Report - nsw2u.com

Report Overview

Visited public
2023-10-14 22:59:54
Tags
Submit Tags
URL
nsw2u.com
Finishing URL
nsw2u.com/
IP / ASN
188.114.97.1
#13335 CLOUDFLARENET
Title
nsw2u.com | Download Switch Roms eShop NSP XCI NSZ

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
nsw2u.com	unknown	2020-12-05	2020-12-20 03:30:48	2023-10-14 14:38:07	14 kB	926 kB	188.114.97.1
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-10-13 23:31:20	1.3 kB	227 kB	142.250.74.168
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21 01:06:24	2023-10-14 05:33:59	340 B	942 B	108.157.228.227
ocsp.pki.goog	175	2016-06-13	2018-07-01 08:43:07	2023-10-14 18:12:07	1.7 kB	3.5 kB	142.250.74.67
stats.wp.com	2711	1997-03-28	2017-01-30 06:06:59	2023-10-14 05:11:29	400 B	11 kB	192.0.76.3
pixel.wp.com	2545	1997-03-28	2017-01-30 06:31:40	2023-10-14 05:11:31	485 B	241 B	192.0.76.3
banquetunarmedgrater.com	unknown	2022-08-04	2022-08-04 17:12:50	2023-10-13 20:49:41	409 B	837 B	172.67.196.166
friendshipmale.com	unknown	2022-10-21	2022-10-21 14:15:25	2023-10-14 11:27:48	397 B	86 kB	104.21.234.33
i0.wp.com	3021	1997-03-28	2013-09-17 08:14:42	2023-10-14 19:08:55	4.3 kB	152 kB	192.0.77.2
itespurrom.com	unknown	2023-02-08	2023-02-08 23:20:56	2023-10-08 12:33:54	1.9 kB	34 kB	139.45.197.243
images.vfl.ru	275945	2001-02-13	2012-10-04 04:24:47	2023-09-29 16:31:46	4.0 kB	562 kB	62.173.140.199
www.google-analytics.com	40	2005-07-18	2012-10-03 03:04:21	2023-10-14 05:12:31	408 B	22 kB	64.233.161.113
definedbootnervous.com	unknown	2023-05-22	2023-05-22 04:09:17	2023-09-19 17:07:27	435 B	12 kB	192.243.61.227
professionalswebcheck.com	unknown	2022-04-01	2022-04-02 00:47:29	2023-10-13 18:16:43	424 B	416 B	3.73.202.184
pagead2.googlesyndication.com	101	2003-01-21	2021-02-20 16:52:05	2023-10-14 14:38:02	447 B	52 kB	216.58.211.2
rabblespidersrenaissance.com	unknown	2023-09-27	2023-09-27 04:01:16	2023-10-14 03:06:01	3.1 kB	24 kB	192.243.61.225
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-10-14 00:34:18	459 B	1.4 kB	142.250.74.106
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-10-13 18:58:36	1.4 kB	9.9 kB	104.17.24.14
c0.wp.com	6988	1997-03-28	2018-09-24 17:59:05	2023-10-14 10:08:16	5.3 kB	321 kB	192.0.77.37
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2023-10-14 18:26:02	453 B	738 B	139.45.195.8
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12 17:15:41	2023-10-14 05:13:43	443 B	25 kB	45.133.44.10
formationwallet.com	unknown	2023-09-23	2023-09-25 18:05:47	2023-10-13 21:14:10	483 B	469 B	173.233.137.52

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-10-14	medium	definedbootnervous.com	Sinkholed
2023-10-14	medium	itespurrom.com	Sinkholed
2023-10-14	medium	rabblespidersrenaissance.com	Sinkholed
2023-10-14	medium	rabblespidersrenaissance.com	Sinkholed
2023-10-14	medium	rabblespidersrenaissance.com	Sinkholed
2023-10-14	medium	formationwallet.com	Sinkholed
2023-10-14	medium	itespurrom.com	Sinkholed
2023-10-14	medium	itespurrom.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (64)

	URL	From	Size	First Seen	Last Seen
	nsw2u.com/wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.31	ScriptElement	23 B	2023-03-08	2024-10-06
Pretty URL nsw2u.com/wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.31 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:02 Last Seen2024-10-06 09:26 Times Seen26 Hash e509c98a0bcad0ce8e6248ac8eb31de1 ec5fe203df631088270b5f2b0b7a85498a2aeb8b 352ea4dd2d545563bef7eb0ba6d6ebfe4bc9d9e51ab00d9c925cb9e103edee63 Loading...

	nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=be4054ef01b79af42428	ScriptElement	79 kB	2023-09-22	2023-11-28
Pretty URL nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=be4054ef01b79af42428 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-22 00:36 Last Seen2023-11-28 22:45 Times Seen25 Hash 492b6d5195d2fbd9e612a20a9bd1a009 abd6a079460dc394397df83a9ea641ee03884c58 937ba827d294056f81fcab0e37e5769ca968072be205dcd7125fb61e5a7cdac9 Loading...

	c0.wp.com/c/6.3.2/wp-includes/js/dist/hooks.min.js	ScriptElement	4.6 kB	2023-08-08	2025-07-02
Pretty URL c0.wp.com/c/6.3.2/wp-includes/js/dist/hooks.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-08 23:25 Last Seen2025-07-02 01:23 Times Seen15276 Hash 7bd48eb3bd568033e96caf0fb62e6690 b38066999294b99d92d95db5f38bc15707eb1f22 7868467c94a5aa0b3f11ef542f45287967f9627b3b5acdc86e47f8f77a126596 Loading...

	unknown	ScriptElement	294 B	2023-05-11	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 18:42 Last Seen2024-08-21 08:54 Times Seen12 Hash f73754c10536a2e729f6d06f9e7f191f f69f394a68fcebecbce2ada0f6f8a91ffc077790 06dc51e59503bfca6c59b6050f0dba624b14358f3644d81a3f6605f6586151f6 Loading...

	unknown	ScriptElement	79 B	2023-03-07	2025-07-01
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2025-07-01 23:29 Times Seen760 Hash ab1b0ef42311479d7559bffd29ef8d7d ba1509057a5f82563a2b55a7379f4825fe35bcab 37bf8b4db5288941c20c28fd7c0b201d2270201a94739d64462744ffe6b52f79 Loading...

	unknown	ScriptElement	82 kB	2024-08-21	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 04:41 Last Seen2024-08-21 04:41 Times Seen1 Hash 5404a368665e4f30b7a3bd4a0ec3c437 b1dc0b8f6f7fdf01bf00abe5176cb476c5ecedb8 0128863b16b529949092392d623bed09b96043ae3723ce2d334b2c05a8324b4b Loading...

	nsw2u.com/wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.31	ScriptElement	22 B	2023-03-08	2024-10-06
Pretty URL nsw2u.com/wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.31 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:02 Last Seen2024-10-06 09:26 Times Seen26 Hash 41bd53fe0ee631d5cfd895e18a53291d 9d9d3c42c53ad7f906cb083a0d2d37afb4537764 dfb2e16986e257b608b45d14396378a8f2ac6a7321c0dc2f13c66a33ec8e4a40 Loading...

	unknown	ScriptElement	447 B	2024-08-21	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 04:41 Last Seen2024-08-21 04:41 Times Seen1 Hash 8d58842e7ff194b34a3eb21b72a65018 7d51d7a294ef0196c2647741e57e632642439bd5 1dcea33b18534b3d498398ea846695229bca9524c16b441209d7737b71a3bcef Loading...

	rabblespidersrenaissance.com/ed/6c/a5/ed6ca5eb8abc9a864ffa39115799b641.js	ScriptElement	43 kB	2023-10-15	2023-10-15
Pretty URL rabblespidersrenaissance.com/ed/6c/a5/ed6ca5eb8abc9a864ffa39115799b641.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-15 00:59 Last Seen2023-10-15 00:59 Times Seen1 Hash a4ebc7499985f89f51514a7941d42755 426e11fb788360274437a6b38ddca17df4441172 846d2558831aeb877a06583d06f74a74f5366c810da2739e69ea92df020c0e43 Loading...

	stats.wp.com/w.js?ver=202341	ScriptElement	11 kB	2023-05-15	2024-08-21
Pretty URL stats.wp.com/w.js?ver=202341 IP 192.0.76.3 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-15 15:42 Last Seen2024-08-21 09:42 Times Seen1419 Hash f6c87bc49e7646c7ccda489b9defc829 9003fc52b4c4014b4bd9fe2f4506440b299478b2 e97d12898ebf1039197a2a1c2f87bfe3b56f93eca2bfe60a46a1053fab7ad860 Loading...

	cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.3.2	ScriptElement	3.1 kB	2023-03-07	2025-07-01
Pretty URL cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.3.2 IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:06 Last Seen2025-07-01 13:28 Times Seen342 Hash 94279a9a0c4060a96efcf1da47716f86 ea88b3fd8b01a8b86edfd0f4120cc9a834893018 d41c6733a8c4a3a7f08204de8e3d60e1d2baf17dd7f675a26830fb1047fac40a Loading...

	unknown	ScriptElement	116 B	2023-03-12	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 08:01 Last Seen2024-08-21 08:54 Times Seen22 Hash 4733472fadbcf993b031e917e8c1a8bb 25a0a1bbaaefc39004ab2d28cfa0291c2920c8d3 2d901063b6ea17df1dac8e5cdcdecd6359fe0c8613a456bfc1f3b15b03dd5143 Loading...

	itespurrom.com/tag.min.js	ScriptElement	80 kB	2023-10-14	2023-10-18
Pretty URL itespurrom.com/tag.min.js IP 139.45.197.243 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-14 03:59 Last Seen2023-10-18 12:35 Times Seen164 Hash a95c344616a01fcb847758f5eab31207 274f322059eb248f3518f7c78b2fc69faae0551c 72e9c7cfe696a88de9acd9d80da1b2c4c3441c2ff2c0cf5c57a07aa153d91f13 Loading...

	unknown	ScriptElement	187 B	2023-10-15	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-15 00:59 Last Seen2024-08-21 04:41 Times Seen10 Hash 91f51021b7facfc276086d27fa65c473 26171fc83df06a093b5760bb0ea2b78f9aacefee e67e7ca5672b9d50d3020a0ea25054f83a552dc00c9377e164bcc9bf34463fdf Loading...

	c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/regenerator-runtime.min.js	ScriptElement	6.6 kB	2023-03-14	2025-07-02
Pretty URL c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/regenerator-runtime.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 07:30 Last Seen2025-07-02 01:24 Times Seen13156 Hash 9a4f28a615173df36cb84be2b345816e f709263841708d9e40268f24a0072ff4fe811b35 6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6 Loading...

	unknown	ScriptElement	59 kB	2024-08-21	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 04:41 Last Seen2024-08-21 04:41 Times Seen1 Hash b6930526d604e01c7e0719becb0db246 b97d624d19e3793cd145b3eb8fa222b10d1dce14 75e54442739120b005ab75152198cba6aa393c99209e386ac574caf2ac8efef3 Loading...

	nsw2u.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js	ScriptElement	12 kB	2023-03-07	2025-07-02
Pretty URL nsw2u.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-02 01:49 Times Seen38220 Hash 88a769d2fe35899fd45a332a0a032cc0 514c6c1d8475d17e412849a4c90159517d0fa10a ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142 Loading...

	c0.wp.com/c/6.3.2/wp-includes/js/jquery/jquery.min.js	ScriptElement	88 kB	2023-06-13	2025-07-02
Pretty URL c0.wp.com/c/6.3.2/wp-includes/js/jquery/jquery.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-13 23:41 Last Seen2025-07-02 01:11 Times Seen26523 Hash ff04dd1ef5c67998d8652330c0441689 5e6ff5bd5240181a8bdea983837f39ac231dac4d 5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164 Loading...

	c0.wp.com/c/6.3.2/wp-includes/js/dist/url.min.js	ScriptElement	9.1 kB	2023-08-08	2025-06-30
Pretty URL c0.wp.com/c/6.3.2/wp-includes/js/dist/url.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-08 23:54 Last Seen2025-06-30 21:57 Times Seen694 Hash 16e2e46b37590d0f0b095e0dc1aaaf87 11fd26f35df888a81534699194516b5178c217a4 68355abe687cffeeefe36bc69855523ab4745d0e753f7417138f9a41259cce71 Loading...

	unknown	ScriptElement	1.4 kB	2024-08-21	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 04:41 Last Seen2024-08-21 04:41 Times Seen1 Hash 0da466422c36650bd7c5fcd69e520459 025b064ab4bdf8a4fda4a503e944d43fc64e284b 741571fcf33b4301550a428cd62d723247170a83b1d4a5ce234e6f42568f560e Loading...

	unknown	EventHandler	90 B	2023-05-25	2025-06-14
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-05-25 07:37 Last Seen2025-06-14 09:43 Times Seen54 Hash 08fde8ea209fc5fc4fdb2a9c614edaf8 7b54ed7f80a3c3187c406e0c3d9ad247516a05fa ec939e7c2a87ddbb495dbe67a38c2291826a37c7c00e03f22ba7fb05d290349a Loading...

	www.googletagmanager.com/gtag/js?id=UA-262573192-2	ScriptElement	189 kB	2023-10-15	2023-10-15
Pretty URL www.googletagmanager.com/gtag/js?id=UA-262573192-2 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-15 00:59 Last Seen2023-10-15 00:59 Times Seen1 Hash f857e50bb34a2a25112f214bd2a9cb60 8eab946abce84c1d5aebd62424c96b7b36e357f3 70d401f1b3ca53daffccd34ed252c71b2a6218ed1182fd09fc11381625a17c68 Loading...

	nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=0aa4f53ecbe8911b5307	ScriptElement	7.6 kB	2023-09-23	2023-11-28
Pretty URL nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=0aa4f53ecbe8911b5307 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-23 16:46 Last Seen2023-11-28 22:45 Times Seen29 Hash 70c183398322d73b50b8b4abece239a9 e79dec738456aa7882ffbaf481eb13849da7c227 969eb11be3a2271857373fe0e1424232f62f24ebc4cac8cd532c35d43634c046 Loading...

	cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.3.2	ScriptElement	1.9 kB	2023-03-07	2025-07-02
Pretty URL cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.3.2 IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:32 Last Seen2025-07-02 00:50 Times Seen1315 Hash f6a3dd4ecbf227acbafcff33d68dc71d 7421115ddcd5d436b89a1fd27e0cdce5a01978e6 30b2271be76ee2dd43122d0611f8aa498b9781f4cd03904ca12e12d2e91e9421 Loading...

	nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=a812fafe63c2ca6c059f	ScriptElement	77 kB	2023-09-22	2024-08-21
Pretty URL nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=a812fafe63c2ca6c059f IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-22 00:36 Last Seen2024-08-21 06:08 Times Seen48 Hash 3c7e73dd02f57abb6fec8fadea6e35b0 dfec9a1a86ae00e26c0067bd8c8b7ea4860239c8 d4e76d642b11df90fe1e33c420b70c975a23eebc7aea1416a272439ea9903019 Loading...

	c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js	ScriptElement	8.2 kB	2023-03-13	2025-07-02
Pretty URL c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:32 Last Seen2025-07-02 01:48 Times Seen30910 Hash dda652db133fddb9b80a05c6d1b5c540 60c8514c57a5db2980c4b046b0dd479bd427357b c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4 Loading...

	www.googletagmanager.com/gtag/js?id=G-HS5Y0K7QPG&l=dataLayer&cx=c	ScriptElement	213 kB	2023-10-15	2023-10-15
Pretty URL www.googletagmanager.com/gtag/js?id=G-HS5Y0K7QPG&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-15 00:59 Last Seen2023-10-15 00:59 Times Seen1 Hash a4cc62d82c9898e21e51febbb64af4f1 a9174a05ab2a6e94e94ad62f2c7f9186d8656c1d d8ad7aff271a2a8195032fe31289808c48b8b6af65830e6d934a0accb9d4fe93 Loading...

	nsw2u.com/wp-content/themes/posterpro/js/navigation.js?ver=20120206	ScriptElement	2.3 kB	2023-03-07	2025-07-01
Pretty URL nsw2u.com/wp-content/themes/posterpro/js/navigation.js?ver=20120206 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39 Last Seen2025-07-01 13:14 Times Seen203 Hash c3a5b08af3e63049707797efe65eab86 f66ed251ef8c24614ff24376d472f2f394f7b93f d79752e33e156b5cb219ab45103fe0ed7d80f111533dd8eec42c57546b4da500 Loading...

	unknown	ScriptElement	134 B	2024-08-21	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 04:41 Last Seen2024-08-21 04:41 Times Seen1 Hash 6f506bb7af7e7613ee1c614648f06971 4ba407f6683af457e2b187b429b00b824095ecd8 7247c6eb60514195641449696908c8c65c5ddc8dffc0c2930ff3dd93400569b4 Loading...

	c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/wp-polyfill.min.js	ScriptElement	16 kB	2023-07-22	2025-07-01
Pretty URL c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/wp-polyfill.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-22 18:30 Last Seen2025-07-01 17:45 Times Seen9560 Hash 94dfdbe80f36b3be63ce74ff1135b996 5e05077d99e736af42b2da70e428e7f7df556dd4 4c0ced2cb3830d045cdd74f745fd4d6dcb082d8edd3a9fe46e39295e30cb8032 Loading...

	nsw2u.com/wp-content/cache/wpfc-minified/7kcuf8x0/5qz0r.js	ScriptElement	6.2 kB	2023-09-23	2024-08-21
Pretty URL nsw2u.com/wp-content/cache/wpfc-minified/7kcuf8x0/5qz0r.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-23 16:46 Last Seen2024-08-21 05:56 Times Seen8 Hash 38fca9e0ca205130e3dddbdcda3b4a85 2c0ac19235a88fb361aff39bc0922e4b946c2c5e 43c8d614ba6e97fd9ee9dcf0ae49334ed5d601403ffe8551a74e1a9faf70efaa Loading...

	unknown	ScriptElement	3.4 kB	2023-08-13	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-13 04:23 Last Seen2024-08-21 08:54 Times Seen12 Hash 56707025a82573f275588f90b350d3ad f13b7c18e940908856144a8a4783f01984c5c4a7 163e5c7829763a6443786bf0b88bdf7756c6500d6394ecd344a02dd9ba947d27 Loading...

	nsw2u.com/sandbox%20eval%20code		147 B	2023-04-11	2025-07-02
Pretty URL nsw2u.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-07-02 02:01 Times Seen383459 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	unknown	ScriptElement	53 B	2023-03-12	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 08:01 Last Seen2024-08-21 08:54 Times Seen22 Hash d3ead7e34b8fbb76cb63a9a39943859e 63fd3f10bd402ea5cc976e7bb1a45094edc3c9b7 9e66e7b215400aaa09d635b39effef5986bfb2e86a789c6fd4b8b36ffa52ba09 Loading...

	unknown	ScriptElement	68 B	2023-03-07	2025-07-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-02 01:59 Times Seen31128 Hash d30f13da1f424ee0383b76edc55881e1 7e348a5f57ab13eedbc4ed917cdeee5bb9f9bd46 cf01a621447e67a81629bc28276677c86c48fd72c44cba83a82448574aadfd60 Loading...

	nsw2u.com/wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.31	ScriptElement	21 B	2023-08-13	2024-08-21
Pretty URL nsw2u.com/wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.31 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-13 04:23 Last Seen2024-08-21 08:54 Times Seen24 Hash 169a5dd1261e0d434162d1af68acbbcd c18d59ed069049b012a61a8e6b958bfb25bc1b71 82b3dabc6615507ef352f36aa08a805d409e883f8024fd01fda43175b6b67b38 Loading...

	nsw2u.com/sandbox%20eval%20code		128 B	2023-05-06	2025-07-02
Pretty URL nsw2u.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-06 01:21 Last Seen2025-07-02 02:01 Times Seen28407 Hash 23c336606ee3a6d444b305153fa0e2e2 473a2111970ae2a94b373e656d20c4bd4184d703 305375d5052f6a14434d2d338f852f0f4f04fb26495f88a5d62b6afde2e2cc60 Loading...

	unknown	ScriptElement	327 B	2023-06-05	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-05 20:48 Last Seen2024-08-21 08:54 Times Seen22 Hash 0a55a8928cbca5bfac5a66c1723452e6 9f786632275f60fbb585193fa762b0dc5e711a51 7528db72a98a32805f731cc62e8a47bf9218f6e7d02183d9c77e73868e8884a0 Loading...

	unknown	ScriptElement	25 kB	2024-08-21	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 04:41 Last Seen2024-08-21 04:41 Times Seen1 Hash e5aa36e02ae7d557eaba143cc397773c 05008e746819697f7ac08c933a7bf6f20cc5eea7 43babaf4de1de33da55279bda0bb6f4277604279b909e4fd329634617f88aed0 Loading...

	nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.core.js	ScriptElement	14 kB	2023-03-08	2025-06-29
Pretty URL nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.core.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:39 Last Seen2025-06-29 13:59 Times Seen52 Hash 0e78b1db7d662e95ae8c3506146b080a 9f1675c87a306e4dd45f84d0b7ac484ae506245e 6e79424f448b401656e2384514c9332a4baa6ab4d458ba048655e01f4b1c60f2 Loading...

	pagead2.googlesyndication.com/pagead/js/adsbygoogle.js	ScriptElement	1.6 kB	2023-05-06	2025-07-02
Pretty URL pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP 216.58.211.2 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-06 01:21 Last Seen2025-07-02 02:01 Times Seen28171 Hash 2e9e391ad98fbe1b2de0b7b4fa9ca904 21d7771223e8286a06ad878af425094a40de32b5 1468d954f25ab75355f3c0f42cd9c84efd64a67922c47d3b69bdb6d0eb399e69 Loading...

	c0.wp.com/c/6.3.2/wp-includes/js/jquery/jquery-migrate.min.js	ScriptElement	14 kB	2023-05-09	2025-07-02
Pretty URL c0.wp.com/c/6.3.2/wp-includes/js/jquery/jquery-migrate.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-09 19:21 Last Seen2025-07-02 01:59 Times Seen135008 Hash 9ffeb32e2d9efbf8f70caabded242267 3ad0c10e501ac2a9bfa18f9cd7e700219b378738 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89 Loading...

	nsw2u.com/wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115	ScriptElement	880 B	2023-03-07	2025-07-01
Pretty URL nsw2u.com/wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:25 Last Seen2025-07-01 13:14 Times Seen115 Hash 88744222f59f4700c6bc9212e12a653c df0bf43d60bed605eabbcb2776e0fbb46f1d1c05 4b179f8204186f3aa954f47cd81dbe86bf89c08edb8d5341b8e0697d99e35073 Loading...

	nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.min.js	ScriptElement	124 kB	2023-03-07	2025-07-01
Pretty URL nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.min.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:57 Last Seen2025-07-01 14:54 Times Seen75 Hash 7ed39eb42c8c450b59a24bab9cfa7fae 7fdd3fee90709f703fac533b6061864fcd7ec206 35ddb1ce73a4ac4f4792b00c8b8c56cbf857910ada5e2a0183d898b01adc16bb Loading...

	nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.5.0	ScriptElement	8.0 kB	2023-03-29	2024-08-21
Pretty URL nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.5.0 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:25 Last Seen2024-08-21 08:58 Times Seen45 Hash e65cb4d4cd399c1b09798edfcea1b41e 49a2a4a502ac7e2c15727c3b7fd6e3d9d5960ff2 d2e0e4ea817ec2075d8ad25c70e9c8e124df393088286cfe1e75dd56069abc2b Loading...

	nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.5.0	ScriptElement	3.9 kB	2023-03-29	2025-01-30
Pretty URL nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.5.0 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 21:02 Last Seen2025-01-30 22:02 Times Seen58 Hash 87015559c535c9314bb1a8d6ed05597e b9e3b22a2bd7457d044551d5126a29bae25489a9 e5903bfc201247ffb215a9c8ca6b66cf2b77d63dc7c7953937619535dd394a7e Loading...

	c0.wp.com/c/6.3.2/wp-includes/js/dist/i18n.min.js	ScriptElement	9.4 kB	2023-08-08	2025-07-02
Pretty URL c0.wp.com/c/6.3.2/wp-includes/js/dist/i18n.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-08 23:25 Last Seen2025-07-02 01:23 Times Seen14148 Hash c2c4e2a562e06e1cb22293a5b920aca6 a7b5a369ac4883f1ee7fa701b238d20238b675ca 698e93fe491cc7bbf07a470579a33dbd0db53c19142b7be41ebfd39a23aef11f Loading...

	nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188	ScriptElement	701 B	2023-05-10	2025-07-01
Pretty URL nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-10 12:45 Last Seen2025-07-01 18:05 Times Seen3123 Hash 328b8123661abdd5f4a0c695e7aa9dcc 4164f78bb52e9f2bfbb7ae5fd519b4638063c1f0 27dd9b075cc59cf5f3c0f6ee075f4bd113782d81ce30a4f16aac669ecfdc4fa2 Loading...

	unknown	ScriptElement	244 B	2024-08-21	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 04:41 Last Seen2024-08-21 04:41 Times Seen1 Hash 7012fa7e75fe28fcc9b228ded4368035 0c4396a77c2dc7dc4670959a22acc0471e9470ed ef978a913f89521ab697a42f15c43eaa7ca59835ac778d9e08752055abc77395 Loading...

	unknown	ScriptElement	3.3 kB	2024-08-21	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 04:41 Last Seen2024-08-21 04:41 Times Seen1 Hash e86b1520f7598237e448bc6d8d83a1c6 e42db4434016f58b4253ccde3cc307d949bad693 4f5bd929e879e885805132ff458723d1f141dd146f1d83b59ee8119b556e6c6e Loading...

	unknown	ScriptElement	145 B	2023-05-11	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 18:42 Last Seen2024-08-21 08:54 Times Seen22 Hash a23ba5b3c2d71c61ef5b40a4b5d84a17 8732a5e5f3d3bd88ddedb1cd24c2d17363e019d0 c2ec440a15201b83bbb8914f9e52de7f4455e44a992f6ab761b5bd62f3a1045b Loading...

	banquetunarmedgrater.com/advertisers.js	ScriptElement	0 B	0001-01-01	2025-07-02
Pretty URL banquetunarmedgrater.com/advertisers.js IP 172.67.196.166 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-07-02 02:01 Times Seen5234946 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-07-02
Pretty URL www.google-analytics.com/analytics.js IP 64.233.161.113 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-07-02 02:01 Times Seen382928 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	unknown	ScriptElement	70 B	2023-03-08	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:05 Last Seen2024-08-21 08:58 Times Seen63 Hash dab1184244d47ac25667c940eff90dfc 6cd473b92e1956bd305f0056a46f18b6a4dfd80f 071ab71aea40b26ed6bb74deeb4fb203bd381f3e418588089f4a46d36b3daa07 Loading...

	nsw2u.com/wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.31	ScriptElement	110 B	2023-03-08	2024-10-12
Pretty URL nsw2u.com/wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.31 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:02 Last Seen2024-10-12 13:50 Times Seen32 Hash b7d8aab20ec0137a23e4ff03411bd06c bd7e901bbf5968d13abb3dee762244715541bdfe 651cbb53c3e67a452582c597784a988f2ad5db132c709c279a23ad74b9917448 Loading...

	friendshipmale.com/sfp.js	ScriptElement	86 kB	2023-08-25	2023-11-23
Pretty URL friendshipmale.com/sfp.js IP 104.21.234.33 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-25 12:30 Last Seen2023-11-23 01:47 Times Seen6642 Hash 2d0450888479d4ddda305bd96206b240 5b4595aab1cd3f854718e05db9be0c65a12ab2f6 44de073e74ff24c6b1c0fe1f3ac5b33d793560e85ef24fb6ce89e76c2cf90af6 Loading...

	nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-ajax-search.min.js?ver=5.5.2	ScriptElement	68 kB	2023-03-13	2025-07-01
Pretty URL nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-ajax-search.min.js?ver=5.5.2 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:31 Last Seen2025-07-01 23:29 Times Seen278 Hash 51480f0afb0a30743ae59a3455633c75 2b46f094cb87015fa342da2bf1767413ec5c92b5 108cd01e5eaa34e9942ca8af9f8fe70271d3a3a5028fa085c628c162c3706d2d Loading...

	nsw2u.com/wp-content/cache/wpfc-minified/6zu0bqmr/5qz0r.js	ScriptElement	2.8 kB	2023-06-26	2024-08-21
Pretty URL nsw2u.com/wp-content/cache/wpfc-minified/6zu0bqmr/5qz0r.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-26 20:11 Last Seen2024-08-21 05:56 Times Seen8 Hash 351390b839bf683126e78afb44004636 5631ca683d75c60eb3dba2bed734716accbe5426 f9a6294ee0f29b05710d50c6f338bbf5465c1aa22a5d0a7a73e99bbe0845d4b0 Loading...

	www.googletagmanager.com/gtag/js?id=G-V5K7GYT3S4&l=dataLayer&cx=c	ScriptElement	227 kB	2023-10-15	2023-10-15
Pretty URL www.googletagmanager.com/gtag/js?id=G-V5K7GYT3S4&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-15 00:59 Last Seen2023-10-15 00:59 Times Seen1 Hash 7d0614863b8d50b7f86f3f6870159f2b f133f9b814e40a2f4f3e93e8e51fb9457c191abc 4d15bd04f337f723d12a5000f3a3ccdad8d9986089c7a20eab6d32580d75efd9 Loading...

	definedbootnervous.com/a45922fa4966955cecdffbdde5347ae5/invoke.js	ScriptElement	30 kB	2023-10-15	2023-10-15
Pretty URL definedbootnervous.com/a45922fa4966955cecdffbdde5347ae5/invoke.js IP 192.243.61.227 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-15 00:59 Last Seen2023-10-15 00:59 Times Seen1 Hash 933e24644fe6d434048c2e4172d045b6 05a1e96a0caaeccbb888378ca989c3ba43fc319a e20624a1a9ecd3eec6ae77fb643d30449721e290651f489deab30918947dab8d Loading...

	nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.2	ScriptElement	4.6 kB	2023-03-07	2025-06-29
Pretty URL nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.2 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2025-06-29 04:56 Times Seen317 Hash 3940eede2b6841663dddd9e946dec11e ccb59e18338a06a5f0168be0bd1677710f6d7bd4 b0fadf75681475e975bd2bdaceac6c08e8f5ef06f9a1c7fe9f3f7a571f5bc935 Loading...

	cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.3.2	ScriptElement	7.9 kB	2023-03-07	2025-07-02
Pretty URL cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.3.2 IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10 Last Seen2025-07-02 01:40 Times Seen5941 Hash 45bacd312d5098b4b59f563d8756c15d fa55e2cff078381e5365d95782a95a787d0b7192 3d9120fa621da6d613c1698b7014ec6bdf4620366e8f2b7b547059f4b6f6272b Loading...

		Size	First Seen	Last Seen
	#1 Eval - 17e23fb55f36c8c95e58e35b9010aed7	2.1 kB	2024-08-21 04:41	2024-08-21 04:41
Pretty Observations First Seen2024-08-21 04:41 Last Seen2024-08-21 04:41 Times Seen1 Hash 17e23fb55f36c8c95e58e35b9010aed7 02f479b31b43374ff7185e4e332c8eea5acb0a0c 4eef9e5a8fbe2a94e29f9f0be8a85b2b9f5ce1f9e122f5c0dcf3d07c5b968e1a Loading...

	#2 Eval - aefdcff39cc3022e2a53a41f2fad5712	6.3 kB	2024-08-21 04:41	2024-08-21 04:41
Pretty Observations First Seen2024-08-21 04:41 Last Seen2024-08-21 04:41 Times Seen1 Hash aefdcff39cc3022e2a53a41f2fad5712 4b64da72af2306df83f263fd299f30ef0846abe7 ab2017eef56bba69f2be60f95013b826534f2e68fba3547f45fe7b725885ff7c Loading...

HTTP Transactions (89)

URL IP Response Size

GET nsw2u.com/wp-content/plugins/chp-ads-block-detector/assets/img/icon.png

188.114.97.1

200 OK

16 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/chp-ads-block-detector/assets/img/icon.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
PNG image data, 350 x 350, 8-bit colormap, non-interlaced\012- data
Size
16 kB (15671 bytes)
Hash
134fce13c189ed0e483a1bddb6406204
eed559ac52e9731c56a1fb03eb94fc82e551bb66
723597ec6e9461e79c420faf0454170cf6f9243246a4fac3cef5f05a4b5be791

HTTP Headers

GET /wp-content/plugins/chp-ads-block-detector/assets/img/icon.png HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: image/png
content-length: 15671
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:29:33 GMT
cf-cache-status: HIT
age: 10108
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sRFiBBmhYfOZoo1ZQhopqr2hcA%2BiMKLvr01WrDWbBv9eOFKKjqNN6QMa%2FAsm9ejLZnjPT1lEh8W9C3dH%2B8AwupAEcd1Ly6lJYSTJ%2Frz49Aihj%2FQJ30KYpSGU1mc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81636ef9c802b4fa-OSL
alt-svc: h3=":443"; ma=86400

GET nsw2u.com/wp-content/plugins/ad-inserter/images/ads.png

188.114.97.1

200 OK

95 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/ad-inserter/images/ads.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Size
95 B (95 bytes)
Hash
71a50dbba44c78128b221b7df7bb51f1
0ec63b140374ba704a58fa0c743cb357683313dd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

HTTP Headers

GET /wp-content/plugins/ad-inserter/images/ads.png HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: image/png
content-length: 95
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Fri, 22 Sep 2023 09:31:12 GMT
cf-cache-status: HIT
age: 9614
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A%2FonDmEiN5S23%2F3ffaqk5fkAvTf6luqj2uGi8dxTzK3gYfwCdJcI85nVTdWa8qN8lx3iT34xICXyFRGOnF6kgLxejcIG73EPS5GRufG9QzNGO94RcJXvAA3Oi3I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81636efa0863b4fa-OSL
alt-svc: h3=":443"; ma=86400

GET i0.wp.com/images.vfl.ru/ii/1696250976/cac8d0a1/39022607.jpg?ssl=1

192.0.77.2

200 OK

44 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1696250976/cac8d0a1/39022607.jpg?ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 549x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
44 kB (44016 bytes)
Hash
75c6cf85f705a0e0864e59824ab2c735
cab75b114fd4bfefe79a88008824f651801bd557
8e2a80cbd5c939e48360b46716bf1cd7598ad513f525a34ae9b2a3f549c0d18e

HTTP Headers

GET /images.vfl.ru/ii/1696250976/cac8d0a1/39022607.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: image/webp
content-length: 44016
last-modified: Mon, 02 Oct 2023 12:52:59 GMT
expires: Thu, 02 Oct 2025 00:52:59 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1696250976/cac8d0a1/39022607.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "88dd70ee97fb240b"
vary: Accept
x-nc: HIT arn 2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

GET i0.wp.com/images.vfl.ru/ii/1696928090/cd438cd8/39032848.jpg?ssl=1

192.0.77.2

200 OK

42 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1696928090/cd438cd8/39032848.jpg?ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 549x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
42 kB (42380 bytes)
Hash
d4928f7b25fded3f8d8a950e9d163f32
d3c246313c0b85eb96b9bea998baeb1c8da5a7c5
6590cb89e20fcfe488bf87db73a0a86d040513f68b0711e6456c0a0da091bce4

HTTP Headers

GET /images.vfl.ru/ii/1696928090/cd438cd8/39032848.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: image/webp
content-length: 42380
last-modified: Tue, 10 Oct 2023 09:05:01 GMT
expires: Thu, 09 Oct 2025 21:05:01 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1696928090/cd438cd8/39032848.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "1f81867bb8a4a38b"
vary: Accept
x-nc: HIT arn 1
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

GET i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/nsw2u.png?w=216&ssl=1

192.0.77.2

200 OK

2.8 kB

URL GET HTTP/2
i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/nsw2u.png?w=216&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.8 kB (2836 bytes)
Hash
948c6dc3d3c1e2e9d315418f6eabe2bf
ed06ff1f0994f3be033f22d808241d3fcca9d1e8
3a2e29960ba6130c22ce96089a7592ae91b6a0d6a11595a10daaa9662522ad0b

HTTP Headers

GET /nsw2u.com/wp-content/uploads/2022/07/nsw2u.png?w=216&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: image/webp
content-length: 2836
last-modified: Sat, 24 Sep 2022 18:25:42 GMT
expires: Tue, 24 Sep 2024 06:25:42 GMT
cache-control: public, max-age=63115200
link: <https://nsw2u.com/wp-content/uploads/2022/07/nsw2u.png>; rel="canonical"
x-content-type-options: nosniff
etag: "0101732b85ce3bdc"
vary: Accept
x-nc: HIT arn 4
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.67

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c6586490ae5e9261b5c987e8e1dafb4d
6d58c98401fc33ed35507a807b424a38b66e3989
0955de17ff7d32a2ff91d0ebd1fceb8784f371ff5db206bc80b87ea50ffe3f21

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Oct 2023 22:59:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET i0.wp.com/images.vfl.ru/ii/1679750390/4e99e8e1/38826367.jpg?ssl=1

192.0.77.2

200 OK

32 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1679750390/4e99e8e1/38826367.jpg?ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 549x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
32 kB (31608 bytes)
Hash
3dde27351094fd110611b7099df7612d
1f8633afc647ab96114d9cd7b87b2e1bd9d73fae
f7118208621987432e4309b2429b3ca26191166ec2b5b4dfab15204958f9de33

HTTP Headers

GET /images.vfl.ru/ii/1679750390/4e99e8e1/38826367.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: image/webp
content-length: 31608
last-modified: Sat, 25 Mar 2023 13:28:37 GMT
expires: Tue, 25 Mar 2025 01:28:37 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1679750390/4e99e8e1/38826367.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "5948b74d64865dea"
vary: Accept
x-nc: HIT arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.67

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c6586490ae5e9261b5c987e8e1dafb4d
6d58c98401fc33ed35507a807b424a38b66e3989
0955de17ff7d32a2ff91d0ebd1fceb8784f371ff5db206bc80b87ea50ffe3f21

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Oct 2023 22:59:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET nsw2u.com/wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.31

188.114.97.1

200 OK

23 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.31
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with no line terminators
Size
23 B (23 bytes)
Hash
e509c98a0bcad0ce8e6248ac8eb31de1
ec5fe203df631088270b5f2b0b7a85498a2aeb8b
352ea4dd2d545563bef7eb0ba6d6ebfe4bc9d9e51ab00d9c925cb9e103edee63

HTTP Headers

GET /wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.31 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/javascript
content-length: 23
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=25
expires: max-age=A10368000, public
last-modified: Fri, 22 Sep 2023 09:31:13 GMT
cf-cache-status: HIT
age: 10108
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e%2FY%2Bq3QoZrBGjJWepjXyrvQCgIhxQcG3Obt7ba%2B%2Bi%2BUlk4NsZA%2B3pdXl2wNAWWeI8rq4djIm4uFVMYviBkxwsA%2FNse0%2FB6wWPiLfLadLUPFi%2Bv5qJXo5z%2BfAUHI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81636efcba6eb4fa-OSL
alt-svc: h3=":443"; ma=86400

GET fonts.googleapis.com/css?family=Open+Sans%3A100%2C300%2C400%2C700&ver=6.3.2

142.250.74.106

200 OK

739 B

URL GET HTTP/2
fonts.googleapis.com/css?family=Open+Sans%3A100%2C300%2C400%2C700&ver=6.3.2
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint73:C0:B4:AB:41:0A:6A:68:D4:AE:EE:E2:11:A4:38:23:EF:D2:86:B7
ValidityMon, 18 Sep 2023 08:25:07 GMT - Mon, 11 Dec 2023 08:25:06 GMT

File type
gzip compressed data, max compression\012- data
Size
739 B (739 bytes)
Hash
fac28ca87d50b82fb0b7412ecbea1441
b59325228602a61931ec41c6248b549dc1a14c12
29078b038ad8130d1b252761d2437b91e9a57a8f96dd1d79628ca1962dc185d9

HTTP Headers

GET /css?family=Open+Sans%3A100%2C300%2C400%2C700&ver=6.3.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 14 Oct 2023 22:59:34 GMT
date: Sat, 14 Oct 2023 22:59:34 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET nsw2u.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

188.114.97.1

200 OK

3.9 kB

URL GET HTTP/3
nsw2u.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
gzip compressed data, from Unix\012- data
Size
3.9 kB (3907 bytes)
Hash
b9dac5fe9b6bb7aa7bec0232e6d1f39f
2f42229e594dda8ef42fe66c23e39fd0678b3ec4
88e3466ecaf8eedffd0e3c77614856f3400af1a82615e02a7b862a1e67fe86e3

HTTP Headers

GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/javascript
last-modified: Mon, 09 Oct 2023 07:45:52 GMT
etag: W/"6523afb0-302c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ILRh9gT1WEEEVivsBpfpRvlL9BhH%2F9%2BDorWqfFlY03z1SRVMx212A%2FItqEejPZo7O%2BZDU0oQhT60xiNGmZ5plggRZnRfkQStwQ4xvASGfsjJ8vRTqVB6dxPk6OI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81636efa0864b4fa-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Mon, 16 Oct 2023 22:59:34 GMT
cache-control: max-age=172800, public
content-encoding: gzip

GET cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.3.2

104.17.24.14

200 OK

3.2 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.3.2
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (7862)
Size
3.2 kB (3150 bytes)
Hash
45bacd312d5098b4b59f563d8756c15d
fa55e2cff078381e5365d95782a95a787d0b7192
3d9120fa621da6d613c1698b7014ec6bdf4620366e8f2b7b547059f4b6f6272b

HTTP Headers

GET /ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.3.2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 3150
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64942b38-c4e"
last-modified: Thu, 22 Jun 2023 11:06:32 GMT
cf-cdnjs-via: cfworker/r2
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 3839604
expires: Thu, 03 Oct 2024 22:59:34 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FkpaAYHEekd4LhPNTNhEqiJHKfqEPEPBJcTQbFIdAqmwMJ0qHFqWHjP1qnLN%2FSO6AmrvTMs2aOAFEIB2B52XOQBvaBAp06FeqDesoplq3%2FBglUz6UEtkEBlEsH5jY3ldhNOYKqXn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 81636efd2f84b500-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET nsw2u.com/wp-content/cache/wpfc-minified/fhg2umku/5qz0r.css

188.114.97.1

200 OK

31 kB

URL GET HTTP/3
nsw2u.com/wp-content/cache/wpfc-minified/fhg2umku/5qz0r.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
Unicode text, UTF-8 text, with very long lines (34393)
Size
31 kB (30715 bytes)
Hash
d7b3559e5a5b93a95b6de98541911a3c
fc4bbbe7374a33a2af492895014b8a73db4c81f0
414c7164bb91e068a1b3dd4f7465890fbe58a85895654f7212386cf36f54056d

HTTP Headers

GET /wp-content/cache/wpfc-minified/fhg2umku/5qz0r.css HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: text/css
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Tue, 29 Aug 2023 11:06:03 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 9614
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a4MR4KhJWOD%2FWctZ%2FxC%2B8dNw7ffgcPeyqbzYUYFz5CVlJgkgCeTXM7YxxlIrZ4yqOAzPqTrKpAq2RgfvwyM4w0qqBFylLQBv4U%2BaID19mpwjpG6A64TzFViSg%2Fk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81636ef9afebb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.3.2

104.17.24.14

200 OK

677 B

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.3.2
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1845)
Size
677 B (677 bytes)
Hash
f6a3dd4ecbf227acbafcff33d68dc71d
7421115ddcd5d436b89a1fd27e0cdce5a01978e6
30b2271be76ee2dd43122d0611f8aa498b9781f4cd03904ca12e12d2e91e9421

HTTP Headers

GET /ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.3.2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 677
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "60641588-750"
last-modified: Wed, 31 Mar 2021 06:24:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 111307
expires: Thu, 03 Oct 2024 22:59:34 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E3%2Bf%2FrDKR8LkGz%2FZaB13XX%2B%2Fn8ZDtStDzk7mZ3Fpa2vSa9mQtUJNtNw07fprGRp6EMjm3kUN3HojzgTHtwAJd047X5mNPDKdfYF5DWhY0XRtn56G2ZU9AzKxEaIqSAAS9RS2eAd0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 81636efd4f92b500-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET nsw2u.com/wp-content/themes/posterpro/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0

188.114.97.1

200 OK

77 kB

URL GET HTTP/3
nsw2u.com/wp-content/themes/posterpro/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

HTTP Headers

GET /wp-content/themes/posterpro/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/wp-content/cache/wpfc-minified/fhg2umku/5qz0r.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/font-woff2
content-length: 77160
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
cf-cache-status: HIT
age: 9582
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1iZYKp%2BmD%2F5e2TOccybZM2Q3f0FN8Z6zGBbprB9IccIs%2BvT9Yo1wY%2BJp%2FyKdBqIOMGWZsAB6hrddOu80o%2BC3sSxAsLndELMPlU5tBN%2BkD%2Fzq69fcBJrSXM7Cs5U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81636efd9b1bb4fa-OSL
alt-svc: h3=":443"; ma=86400

GET c0.wp.com/c/6.3.2/wp-includes/js/jquery/jquery.min.js

192.0.77.37

200 OK

30 kB

URL GET HTTP/2
c0.wp.com/c/6.3.2/wp-includes/js/jquery/jquery.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65447)
Size
30 kB (30212 bytes)
Hash
ff04dd1ef5c67998d8652330c0441689
5e6ff5bd5240181a8bdea983837f39ac231dac4d
5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164

HTTP Headers

GET /c/6.3.2/wp-includes/js/jquery/jquery.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 26 May 2023 11:33:35 GMT
content-encoding: br
expires: Sun, 13 Oct 2024 22:59:34 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

GET c0.wp.com/c/6.3.2/wp-includes/js/jquery/jquery-migrate.min.js

192.0.77.37

200 OK

12 kB

URL GET HTTP/2
c0.wp.com/c/6.3.2/wp-includes/js/jquery/jquery-migrate.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (13479)
Size
12 kB (12391 bytes)
Hash
9ffeb32e2d9efbf8f70caabded242267
3ad0c10e501ac2a9bfa18f9cd7e700219b378738
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

HTTP Headers

GET /c/6.3.2/wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 09 Jun 2023 05:49:24 GMT
content-encoding: br
expires: Sun, 13 Oct 2024 22:59:34 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=UA-262573192-2

142.250.74.168

200 OK

68 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-262573192-2
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint54:FD:04:1B:2E:C7:46:95:DD:15:A3:A0:3F:CE:7F:03:02:53:36:8F
ValidityMon, 18 Sep 2023 08:19:25 GMT - Mon, 11 Dec 2023 08:19:24 GMT

File type
ASCII text, with very long lines (4179)
Size
68 kB (68140 bytes)
Hash
f857e50bb34a2a25112f214bd2a9cb60
8eab946abce84c1d5aebd62424c96b7b36e357f3
70d401f1b3ca53daffccd34ed252c71b2a6218ed1182fd09fc11381625a17c68

HTTP Headers

GET /gtag/js?id=UA-262573192-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 14 Oct 2023 22:59:34 GMT
expires: Sat, 14 Oct 2023 22:59:34 GMT
cache-control: private, max-age=900
last-modified: Sat, 14 Oct 2023 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 68140
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.67

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b383875d47cf3281cf9553fbc71410ac
6275628318e097e7cd3a45aefbf544e3a9bac6eb
b599aba77b5fbc4ad65fcce338306120730c4a4b5e6d358642f0045fc82a51f0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Oct 2023 22:59:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=192%2C192&ssl=1

192.0.77.2

200 OK

2.6 kB

URL GET HTTP/2
i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=192%2C192&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.6 kB (2568 bytes)
Hash
513677192f138c2aba3a3847c320f723
7ce5b67d80a2c2dedf8685b08547bcc8bf012f99
d60495bc835271423ec6445708aceb3a068ed6f2ebfd796a86c9f9e134ca1788

HTTP Headers

GET /nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=192%2C192&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: image/webp
content-length: 2568
last-modified: Sat, 24 Sep 2022 18:28:57 GMT
expires: Tue, 24 Sep 2024 06:28:57 GMT
cache-control: public, max-age=63115200
link: <https://nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png>; rel="canonical"
x-content-type-options: nosniff
etag: "deb437b05941c6de"
vary: Accept
x-nc: HIT arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

GET i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=32%2C32&ssl=1

192.0.77.2

200 OK

374 B

URL GET HTTP/2
i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=32%2C32&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
374 B (374 bytes)
Hash
43df8a9873aa31bb000672a677ac1640
4c1bcd8c3a797217d375df16b4bcab2d6a2763a3
d865b1c06cbff014e7c47cf5afb4332de4c95a537f86074e001b577c50aef07d

HTTP Headers

GET /nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=32%2C32&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: image/webp
content-length: 374
last-modified: Sat, 24 Sep 2022 18:25:44 GMT
expires: Tue, 24 Sep 2024 06:25:44 GMT
cache-control: public, max-age=63115200
link: <https://nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png>; rel="canonical"
x-content-type-options: nosniff
etag: "9a9a255d155ea6c0"
vary: Accept
x-nc: HIT arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

GET www.google-analytics.com/analytics.js

64.233.161.113

200 OK

21 kB

URL GET HTTP/2
www.google-analytics.com/analytics.js
IP
64.233.161.113:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint54:FD:04:1B:2E:C7:46:95:DD:15:A3:A0:3F:CE:7F:03:02:53:36:8F
ValidityMon, 18 Sep 2023 08:19:25 GMT - Mon, 11 Dec 2023 08:19:24 GMT

File type
ASCII text, with very long lines (2343)
Size
21 kB (20994 bytes)
Hash
575b5480531da4d14e7453e2016fe0bc
e5c5f3134fe29e60b591c87ea85951f0aea36ee1
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: object
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20994
date: Sat, 14 Oct 2023 21:08:04 GMT
expires: Sat, 14 Oct 2023 23:08:04 GMT
cache-control: public, max-age=7200
age: 6691
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=G-V5K7GYT3S4&l=dataLayer&cx=c

142.250.74.168

200 OK

80 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-V5K7GYT3S4&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint54:FD:04:1B:2E:C7:46:95:DD:15:A3:A0:3F:CE:7F:03:02:53:36:8F
ValidityMon, 18 Sep 2023 08:19:25 GMT - Mon, 11 Dec 2023 08:19:24 GMT

File type
ASCII text, with very long lines (5788)
Size
80 kB (80356 bytes)
Hash
7d0614863b8d50b7f86f3f6870159f2b
f133f9b814e40a2f4f3e93e8e51fb9457c191abc
4d15bd04f337f723d12a5000f3a3ccdad8d9986089c7a20eab6d32580d75efd9

HTTP Headers

GET /gtag/js?id=G-V5K7GYT3S4&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 14 Oct 2023 22:59:35 GMT
expires: Sat, 14 Oct 2023 22:59:35 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 80356
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET www.googletagmanager.com/gtag/js?id=G-HS5Y0K7QPG&l=dataLayer&cx=c

142.250.74.168

200 OK

76 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-HS5Y0K7QPG&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint54:FD:04:1B:2E:C7:46:95:DD:15:A3:A0:3F:CE:7F:03:02:53:36:8F
ValidityMon, 18 Sep 2023 08:19:25 GMT - Mon, 11 Dec 2023 08:19:24 GMT

File type
ASCII text, with very long lines (4179)
Size
76 kB (76495 bytes)
Hash
a4cc62d82c9898e21e51febbb64af4f1
a9174a05ab2a6e94e94ad62f2c7f9186d8656c1d
d8ad7aff271a2a8195032fe31289808c48b8b6af65830e6d934a0accb9d4fe93

HTTP Headers

GET /gtag/js?id=G-HS5Y0K7QPG&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 14 Oct 2023 22:59:35 GMT
expires: Sat, 14 Oct 2023 22:59:35 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76495
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.5.0

188.114.97.1

200 OK

1.5 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.5.0
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text
Size
1.5 kB (1543 bytes)
Hash
87015559c535c9314bb1a8d6ed05597e
b9e3b22a2bd7457d044551d5126a29bae25489a9
e5903bfc201247ffb215a9c8ca6b66cf2b77d63dc7c7953937619535dd394a7e

HTTP Headers

GET /wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.5.0 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Mon, 25 Sep 2023 10:34:20 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 10108
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iUH%2FY16tBHTx7NHohDe%2Bzmv2mNBgbVAc4JWNkWLoQl0JoLG90s1KZxBPTBCLefq5K85k8nHibBCHpykJTaRMFnvN6gO1KZTo5IF9XGzgXNCE8RyHC80eylWrV4Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81636efcca7ab4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET definedbootnervous.com/a45922fa4966955cecdffbdde5347ae5/invoke.js

192.243.61.227

200 OK

11 kB

URL GET HTTP/1.1
definedbootnervous.com/a45922fa4966955cecdffbdde5347ae5/invoke.js
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectdefinedbootnervous.com
FingerprintFE:CF:3A:96:3E:47:C4:AA:55:62:56:91:23:16:FC:0A:94:CC:D9:DC
ValidityTue, 19 Sep 2023 06:24:07 GMT - Mon, 18 Dec 2023 06:24:06 GMT

File type
exported SGML document, ASCII text, with very long lines (29697), with no line terminators
Size
11 kB (10972 bytes)
Hