDJztlT8vViWmTIC%2B%2FAWoGSrT4zRoTLUC99X47LKUN9BaXzWY4IbGttw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8c0fdd656bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

definedbootnervous.com/a45922fa4966955cecdffbdde5347ae5/invoke.js

173.233.137.44

200 OK

11 kB

URL GET HTTP/1.1
definedbootnervous.com/a45922fa4966955cecdffbdde5347ae5/invoke.js
IP
173.233.137.44:443
ASN
#7979 SERVERS-COM

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectdefinedbootnervous.com
FingerprintFE:CF:3A:96:3E:47:C4:AA:55:62:56:91:23:16:FC:0A:94:CC:D9:DC
ValidityTue, 19 Sep 2023 06:24:07 GMT - Mon, 18 Dec 2023 06:24:06 GMT

File type
exported SGML document, ASCII text, with very long lines (29673), with no line terminators
Size
11 kB (10967 bytes)
Hash
d87a182707920d7664c1ace9f12b53c1
1164f79c904bcd13669dbb0fe14ed1c8c941ff25
aaed11c14a669e672932b0d75843c883d05884f5a12a86084b85675d4f1f1fb2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /a45922fa4966955cecdffbdde5347ae5/invoke.js HTTP/1.1
Host: definedbootnervous.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 21 Oct 2023 08:01:18 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ea362c6438e42b9dec121918b9cbd0f9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
c67f0a14b1fe40836817578c61608b30
a682e3e1de5c638f0521db86638bc192a2bc2edc
44d745eea6b121b9ff2b85520fcbd410c9a77dea8f58263d374e061572403301

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 21 Oct 2023 08:01:18 GMT
Last-Modified: Sat, 21 Oct 2023 06:16:06 GMT
Server: ECAcc (amb/6AB2)
X-Cache: Miss from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: QKlQIdlvDLUDHbJoBf_FB5XNwzl1DHRUuxQmzQ5MPiA9naX278-rzQ==
Age: 6312

pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.6242979951594859

192.0.76.3

200 OK

50 B

URL GET HTTP/2
pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.6242979951594859
IP
192.0.76.3:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
GIF image data, version 89a, 6 x 5\012- data
Size
50 B (50 bytes)
Hash
e4d673a55c5656f19ef81563fb10884c
1f2d8ed221d39329251ad3a6ff1edb20b7219443
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

HTTP Headers

GET /g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.6242979951594859 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:18 GMT
content-type: image/gif
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/

172.67.150.79

200 OK

0 B

URL User Request GET HTTP/2
nsw2u.com/
IP
172.67.150.79:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD / HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Cookie: _ga_V5K7GYT3S4=GS1.1.1697875278.1.0.1697875278.0.0.0; _ga=GA1.1.1692317278.1697875279; _ga_HS5Y0K7QPG=GS1.1.1697875278.1.0.1697875278.0.0.0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:18 GMT
content-type: text/html
last-modified: Fri, 20 Oct 2023 20:36:49 GMT
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store, must-revalidate
pragma: no-cache
expires: Mon, 29 Oct 1923 20:30:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sz50yPvsCZYkEHX2KBV3iQrNL6oEjNETgc29WBPqGfd6nIibuG4BI1Y9n%2BZPbto1XXj6VI0B8hj%2BimCA2EoULbarCT%2FMoTaMM2B0fRZ20YuV1jtv5%2B2AZkv03FA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8ca9da856bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

professionalswebcheck.com/stats

35.157.243.66

200 OK

40 B

URL GET HTTP/2
professionalswebcheck.com/stats
IP
35.157.243.66:443
ASN
#16509 AMAZON-02

Requested by
https://nsw2u.com/
Certificate
IssuerAmazon
Subjectprofessionalswebcheck.com
Fingerprint75:E9:08:FD:96:58:C7:98:43:E8:21:27:A8:E9:B9:A4:55:28:F2:0C
ValidityWed, 30 Aug 2023 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
8a2ed8630319def421de06ba54e7efd8
c2a855fb801188a66eb1840ff8c46ff153806ddf
5d24c3f89d60ef9647ff95bed78c26d707d4b0fda4ee658f5b658c0e566d02e5

HTTP Headers

GET /stats HTTP/1.1
Host: professionalswebcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 21 Oct 2023 08:01:18 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://nsw2u.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=8787e4ad-373a-416a-b5a3-9fd8a0395a58:3:1; expires=Tue, 18 Oct 2033 08:01:18 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

470 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
470 B (470 bytes)
Hash
9142cbcb95ede4fb11bec79d679d6044
13aa5fc30f8e08aa6d26044ef1138c1483c2cb61
764bd3e6e5e72e0c180472cbff2acbe4a0719beb2b32e4bbf037872b6f77d95c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 82
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Oct 2023 08:01:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 470
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/wp-polyfill.min.js

192.0.77.37

200 OK

31 kB

URL GET HTTP/2
c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/wp-polyfill.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (16142), with no line terminators
Size
31 kB (31214 bytes)
Hash
94dfdbe80f36b3be63ce74ff1135b996
5e05077d99e736af42b2da70e428e7f7df556dd4
4c0ced2cb3830d045cdd74f745fd4d6dcb082d8edd3a9fe46e39295e30cb8032

HTTP Headers

GET /c/6.3.2/wp-includes/js/dist/vendor/wp-polyfill.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 27 Jun 2023 14:24:19 GMT
content-encoding: br
expires: Sun, 20 Oct 2024 08:01:16 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/regenerator-runtime.min.js

192.0.77.37

200 OK

53 kB

URL GET HTTP/2
c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/regenerator-runtime.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (6607), with no line terminators
Size
53 kB (53380 bytes)
Hash
9a4f28a615173df36cb84be2b345816e
f709263841708d9e40268f24a0072ff4fe811b35
6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6

HTTP Headers

GET /c/6.3.2/wp-includes/js/dist/vendor/regenerator-runtime.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 07 Feb 2023 15:56:37 GMT
content-encoding: br
expires: Sun, 20 Oct 2024 08:01:16 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

470 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
470 B (470 bytes)
Hash
9142cbcb95ede4fb11bec79d679d6044
13aa5fc30f8e08aa6d26044ef1138c1483c2cb61
764bd3e6e5e72e0c180472cbff2acbe4a0719beb2b32e4bbf037872b6f77d95c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 82
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Oct 2023 08:01:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 470
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=1280&resize=1280&ssl=1

192.0.77.2

200 OK

7.7 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=1280&resize=1280&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 405x155, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
7.7 kB (7712 bytes)
Hash
1f2664d6059193e6c1a59ee7ef14d1a0
46542860abd849426ea23d66c601ff0888d735db
f685610012cd711cdf0f3f186e878030c152058d3705dd751d6048d480bc2621

HTTP Headers

GET /images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=1280&resize=1280&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:18 GMT
content-type: image/webp
content-length: 7712
last-modified: Sun, 19 Feb 2023 09:06:57 GMT
expires: Tue, 18 Feb 2025 21:06:57 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "95d72d4081ab31e0"
vary: Accept
x-nc: HIT arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?userId=0dd4d74c64f14d7e8acbb68fa2405f5a

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=0dd4d74c64f14d7e8acbb68fa2405f5a
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
87d25646c27372f7475e9c2ce2d0dfd4
442f6c02db8c69aa7d3f68b197d44ab3517d568a
79d95bfed20b816cfda5c9af344644313fdf9824b79b7ae5ce80d69b340ee408

HTTP Headers

GET /gid.js?userId=0dd4d74c64f14d7e8acbb68fa2405f5a HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:19 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://nsw2u.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0dd4d74c64f14d7e8acbb68fa2405f5a; expires=Sun, 20 Oct 2024 08:01:19 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

c0.wp.com/c/6.3.2/wp-includes/js/dist/i18n.min.js

192.0.77.37

200 OK

74 kB

URL GET HTTP/2
c0.wp.com/c/6.3.2/wp-includes/js/dist/i18n.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
data
Size
74 kB (74241 bytes)
Hash
c2c4e2a562e06e1cb22293a5b920aca6
a7b5a369ac4883f1ee7fa701b238d20238b675ca
698e93fe491cc7bbf07a470579a33dbd0db53c19142b7be41ebfd39a23aef11f

HTTP Headers

GET /c/6.3.2/wp-includes/js/dist/i18n.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 28 Jun 2023 20:08:46 GMT
content-encoding: br
expires: Sun, 20 Oct 2024 08:01:16 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

images.vfl.ru/ii/1694604934/0d07e435/39009949.jpg

78.24.223.39

200 OK

57 kB

URL GET HTTP/1.1
images.vfl.ru/ii/1694604934/0d07e435/39009949.jpg
IP
78.24.223.39:443
ASN
#29182 JSC IOT

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.vfl.ru
FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04
ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.9], baseline, precision 8, 432x700, components 3\012- data
Size
57 kB (56936 bytes)
Hash
1b3e32337bbde3922e0e9f72aa72002d
100b45332c71a4eb2e6c66d6de40bcc83f29c989
e67f85bbe57ff956ee312dda7de903700030b79bb4ef76d09c192a5da9a33751

HTTP Headers

GET /ii/1694604934/0d07e435/39009949.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Oct 2023 08:01:19 GMT
Content-Type: image/jpeg
Content-Length: 56936
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Wed, 13 Sep 2023 11:35:34 GMT
ETag: "65019e86-de68"
Expires: Mon, 20 Nov 2023 08:01:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

images.vfl.ru/ii/1692466089/24d36bc8/38995517.jpg

78.24.223.39

200 OK

67 kB

URL GET HTTP/1.1
images.vfl.ru/ii/1692466089/24d36bc8/38995517.jpg
IP
78.24.223.39:443
ASN
#29182 JSC IOT

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.vfl.ru
FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04
ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.9], baseline, precision 8, 432x700, components 3\012- data
Size
67 kB (66636 bytes)
Hash
81eb51e7c3a0df2a962b5b00d61669ff
42c531b818a0bc7e01c602c8668f21065d8cd67d
9ee994cfc66772056b1ae42f4012412d4a9f49fc8250c2c22153e54caed7b965

HTTP Headers

GET /ii/1692466089/24d36bc8/38995517.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Oct 2023 08:01:19 GMT
Content-Type: image/jpeg
Content-Length: 66636
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Sat, 19 Aug 2023 17:28:09 GMT
ETag: "64e0fba9-1044c"
Expires: Mon, 20 Nov 2023 08:01:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

images.vfl.ru/ii/1696499345/2d834ce4/39025715.jpg

78.24.223.39

200 OK

46 kB

URL GET HTTP/1.1
images.vfl.ru/ii/1696499345/2d834ce4/39025715.jpg
IP
78.24.223.39:443
ASN
#29182 JSC IOT

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.vfl.ru
FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04
ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.10], baseline, precision 8, 432x700, components 3\012- data
Size
46 kB (45689 bytes)
Hash
d54f3e961e843224381b52420787300b
b24ff4dd6ff0b3c210ac80ccec30d1612bfb2c70
230c8719f7ff0cd67d89b8c5052dcc864b6c7ebbb62bf2ec21228af727652049

HTTP Headers

GET /ii/1696499345/2d834ce4/39025715.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Oct 2023 08:01:19 GMT
Content-Type: image/jpeg
Content-Length: 45689
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Thu, 05 Oct 2023 09:49:05 GMT
ETag: "651e8691-b279"
Expires: Mon, 20 Nov 2023 08:01:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=a812fafe63c2ca6c059f

172.67.150.79

200 OK

110 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=a812fafe63c2ca6c059f
IP
172.67.150.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
Unicode text, UTF-8 text, with very long lines (65453)
Size
110 kB (109998 bytes)
Hash
3c7e73dd02f57abb6fec8fadea6e35b0
dfec9a1a86ae00e26c0067bd8c8b7ea4860239c8
d4e76d642b11df90fe1e33c420b70c975a23eebc7aea1416a272439ea9903019

HTTP Headers

GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=a812fafe63c2ca6c059f HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Cookie: _ga_V5K7GYT3S4=GS1.1.1697875278.1.0.1697875278.0.0.0; _ga=GA1.1.1692317278.1697875279; _ga_HS5Y0K7QPG=GS1.1.1697875278.1.0.1697875278.0.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:18 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 12 Oct 2023 20:06:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40790
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gm18x3vQkjrgRCDfNZseCU2kNRj%2B1kom3Adjl0y%2BYBnMjewJWTgXqjkTKKTOYgiGQsBZPoJbdkNBFRuCXlHl2VmfPRXeRDrhJds9vY6ln%2FYVRHx5GRaQ4bnA2LI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8cbaecf56bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

images.vfl.ru/ii/1692466506/8e093ade/38995519.jpg

78.24.223.39

200 OK

62 kB

URL GET HTTP/1.1
images.vfl.ru/ii/1692466506/8e093ade/38995519.jpg
IP
78.24.223.39:443
ASN
#29182 JSC IOT

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.vfl.ru
FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04
ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.9], baseline, precision 8, 432x700, components 3\012- data
Size
62 kB (61571 bytes)
Hash
f5ca0775d6b4c6d61ccb84d080eab5b3
71044f9bb69af45e4f171cf7e7c0ff3c9bcdfb1f
a968f61a9dcb9774217eee6c6298381b912ef95f00d273c551485c5d73930696

HTTP Headers

GET /ii/1692466506/8e093ade/38995519.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Oct 2023 08:01:19 GMT
Content-Type: image/jpeg
Content-Length: 61571
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Sat, 19 Aug 2023 17:35:06 GMT
ETag: "64e0fd4a-f083"
Expires: Mon, 20 Nov 2023 08:01:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

images.vfl.ru/ii/1696685701/62d0c090/39029484.jpg

78.24.223.39

200 OK

49 kB

URL GET HTTP/1.1
images.vfl.ru/ii/1696685701/62d0c090/39029484.jpg
IP
78.24.223.39:443
ASN
#29182 JSC IOT

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.vfl.ru
FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04
ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.10], baseline, precision 8, 432x700, components 3\012- data
Size
49 kB (49174 bytes)
Hash
8e7b79d6c30061407ac3d34ea574df2d
7a12a067aeb0a418da610f83c212cd64a82260e5
d6e68fb9216f1e77d3f45bbf91163ed3a0a88f4fd58f28d743c60e12be18e471

HTTP Headers

GET /ii/1696685701/62d0c090/39029484.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Oct 2023 08:01:19 GMT
Content-Type: image/jpeg
Content-Length: 49174
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Sat, 07 Oct 2023 13:35:01 GMT
ETag: "65215e85-c016"
Expires: Mon, 20 Nov 2023 08:01:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

images.vfl.ru/ii/1696713535/648489ee/39029634.jpg

78.24.223.39

200 OK

31 kB

URL GET HTTP/1.1
images.vfl.ru/ii/1696713535/648489ee/39029634.jpg
IP
78.24.223.39:443
ASN
#29182 JSC IOT

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.vfl.ru
FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04
ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.10], baseline, precision 8, 412x667, components 3\012- data
Size
31 kB (31191 bytes)
Hash
a415bdab5e6150241178552746fe5d71
3cb9afec132f0cf1a88e83abc0b77614ee20f5b6
8155cd0c598eeeb3df53fc23087d819333a91d25521f7f8401241b279e13bf35

HTTP Headers

GET /ii/1696713535/648489ee/39029634.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Oct 2023 08:01:19 GMT
Content-Type: image/jpeg
Content-Length: 31191
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Sat, 07 Oct 2023 21:18:55 GMT
ETag: "6521cb3f-79d7"
Expires: Mon, 20 Nov 2023 08:01:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

doruffleton.com/5/3812660/?oo=1&aab=1

139.45.197.244

200 OK

1.3 kB

URL GET HTTP/2
doruffleton.com/5/3812660/?oo=1&aab=1
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectdoruffleton.com
Fingerprint8D:99:65:BD:FF:22:4C:6B:41:72:27:BC:29:02:01:7C:6F:06:33:89
ValiditySat, 07 Oct 2023 07:17:50 GMT - Fri, 05 Jan 2024 07:17:49 GMT

File type
JSON data\012- , ASCII text, with very long lines (2756), with no line terminators
Size
1.3 kB (1335 bytes)
Hash
6bcf3a49a877ba1ee3ab6d85348f8cb6
1aafea5d458d6b5157c80eb5d67eae1ee689a687
694f9b2b838b53ea9ad919dd21a495c9a9c59165128de7d69d4c91c2a6adde29

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/3812660/?oo=1&aab=1 HTTP/1.1
Host: doruffleton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:18 GMT
content-type: application/json
x-trace-id: 65ba9348faae0c67a029b3a59bf5637e
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://nsw2u.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0dd4d74c64f14d7e8acbb68fa2405f5a; expires=Sun, 20 Oct 2024 08:01:18 GMT; path=/; secure; SameSite=None
oaidts=1697875278; expires=Sun, 20 Oct 2024 08:01:18 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

overcrummythrift.com/ed/6c/a5/ed6ca5eb8abc9a864ffa39115799b641.js

192.243.61.227

200 OK

24 kB

URL GET HTTP/1.1
overcrummythrift.com/ed/6c/a5/ed6ca5eb8abc9a864ffa39115799b641.js
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectovercrummythrift.com
FingerprintC5:DE:2C:A4:57:98:D8:44:14:FB:0C:82:17:99:DA:E5:AB:8C:7D:C8
ValidityTue, 10 Oct 2023 08:21:33 GMT - Mon, 08 Jan 2024 08:21:32 GMT

File type
ASCII text, with very long lines (60119)
Size
24 kB (23539 bytes)
Hash
d887ee21cc53720d63a4e09ce0fa4eeb
b47652dfef4c396c54ea6d91c01c2b974096d3b9
f34d7e4d33660eb8ddc7b8926a0b8c2b1edb170cc5fd007ecf1a35abc352c0c2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ed/6c/a5/ed6ca5eb8abc9a864ffa39115799b641.js HTTP/1.1
Host: overcrummythrift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 21 Oct 2023 08:01:19 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-2814-3-layer=1; expires=Wed, 25 Oct 2023 08:01:19 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ec6d1a31e03f46caa16565b45fc48004
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=500&resize=500&ssl=1

192.0.77.2

200 OK

7.7 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=500&resize=500&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 405x155, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
7.7 kB (7712 bytes)
Hash
1f2664d6059193e6c1a59ee7ef14d1a0
46542860abd849426ea23d66c601ff0888d735db
f685610012cd711cdf0f3f186e878030c152058d3705dd751d6048d480bc2621

HTTP Headers

GET /images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=500&resize=500&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:19 GMT
content-type: image/webp
content-length: 7712
last-modified: Sun, 19 Feb 2023 09:06:19 GMT
expires: Tue, 18 Feb 2025 21:06:19 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "6b02d3dbdaa697a7"
vary: Accept
x-nc: HIT arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

overcrummythrift.com/watch.554176852134.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22nsw2u%22%2C%22com%22%2C%22download%22%2C%22switch%22%2C%22roms%22%2C%22eshop%22%2C%22nsp%22%2C%22xci%22%2C%22nsz%22%5D&refer=https%3A%2F%2Fnsw2u.com%2F&tz=0&dev=e&res=14.2079&uuid=8787e4ad-373a-416a-b5a3-9fd8a0395a58%3A3%3A1&shu=0f88ab52672ecd5a23615d10de272b6711ffb319fd29331a97a49cd190afa6c8fdc3e9b999e891fe3d76e46cfd62690ff627759e3339c50ffb9130c1ddd884acdd8d10201ea999b7ba46c8dc4a55f0ad9e47a3135afc1101baeeb0f46d7f94&pst=1697875339&rmtc=t

192.243.61.227

200 OK

2.1 kB

URL GET HTTP/1.1
overcrummythrift.com/watch.554176852134.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22nsw2u%22%2C%22com%22%2C%22download%22%2C%22switch%22%2C%22roms%22%2C%22eshop%22%2C%22nsp%22%2C%22xci%22%2C%22nsz%22%5D&refer=https%3A%2F%2Fnsw2u.com%2F&tz=0&dev=e&res=14.2079&uuid=8787e4ad-373a-416a-b5a3-9fd8a0395a58%3A3%3A1&shu=0f88ab52672ecd5a23615d10de272b6711ffb319fd29331a97a49cd190afa6c8fdc3e9b999e891fe3d76e46cfd62690ff627759e3339c50ffb9130c1ddd884acdd8d10201ea999b7ba46c8dc4a55f0ad9e47a3135afc1101baeeb0f46d7f94&pst=1697875339&rmtc=t
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectovercrummythrift.com
FingerprintC5:DE:2C:A4:57:98:D8:44:14:FB:0C:82:17:99:DA:E5:AB:8C:7D:C8
ValidityTue, 10 Oct 2023 08:21:33 GMT - Mon, 08 Jan 2024 08:21:32 GMT

File type
HTML document text\012- HTML document, ASCII text, with very long lines (2620)
Size
2.1 kB (2092 bytes)
Hash
099bfbf69434fe9733228bd0af866d0e
19a16d7ebda1b53385bd7dedd5850f7d4add9965
21e289affb9de9bba0512aea26bab55040dc531252e25aeebcfca26331811c9d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.554176852134.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22nsw2u%22%2C%22com%22%2C%22download%22%2C%22switch%22%2C%22roms%22%2C%22eshop%22%2C%22nsp%22%2C%22xci%22%2C%22nsz%22%5D&refer=https%3A%2F%2Fnsw2u.com%2F&tz=0&dev=e&res=14.2079&uuid=8787e4ad-373a-416a-b5a3-9fd8a0395a58%3A3%3A1&shu=0f88ab52672ecd5a23615d10de272b6711ffb319fd29331a97a49cd190afa6c8fdc3e9b999e891fe3d76e46cfd62690ff627759e3339c50ffb9130c1ddd884acdd8d10201ea999b7ba46c8dc4a55f0ad9e47a3135afc1101baeeb0f46d7f94&pst=1697875339&rmtc=t HTTP/1.1
Host: overcrummythrift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
Referer: https://nsw2u.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=19067264; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTA2NzI2NCwiayI6ImE0NTkyMmZhNDk2Njk1NWNlY2RmZmJkZGU1MzQ3YWU1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNDQ5ODA3LCJwaWQiOjE2MjY3OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjozMiwicHQiOjQsInBrIjoibWh2ZzFhbXRhIiwiY3BrcyI6eyAiMjgiOiJlZDZjYTVlYjhhYmM5YTg2NGZmYTM5MTE1Nzk5YjY0MSIsIjI5IjoiM2EyMjZhNjY0MGE2NDQ2ZGJjN2NkYzk2ZWNjNmIzZTgifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjE3OTA4ODk0OCwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMjQzODYsImJuIjoiRmlyZWZveCIsImJ2IjoiMTExLjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9uc3cydS5jb20vIn19.whvp_sQpIdUSm4SK7_ZQxkz-uJBivC_dFSr-vXd5VZ4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 21 Oct 2023 08:01:19 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://nsw2u.com
Access-Control-Allow-Origin: https://nsw2u.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=8787e4ad-373a-416a-b5a3-9fd8a0395a58:3:1; expires=Sat, 28 Oct 2023 08:01:19 GMT; secure; SameSite=None
iprc2c5aed9644f49cff663a17f89e5f3ad1=3570421; expires=Sat, 21 Oct 2023 12:01:19 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 22 Oct 2023 08:01:19 GMT; secure; SameSite=None
uncs=1; expires=Sun, 22 Oct 2023 08:01:19 GMT; secure; SameSite=None
pdhtkv32=true; expires=Sun, 22 Oct 2023 08:01:19 GMT; secure; SameSite=None
uncs32=1; expires=Sun, 22 Oct 2023 08:01:19 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 983bfbb0071039470f535c867d6a8df4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.pki.goog/s/gts1p5/KIQBreNUShI

142.250.74.131

472 B

URL
ocsp.pki.goog/s/gts1p5/KIQBreNUShI
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e3b79da79d90325b5601115cac9f5ba3
e162325b64244371d58d280f0c5aeca3a5373798
756076c006264f5e0096557de6907eed2bb82be64306ebd71d583623efe9010e

HTTP Headers

POST /s/gts1p5/KIQBreNUShI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Oct 2023 08:01:19 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

friendshipmale.com/sfp.js

172.64.101.19

200 OK

28 kB

URL GET HTTP/2
friendshipmale.com/sfp.js
IP
172.64.101.19:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27589 bytes)
Hash
2d0450888479d4ddda305bd96206b240
5b4595aab1cd3f854718e05db9be0c65a12ab2f6
44de073e74ff24c6b1c0fe1f3ac5b33d793560e85ef24fb6ce89e76c2cf90af6

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 21 Oct 2023 08:01:19 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: d248770d99d0fbfc0164287da2ad09d0
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 21 Oct 2023 08:01:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R6Ne0h04tNgIvM757STjFXgS0RTj%2Fr6FK3mQaBQ1OALjf7OQ8guiSU2upGx63OERd5NeaYYWW%2BklT8JvjcuXHjhkvZX4c5zIP6G%2FHLKiLa8W2OTpKm%2BgX3aAeUUpuzEbcIlDa%2F8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8197f8d1b90c76c5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg

45.133.44.9

200 OK

25 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint62:DE:BA:BA:30:E9:EE:15:E9:24:B9:C5:BF:E1:7E:39:8B:20:E5:42
ValiditySun, 24 Sep 2023 23:04:02 GMT - Sat, 23 Dec 2023 23:04:01 GMT

File type
JPEG image data, baseline, precision 8, 320x50, components 3\012- data
Size
25 kB (24714 bytes)
Hash
d465d02b90e928dfd9d9846e102a9dac
22f7333777bec813bd9a7b870913a2b79b6d2fe4
e393d4f1c6b5d4973e157f0f10764b92037dc18239500f42b72bed8ecef462fd

HTTP Headers

GET /cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 21 Oct 2023 08:01:19 GMT
content-type: image/jpeg
content-length: 24714
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 14:06:18 GMT
etag: "62e1465a-608a"
expires: Mon, 23 Oct 2023 08:01:19 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

absentlyrindbulk.com/pixel/purst?dl=0&th=0&sc=0&rs=9582&rd=9582&fd=1053&bv=23.10.v.28&tmpl=70

173.233.137.36

200 OK

0 B

URL GET HTTP/1.1
absentlyrindbulk.com/pixel/purst?dl=0&th=0&sc=0&rs=9582&rd=9582&fd=1053&bv=23.10.v.28&tmpl=70
IP
173.233.137.36:443
ASN
#7979 SERVERS-COM

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectabsentlyrindbulk.com
Fingerprint8F:3F:22:D9:6F:90:66:4F:C4:25:34:80:FD:94:56:B4:A0:72:93:50
ValidityTue, 10 Oct 2023 08:40:27 GMT - Mon, 08 Jan 2024 08:40:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=9582&rd=9582&fd=1053&bv=23.10.v.28&tmpl=70 HTTP/1.1
Host: absentlyrindbulk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 21 Oct 2023 08:01:19 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

banquetunarmedgrater.com/advertisers.js

172.67.177.178

200 OK

0 B

URL GET HTTP/2
banquetunarmedgrater.com/advertisers.js
IP
172.67.177.178:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectbanquetunarmedgrater.com
Fingerprint77:2B:76:51:D0:51:70:02:2E:BF:B7:9B:02:8B:5A:A4:91:FA:0B:9E
ValidityMon, 11 Sep 2023 08:34:11 GMT - Sun, 10 Dec 2023 08:34:10 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 21 Oct 2023 08:01:19 GMT
content-type: application/javascript
content-length: 0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=172800
x-request-id: ffb369917fd2446639f8ada2c3307380
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 21 Oct 2023 08:01:18 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p8fmQuyHsOQJWE5fyf4OeeMn3q58OmbMprxSI%2Bs%2FTLnqCWtXo66l%2BLI3gWQPg3LTktd9CKbATMacp1GOrV1cjypXLMPfCa7VDn%2BMSGrZlbN6uDlHS7A2I%2BN9gxeMq1Q9y9xlYw0FB%2FTIw1U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8197f8d24e38b509-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/KIQBreNUShI

142.250.74.131

472 B

URL
ocsp.pki.goog/s/gts1p5/KIQBreNUShI
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e3b79da79d90325b5601115cac9f5ba3
e162325b64244371d58d280f0c5aeca3a5373798
756076c006264f5e0096557de6907eed2bb82be64306ebd71d583623efe9010e

HTTP Headers

POST /s/gts1p5/KIQBreNUShI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Oct 2023 08:01:19 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

nsw2u.com/wp-content/plugins/chp-ads-block-detector/assets/img/icon.png

172.67.150.79

200 OK

16 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/chp-ads-block-detector/assets/img/icon.png
IP
172.67.150.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
PNG image data, 350 x 350, 8-bit colormap, non-interlaced\012- data
Size
16 kB (15671 bytes)
Hash
134fce13c189ed0e483a1bddb6406204
eed559ac52e9731c56a1fb03eb94fc82e551bb66
723597ec6e9461e79c420faf0454170cf6f9243246a4fac3cef5f05a4b5be791

HTTP Headers

GET /wp-content/plugins/chp-ads-block-detector/assets/img/icon.png HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: image/png
content-length: 15671
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:29:33 GMT
cf-cache-status: HIT
age: 40789
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2e5SfGIL%2ByaaKA%2FKwMIN6Uy0QG0D5IL1QO20K%2Fmm1Bn1FzeaBCXBht1FN08y0%2FvWX%2BxXFyHNb6Eyvk4TVYk6zFr5KIc935DypY9fVlAzW8QGgc%2BgRy2TQ882UvI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8197f8bdab4956bf-OSL
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-ajax-search.min.js?ver=5.5.2

172.67.150.79

200 OK

68 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-ajax-search.min.js?ver=5.5.2
IP
172.67.150.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type

Size
68 kB (67604 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/plugins/add-search-to-menu/public/js/ivory-ajax-search.min.js?ver=5.5.2 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:31:33 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9x0uIoi7JdOf6DaqbL%2BfT1StgXsXMMubbmQWL4XuLKQRAnE7fua%2BQY8ZUqf2z66O4kDJ4C%2FA%2BBt4RLpkhcZhbrrH3L%2Bkz67ozCXBtil2XBy7MDBkXdx%2FxjtRHiA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8c0bda156bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.min.js

172.67.150.79

200 OK

124 kB

URL GET HTTP/3
nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.min.js
IP
172.67.150.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (32024)
Size
124 kB (123510 bytes)
Hash
7ed39eb42c8c450b59a24bab9cfa7fae
7fdd3fee90709f703fac533b6061864fcd7ec206
35ddb1ce73a4ac4f4792b00c8b8c56cbf857910ada5e2a0183d898b01adc16bb

HTTP Headers

GET /wp-content/themes/posterpro/foundation/js/foundation.min.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HMryh1fPlFAJaIYUFrsepZXDpSnzLh1DRuTNW9vM%2BvntUXHAy0AUxGmkF%2Fpv72pufdOVOjULofqbDP3wBMmmMrBXwmFECZqpFXbUORZpu7zE2X9EVUuf7Nr27Jc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8c0edb856bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

doruffleton.com/?rb=S8cFZHcIYTsrkkf8Cc45NkpQepTz1AYd4vrdPLAYRT1Xj2e8QYtsNZy2yMTceRiWiFUXxeHhlHDPgCiGUfKBNhhrjTqDqhdtqZOXIZ4j1nB1-Au3HOB-vyWlcGcYZArMpUTmfJZQMJwCdcxI-NF8E_nNasLymwmwvb7s4nkLbFE6-oJwy3eM1MFddtGMaujczMipooN7y86b9M4kH4CRmQ%3D%3D&request_ab2=0&zoneid=3812660&js_build=iclick-v1.610.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=2&pl=https%3A%2F%2Fnsw2u.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.610.0&bs=b63af232-4092-4f9e-be91-b5516ac44133&userId=0dd4d74c64f14d7e8acbb68fa2405f5a&m=link

139.45.197.244

200 OK

1.6 kB

URL GET HTTP/2
doruffleton.com/?rb=S8cFZHcIYTsrkkf8Cc45NkpQepTz1AYd4vrdPLAYRT1Xj2e8QYtsNZy2yMTceRiWiFUXxeHhlHDPgCiGUfKBNhhrjTqDqhdtqZOXIZ4j1nB1-Au3HOB-vyWlcGcYZArMpUTmfJZQMJwCdcxI-NF8E_nNasLymwmwvb7s4nkLbFE6-oJwy3eM1MFddtGMaujczMipooN7y86b9M4kH4CRmQ%3D%3D&request_ab2=0&zoneid=3812660&js_build=iclick-v1.610.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=2&pl=https%3A%2F%2Fnsw2u.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.610.0&bs=b63af232-4092-4f9e-be91-b5516ac44133&userId=0dd4d74c64f14d7e8acbb68fa2405f5a&m=link
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectdoruffleton.com
Fingerprint8D:99:65:BD:FF:22:4C:6B:41:72:27:BC:29:02:01:7C:6F:06:33:89
ValiditySat, 07 Oct 2023 07:17:50 GMT - Fri, 05 Jan 2024 07:17:49 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1649), with no line terminators
Size
1.6 kB (1629 bytes)
Hash
5ab6fb5308c1bf5cc8006f989b0cc23b
703934de4567363f3f67924e8862be9fbd85d1b4
2addb056219b2b8febb1370d55ee07838524f3ef487744b73d353b9d22afff22

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=S8cFZHcIYTsrkkf8Cc45NkpQepTz1AYd4vrdPLAYRT1Xj2e8QYtsNZy2yMTceRiWiFUXxeHhlHDPgCiGUfKBNhhrjTqDqhdtqZOXIZ4j1nB1-Au3HOB-vyWlcGcYZArMpUTmfJZQMJwCdcxI-NF8E_nNasLymwmwvb7s4nkLbFE6-oJwy3eM1MFddtGMaujczMipooN7y86b9M4kH4CRmQ%3D%3D&request_ab2=0&zoneid=3812660&js_build=iclick-v1.610.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=2&pl=https%3A%2F%2Fnsw2u.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.610.0&bs=b63af232-4092-4f9e-be91-b5516ac44133&userId=0dd4d74c64f14d7e8acbb68fa2405f5a&m=link HTTP/1.1
Host: doruffleton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nsw2u.com/
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Cookie: OAID=0dd4d74c64f14d7e8acbb68fa2405f5a; oaidts=1697875278
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:19 GMT
content-type: application/json
x-trace-id: 3efa427ec1dfe7a017245ac44cd8c236
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://nsw2u.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0dd4d74c64f14d7e8acbb68fa2405f5a; expires=Sun, 20 Oct 2024 08:01:19 GMT; path=/; secure; SameSite=None
oaidts=1697875279; expires=Sun, 20 Oct 2024 08:01:19 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 28 Oct 2023 08:01:19 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

c0.wp.com/c/6.3.2/wp-includes/js/dist/url.min.js

192.0.77.37

200 OK

9.1 kB

URL GET HTTP/2
c0.wp.com/c/6.3.2/wp-includes/js/dist/url.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (10357), with no line terminators
Size
9.1 kB (9079 bytes)
Hash
93d89333b0ea716b0dded414b6fd690e
bea26f3b7bf556a03bf81259459154e5728de2cb
acab68f8aa0636ce9058f6bf3d72d59dede88fb7111dd75532dcbd572ecb8722

HTTP Headers

GET /c/6.3.2/wp-includes/js/dist/url.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 27 Jun 2023 14:24:19 GMT
content-encoding: br
expires: Sun, 20 Oct 2024 08:01:16 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.3.2

104.17.24.14

200 OK

3.1 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.3.2
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3166), with no line terminators
Size
3.1 kB (3063 bytes)
Hash
268941a21977d78e5375571a621395be
e31219f1b0ded9a8cc5834a977297006fedd2c07
b6e184987af8853a448d3300cecb87e5c9c91adcf6af8bde29199a9d94bc3cd7

HTTP Headers

GET /ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.3.2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript; charset=utf-8
content-length: 1101
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "60641588-bf7"
last-modified: Wed, 31 Mar 2021 06:24:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 12396891
expires: Thu, 10 Oct 2024 08:01:16 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FOvqWGUBK9FIibm2rRQEWE8rjXHBntZ1DNqFREEIdX6p53b3Y2fdLB7llJ0sofsNzru4crreerMy0%2FCd2RnXKm30EHRup5v8CXlOWupRK9wkfRpPOWJqr23WoaS%2FvIXqKEiqE%2BkG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8197f8c1288b56be-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

c0.wp.com/c/6.3.2/wp-includes/js/jquery/jquery.min.js

192.0.77.37

200 OK

88 kB

URL GET HTTP/2
c0.wp.com/c/6.3.2/wp-includes/js/jquery/jquery.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65447)
Size
88 kB (87482 bytes)
Hash
ff04dd1ef5c67998d8652330c0441689
5e6ff5bd5240181a8bdea983837f39ac231dac4d
5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164

HTTP Headers

GET /c/6.3.2/wp-includes/js/jquery/jquery.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 26 May 2023 11:33:35 GMT
content-encoding: br
expires: Sun, 20 Oct 2024 08:01:16 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.css?minify=false&ver=ae1ab3cfcf7670b1d705

172.67.150.79

200 OK

36 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.css?minify=false&ver=ae1ab3cfcf7670b1d705
IP
172.67.150.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type

Size
36 kB (36458 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.css?minify=false&ver=ae1ab3cfcf7670b1d705 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Cookie: _ga_V5K7GYT3S4=GS1.1.1697875278.1.0.1697875278.0.0.0; _ga=GA1.1.1692317278.1697875279; _ga_HS5Y0K7QPG=GS1.1.1697875278.1.0.1697875278.0.0.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:18 GMT
content-type: text/css
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 12 Oct 2023 20:06:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40790
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kWmUThdrOOiS5Wrgyvv6m0nmcFQev5gdcgn34tzVwqN1o17JhOe0hS0%2BtBUYM1pd%2BrxIYjMWdqq8JZG94knUaWdmYB7HuS%2BL7%2Bpowtcvq160OQkoMQhURNPXh8U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8cbaed056bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/css/lazyload.css?ver=4.5.1

172.67.150.79

200 OK

399 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/css/lazyload.css?ver=4.5.1
IP
172.67.150.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (423), with no line terminators
Size
399 B (399 bytes)
Hash
ed94fa94e236140899a07d0bb24f233d
8e7f16eda1a41233d4d0f19264382b6222959b6c
2fb43730229e7993c5976889479bdd4488ce1cab9f939f11d7bba6e327c9a5df

HTTP Headers

GET /wp-content/plugins/featured-image-from-url/includes/html/css/lazyload.css?ver=4.5.1 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: text/css
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Fri, 20 Oct 2023 08:20:23 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40789
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qP%2FIzMv2DYrBen0MVvOprdeXiymp35%2FTvwaCGaGA4TLptjJ4hJ%2Bvaz3QGdYNxlI1sna7uFujCzkJOacyB1Ak7JM1aPoMslzojglWlMeh%2BYNaVksVwj9rB9UkIOs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8bddb5856bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.5.1

172.67.150.79

200 OK

8.0 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.5.1
IP
172.67.150.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (8246), with no line terminators
Size
8.0 kB (8005 bytes)
Hash
95e8541b1c7d8d1c6d971b8a1254f05e
a0a315f535cefee969c8f938ae9133beb051b51d
94d90d0cae68aae94246413284189ad0fd41bca226dcfc1d3394f25087df2ede

HTTP Headers

GET /wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.5.1 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Fri, 20 Oct 2023 08:20:23 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j6pjXkED%2BZoIk5oN0nXftE9vp4eM%2BYe14mhMkSQmi%2F2GRYh82f9FQ0hQgNrgn0oEtbDF3Cizf58U0ApyiAhmfNMsk1HIVY1VmaQnOYcC%2FAQFSIuVDXPwIw3%2FvgY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8c0edb656bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

stats.wp.com/w.js?ver=202342

192.0.76.3

200 OK

11 kB

URL GET HTTP/2
stats.wp.com/w.js?ver=202342
IP
192.0.76.3:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (10778), with no line terminators
Size
11 kB (10778 bytes)
Hash
f6c87bc49e7646c7ccda489b9defc829
9003fc52b4c4014b4bd9fe2f4506440b299478b2
e97d12898ebf1039197a2a1c2f87bfe3b56f93eca2bfe60a46a1053fab7ad860

HTTP Headers

GET /w.js?ver=202342 HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:17 GMT
content-type: application/javascript
vary: Accept-Encoding
x-minify: t
x-minify-cache: hit
etag: W/10813-1684464982349.1523
content-encoding: br
expires: Mon, 14 Oct 2024 22:59:47 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-V5K7GYT3S4&l=dataLayer&cx=c

142.250.74.168

200 OK

229 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-V5K7GYT3S4&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint81:B9:A4:E4:E4:84:05:A7:F6:52:4F:E2:74:27:36:05:0D:74:15:89
ValidityThu, 28 Sep 2023 05:26:20 GMT - Thu, 21 Dec 2023 05:26:19 GMT

File type
ASCII text, with very long lines (5788)
Size
229 kB (228891 bytes)
Hash
8ae2b751a5e73fa3fbb58a72dff2881c
f45721d161c83844258500fc27fb4242d20de1ed
66189b971bac09e032b95af5631af2503655647425fe9db9f0249093cbefe9e4

HTTP Headers

GET /gtag/js?id=G-V5K7GYT3S4&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 21 Oct 2023 08:01:17 GMT
expires: Sat, 21 Oct 2023 08:01:17 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 81154
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.googleapis.com/css?family=Open+Sans%3A100%2C300%2C400%2C700&ver=6.3.2

142.250.74.106

200 OK

8.3 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Open+Sans%3A100%2C300%2C400%2C700&ver=6.3.2
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint28:23:2B:8B:2D:09:6C:BB:06:7A:35:80:95:BB:F8:03:41:C8:99:2C
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

File type
ASCII text, with very long lines (8472), with no line terminators
Size
8.3 kB (8256 bytes)
Hash
3f5613f7160c3b6638dbbe32b93f8e97
62d3566bc0e2a74456c2bebb6d280be511402791
5d5d0961816e9953501ec925709e8c23de9e3add0dd57ccbc3f4402a0f53207c

HTTP Headers

GET /css?family=Open+Sans%3A100%2C300%2C400%2C700&ver=6.3.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 21 Oct 2023 08:01:16 GMT
date: Sat, 21 Oct 2023 08:01:16 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

nsw2u.com/wp-content/cache/wpfc-minified/7kcuf8x0/5qz0r.js

172.67.150.79

200 OK

6.2 kB

URL GET HTTP/3
nsw2u.com/wp-content/cache/wpfc-minified/7kcuf8x0/5qz0r.js
IP
172.67.150.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (6303), with no line terminators
Size
6.2 kB (6206 bytes)
Hash
f9853427f0beb8a283ac3cdabe910ad6
8fcd5776a89dbe61bde8c23df7abd40148d0a336
1d280a7d6bcd1ea74968f32131f53c6a7b39468f6d7f9a21543fef8525b405ca

HTTP Headers

GET /wp-content/cache/wpfc-minified/7kcuf8x0/5qz0r.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Tue, 29 Aug 2023 11:06:03 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7XZvXZ4gMha%2F8UYqo3aoTSM58k7c0tulpRV0GpUdE989hOT%2BRmxtpFnWhYdFHLkgRQbgKRAP4v3K56QNG8LIgB3f7JCHIQRvDIi7SvdOlmPspEgtmdU1%2BRsEN3k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8c10dd856bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

c0.wp.com/c/6.3.2/wp-includes/js/jquery/jquery-migrate.min.js

192.0.77.37

200 OK

14 kB

URL GET HTTP/2
c0.wp.com/c/6.3.2/wp-includes/js/jquery/jquery-migrate.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (13479)
Size
14 kB (13577 bytes)
Hash
9ffeb32e2d9efbf8f70caabded242267
3ad0c10e501ac2a9bfa18f9cd7e700219b378738
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

HTTP Headers

GET /c/6.3.2/wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 09 Jun 2023 05:49:24 GMT
content-encoding: br
expires: Sun, 20 Oct 2024 08:01:16 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

images.vfl.ru/ii/1697025199/2d40d0fc/39033877.jpg

78.24.223.39

200 OK

71 kB

URL GET HTTP/1.1
images.vfl.ru/ii/1697025199/2d40d0fc/39033877.jpg
IP
78.24.223.39:443
ASN
#29182 JSC IOT

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.vfl.ru
FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04
ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.10], baseline, precision 8, 432x700, components 3\012- data
Size
71 kB (70673 bytes)
Hash
c9578ce1b30a7957a4f58916181545c1
5edd16bdbdd4c4caacd7ba9408b15b01bbb765fe
881c108606af7bdf549477962370e9b2e17f1473a875354f37a09c634e34d492

HTTP Headers

GET /ii/1697025199/2d40d0fc/39033877.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Oct 2023 08:01:19 GMT
Content-Type: image/jpeg
Content-Length: 70673
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Wed, 11 Oct 2023 11:53:19 GMT
ETag: "65268caf-11411"
Expires: Mon, 20 Nov 2023 08:01:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

images.vfl.ru/ii/1696606849/450212ed/39028293.jpg

78.24.223.39

200 OK

86 kB

URL GET HTTP/1.1
images.vfl.ru/ii/1696606849/450212ed/39028293.jpg
IP
78.24.223.39:443
ASN
#29182 JSC IOT

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.vfl.ru
FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04
ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.10], baseline, precision 8, 432x700, components 3\012- data
Size
86 kB (85525 bytes)
Hash
f31e59ed8b4014e8c240b752b138ca58
92fe10034473f9c1939631c2c50642bfa521bf0f
2e559285efef0bb13f7cb134710ea244f456a76074859562fff2cd86952aed87

HTTP Headers

GET /ii/1696606849/450212ed/39028293.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Oct 2023 08:01:19 GMT
Content-Type: image/jpeg
Content-Length: 85525
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Fri, 06 Oct 2023 15:40:49 GMT
ETag: "65202a81-14e15"
Expires: Mon, 20 Nov 2023 08:01:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

c0.wp.com/c/6.3.2/wp-includes/js/dist/hooks.min.js

192.0.77.37

200 OK

4.6 kB

URL GET HTTP/2
c0.wp.com/c/6.3.2/wp-includes/js/dist/hooks.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (4704), with no line terminators
Size
4.6 kB (4627 bytes)
Hash
414c8462f6209b4905f767c8ba5c787d
a80b8b79908e6cdf11648f810e707a75c859cda3
007c3734a3f7737d74061ab5b96905dcb14ba1f88e7a6df55364b9d9573e3ce1

HTTP Headers

GET /c/6.3.2/wp-includes/js/dist/hooks.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 27 Jun 2023 14:24:19 GMT
content-encoding: br
expires: Sun, 20 Oct 2024 08:01:16 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

172.67.150.79

200 OK

12 kB

URL GET HTTP/3
nsw2u.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP
172.67.150.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (12331)
Size
12 kB (12332 bytes)
Hash
88a769d2fe35899fd45a332a0a032cc0
514c6c1d8475d17e412849a4c90159517d0fa10a
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

HTTP Headers

GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
last-modified: Mon, 16 Oct 2023 11:32:23 GMT
etag: W/"652d1f47-302c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4XgWdCU4ec7GPTN71%2FyLDmSDNNYvAyPFnPdgHZ7P6pAAPtbLqKYOhnWIHxxKCC%2BfEuuuTcfKv6thNgAxKuHfj2%2Fys%2BYIDi3Doweb6W%2Fxs37f%2F1IJZxXMW0CxaZ4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8197f8bddb5b56bf-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Mon, 23 Oct 2023 08:01:16 GMT
cache-control: max-age=172800, public
content-encoding: gzip

nsw2u.com/wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115

172.67.150.79

200 OK

880 B

URL GET HTTP/3
nsw2u.com/wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115
IP
172.67.150.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (965), with no line terminators
Size
880 B (880 bytes)
Hash
fa7fe6b99dd294598a44154cb2f424b7
78a909d97e5dfeffa1e1311e2c7ad8633d768960
9600c505b5d0d438a661c90d7b6ef5c6098024ff4e16e58a3577d5d0c837237f

HTTP Headers

GET /wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DA8fxiB3oR0SPNJsP98Q76Pr6sBVRgyQKZjyYswK0LG991ncvZ8J7%2Bg8kvsI0wLuGBRGQcHUs4ylPrLhhOxHpNL7b8LwziVbkUlgc0xWE%2FkfRVpHf4rTe2IbUFs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8c0edbb56bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=G-HS5Y0K7QPG&l=dataLayer&cx=c

142.250.74.168

200 OK

215 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-HS5Y0K7QPG&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint81:B9:A4:E4:E4:84:05:A7:F6:52:4F:E2:74:27:36:05:0D:74:15:89
ValidityThu, 28 Sep 2023 05:26:20 GMT - Thu, 21 Dec 2023 05:26:19 GMT

File type
ASCII text, with very long lines (4179)
Size
215 kB (214598 bytes)
Hash
3df08b577f9316760bce2839503a1ab6
0e31b3601310d0dbbb56a3d8ca63ece87bc86a92
cf738c56ad6b49abc628b69178c2872f3a2cba5f6a44a136855924cc1cbffd73

HTTP Headers

GET /gtag/js?id=G-HS5Y0K7QPG&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 21 Oct 2023 08:01:17 GMT
expires: Sat, 21 Oct 2023 08:01:17 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 77353
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=be4054ef01b79af42428

172.67.150.79

200 OK

79 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=be4054ef01b79af42428
IP
172.67.150.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type

Size
79 kB (79073 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=be4054ef01b79af42428 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Cookie: _ga_V5K7GYT3S4=GS1.1.1697875278.1.0.1697875278.0.0.0; _ga=GA1.1.1692317278.1697875279; _ga_HS5Y0K7QPG=GS1.1.1697875278.1.0.1697875278.0.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:18 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 12 Oct 2023 20:06:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40790
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ncPe9ApbNa4%2BmyTRDpWUsc2Cydsb88ltDAP7ip9SAVI%2BYSqzrA0jV9wdoKtT0D7NK1H0SPGfsoQ1FG7JvRRq%2BVZQ7Hyz4XNuBmTpG3mnW2D51SlFw9mjQPsFQBw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8cbaed256bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.31

172.67.150.79

200 OK

21 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.31
IP
172.67.150.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with no line terminators
Size
21 B (21 bytes)
Hash
169a5dd1261e0d434162d1af68acbbcd
c18d59ed069049b012a61a8e6b958bfb25bc1b71
82b3dabc6615507ef352f36aa08a805d409e883f8024fd01fda43175b6b67b38

HTTP Headers

GET /wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.31 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
content-length: 21
cache-control: public, max-age=16070400
cf-bgj: minify
expires: max-age=A10368000, public
last-modified: Fri, 22 Sep 2023 09:31:14 GMT
cf-cache-status: HIT
age: 40788
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WBRH6Ve8%2Bo%2FKE3rrvgo13dS9kaeYEdmkQ7ulBlx1I7rsQO4jO1zOIpr%2Fls6r8ZRoLvgP5sCs8nbbLpmW3TD3bX97Tj6WWdTw4z15Mq813WmNINsPYx784RAcDE4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8197f8c0ad8856bf-OSL
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.31

172.67.150.79

200 OK

110 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.31
IP
172.67.150.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with no line terminators
Size
110 B (110 bytes)
Hash
70cd599fb1a952f67216cc82829f9ada
74cfae7f053f69abf2dce9cb74c962a83b8ba8bf
1fa8347df53b4287898f910b10e189b287e5610aa9d6cd322fb53d487b37a56d

HTTP Headers

GET /wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.31 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=112
expires: max-age=A10368000, public
last-modified: Fri, 22 Sep 2023 09:31:13 GMT
cf-cache-status: HIT
age: 40788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WnP%2FP1oeON83anCaivwbuzKP7RQQ7wEAGbq7tyx1%2Fgusm8CR6G82IFGqI6sGbt6FeQv5t%2F9Ew3gR7peEMCW4dRmnmBE%2BrvEXRUd3QHQITuEwZSn3cFJc6rhyZAo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8197f8c0ad8956bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

doruffleton.com/tag.min.js

139.45.197.244

200 OK

81 kB

URL GET HTTP/2
doruffleton.com/tag.min.js
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectdoruffleton.com
Fingerprint8D:99:65:BD:FF:22:4C:6B:41:72:27:BC:29:02:01:7C:6F:06:33:89
ValiditySat, 07 Oct 2023 07:17:50 GMT - Fri, 05 Jan 2024 07:17:49 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
81 kB (80790 bytes)
Hash
2c433b3a7bd223a09d253bc43a4b0e1b
6b4d75928278e355515d83228c12b33a7054ec08
09f60ff073f52f912ab3522789cf0379dc3846f444566af619d2af5f1af459b8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: doruffleton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:18 GMT
content-type: text/javascript; charset=utf-8
content-length: 25495
content-encoding: br
x-trace-id: 8992916997cece46d4b4f4d85394902b
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Fri, 20 Oct 2023 10:49:02 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/cache/wpfc-minified/fhg2umku/5qz0r.css

172.67.150.79

200 OK

148 kB

URL GET HTTP/3
nsw2u.com/wp-content/cache/wpfc-minified/fhg2umku/5qz0r.css
IP
172.67.150.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type

Size
148 kB (147784 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/cache/wpfc-minified/fhg2umku/5qz0r.css HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: text/css
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Tue, 29 Aug 2023 11:06:03 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40789
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X899czGoxTnwzkZk%2F839ZNJ8sUC2uWxAelYcPSKWM991nn91Y0XWuAacx0GYxPxRh%2FNtYYkg6dzbfgq7abGK5npj6ed3nHW7wtkv6v0Etm7%2Fg9nVV6KX%2BSi6lmY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8bd4b0d56bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.core.js

172.67.150.79

200 OK

14 kB

URL GET HTTP/3
nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.core.js
IP
172.67.150.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text
Size
14 kB (13696 bytes)
Hash
0e78b1db7d662e95ae8c3506146b080a
9f1675c87a306e4dd45f84d0b7ac484ae506245e
6e79424f448b401656e2384514c9332a4baa6ab4d458ba048655e01f4b1c60f2

HTTP Headers

GET /wp-content/themes/posterpro/foundation/js/foundation.core.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ja7C%2BSzsgUY6NeVbqVePAnhGFCAmZ47HxYpYvsTpZOa5as0%2BkbLpiS2TdR2vRf%2FewrVAsG%2FKbY5kSGdQOUxwusg79AXERk8lr6h0Y028J0%2FyX6rI%2BNYeww1HTq4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8c0edba56bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js

192.0.77.37

200 OK

8.2 kB

URL GET HTTP/2
c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (8365), with no line terminators
Size
8.2 kB (8171 bytes)
Hash
08e6714eaf3cfe8f3c7839f22d90ba4e
94fdad68854d0d3482b877aef7ba7c2eb265c621
e424039d5a737a1bda8a5ded60919e5067085729310762eebb09c20e07d249c8

HTTP Headers

GET /c/6.3.2/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 18 Jan 2023 11:16:33 GMT
content-encoding: br
expires: Sun, 20 Oct 2024 08:01:16 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

142.250.74.130

200 OK

148 kB

URL GET HTTP/2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP
142.250.74.130:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
FingerprintA4:04:A4:CD:74:4A:5D:D5:E5:B7:37:26:D7:25:FC:00:CC:C5:4A:4F
ValidityThu, 28 Sep 2023 05:26:19 GMT - Thu, 21 Dec 2023 05:26:18 GMT

File type
ASCII text, with very long lines (3968)
Size
148 kB (147522 bytes)
Hash
a3312559d459e0e42277a4e01477657d
7c1d2efa8286295df4c8c2c7ea1922629d91e392
9c07e19d6062957e779c57f54d47fc9f11440053911faeb3883b771fe9f7393e

HTTP Headers

GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 21 Oct 2023 08:01:18 GMT
expires: Sat, 21 Oct 2023 08:01:18 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 11389023952349986819
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 50981
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

nsw2u.com/wp-content/cache/wpfc-minified/ehn7s3j8/dmlqt.css

172.67.150.79

200 OK

15 kB

URL GET HTTP/3
nsw2u.com/wp-content/cache/wpfc-minified/ehn7s3j8/dmlqt.css
IP
172.67.150.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (6817)
Size
15 kB (15333 bytes)
Hash
1fee9d9ba9d8cc17b88610f753052dd1
b8608a7bcb05bcca68814671bb114871f2c97f0e
f50cc3d3d3714cc7aae738eb19b41f70b1eec94c290f8985af4dcd36dcfad0dd

HTTP Headers

GET /wp-content/cache/wpfc-minified/ehn7s3j8/dmlqt.css HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: text/css
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sun, 03 Sep 2023 08:56:51 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40789
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CXtWewYZPirrF5onWRVo7hAw1hxJlz4ws6WOEdtrPDGJ5%2BwbyFM%2B7JIFWhM3fX%2FB%2Bl0%2BWQz%2BK%2BOJ3mTgvaa5o3O80xerRVv%2FuA0VhB1EAckPOdvf843jwHUlvj4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8bd3b0456bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188

172.67.150.79

200 OK

701 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188
IP
172.67.150.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (727), with no line terminators
Size
701 B (701 bytes)
Hash
e8b1dbb3b1a9bc1b59010bd6f7035465
c9d0ec84d9184c72ea6335c67193d25a90e003af
18c991e1cdc15a5c427215cf20569d60a7aa9bc32f1f7a2382640782a6e5bfe7

HTTP Headers

GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 12 Oct 2023 20:06:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fveFNd%2FMzpYGqDo%2F9PnbEJQEYchyh7T3Zqli1annja6dhk4xqfwIRyaKiYfUgHgtn8RUJYE3VN0KQHKQg9mPKHa7Cahfsy1kxamM8P6YIyvRICGdi2tQhcvbBIM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8c0fdd456bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

c0.wp.com/p/jetpack/12.7/css/jetpack.css

192.0.77.37

200 OK

101 kB

URL GET HTTP/2
c0.wp.com/p/jetpack/12.7/css/jetpack.css
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type

Size
101 kB (100602 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /p/jetpack/12.7/css/jetpack.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 10 Oct 2023 19:16:20 GMT
content-encoding: br
expires: Sun, 20 Oct 2024 08:01:16 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/cache/wpfc-minified/q8eepl4d/dmlqt.css

172.67.150.79

200 OK

8.1 kB

URL GET HTTP/3
nsw2u.com/wp-content/cache/wpfc-minified/q8eepl4d/dmlqt.css
IP
172.67.150.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (8145), with no line terminators
Size
8.1 kB (8143 bytes)
Hash
734068ce5268bc23a7506f3e9e9f5d41
acf53910826dc6702a5fb8f2bf6aab44b17f4886
2dd5b45b7df3d954548b70324f5730bf593bcdab6dac3632cc19ac119e8912a8

HTTP Headers

GET /wp-content/cache/wpfc-minified/q8eepl4d/dmlqt.css HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: text/css
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sun, 03 Sep 2023 08:56:51 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40789
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nNYb2mFLQ3aAh0eILalX5KmMeyKB4zM6TGJMOs2Z8tUDrPmd1b1XPFPbHwyf69HQk%2BGeP3hhxxk8cz8jIER6nMNBFD%2BZuNnvwPbiLPgERUWV9ThlcQ9wODvmnjs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8bddb5956bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.2

172.67.150.79

200 OK

4.6 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.2
IP
172.67.150.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (4857), with no line terminators
Size
4.6 kB (4591 bytes)
Hash
3c05b4818fda400788cc5c2f60d87ea4
01e544e8461be8bb14a13fb8be13cc1e8259858e
db8170cdde3c954a075a4c1cfe836be73fc450ee8a298978470ca6a110284a08

HTTP Headers

GET /wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.2 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 21 Oct 2023 08:01:16 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:31:33 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 40788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q1q4bD8pQYWU8k7E%2FHXuoRpCk%2F6YYrnYzUrZQz2x5x68fYt0chu0qbvRNjFgf%2F1hWKlLa47LL6aj%2Fo%2FD6ibWLUXcOSPjZnXIpavwETad1DFSTjClpmfHNO5Gxrk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8197f8c0edb756bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

192.243.61.227

307 Temporary Redirect

3.5 kB

URL GET HTTP/1.1
overcrummythrift.com/watch.554176852134.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22nsw2u%22%2C%22com%22%2C%22download%22%2C%22switch%22%2C%22roms%22%2C%22eshop%22%2C%22nsp%22%2C%22xci%22%2C%22nsz%22%5D&refer=https%3A%2F%2Fnsw2u.com%2F&tz=0&dev=e&res=14.2079&uuid=8787e4ad-373a-416a-b5a3-9fd8a0395a58%3A3%3A1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectovercrummythrift.com
FingerprintC5:DE:2C:A4:57:98:D8:44:14:FB:0C:82:17:99:DA:E5:AB:8C:7D:C8
ValidityTue, 10 Oct 2023 08:21:33 GMT - Mon, 08 Jan 2024 08:21:32 GMT

File type

Size
3.5 kB (3496 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.554176852134.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22nsw2u%22%2C%22com%22%2C%22download%22%2C%22switch%22%2C%22roms%22%2C%22eshop%22%2C%22nsp%22%2C%22xci%22%2C%22nsz%22%5D&refer=https%3A%2F%2Fnsw2u.com%2F&tz=0&dev=e&res=14.2079&uuid=8787e4ad-373a-416a-b5a3-9fd8a0395a58%3A3%3A1 HTTP/1.1
Host: overcrummythrift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sat, 21 Oct 2023 08:01:19 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://nsw2u.com
Access-Control-Allow-Origin: https://nsw2u.com
Access-Control-Allow-Credentials: true
Location: https://overcrummythrift.com/watch.554176852134.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22nsw2u%22%2C%22com%22%2C%22download%22%2C%22switch%22%2C%22roms%22%2C%22eshop%22%2C%22nsp%22%2C%22xci%22%2C%22nsz%22%5D&refer=https%3A%2F%2Fnsw2u.com%2F&tz=0&dev=e&res=14.2079&uuid=8787e4ad-373a-416a-b5a3-9fd8a0395a58%3A3%3A1&shu=0f88ab52672ecd5a23615d10de272b6711ffb319fd29331a97a49cd190afa6c8fdc3e9b999e891fe3d76e46cfd62690ff627759e3339c50ffb9130c1ddd884acdd8d10201ea999b7ba46c8dc4a55f0ad9e47a3135afc1101baeeb0f46d7f94&pst=1697875339&rmtc=t
Set-Cookie: u_pl=19067264; expires=Sun, 22 Oct 2023 08:01:19 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTA2NzI2NCwiayI6ImE0NTkyMmZhNDk2Njk1NWNlY2RmZmJkZGU1MzQ3YWU1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNDQ5ODA3LCJwaWQiOjE2MjY3OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjozMiwicHQiOjQsInBrIjoibWh2ZzFhbXRhIiwiY3BrcyI6eyAiMjgiOiJlZDZjYTVlYjhhYmM5YTg2NGZmYTM5MTE1Nzk5YjY0MSIsIjI5IjoiM2EyMjZhNjY0MGE2NDQ2ZGJjN2NkYzk2ZWNjNmIzZTgifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjE3OTA4ODk0OCwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMjQzODYsImJuIjoiRmlyZWZveCIsImJ2IjoiMTExLjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9uc3cydS5jb20vIn19.whvp_sQpIdUSm4SK7_ZQxkz-uJBivC_dFSr-vXd5VZ4; expires=Sat, 21 Oct 2023 08:02:19 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 42ab00a2c3caa9e0302b32bbf50ae1a5
Strict-Transport-Security: max-age=0; includeSubdomains

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (64)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations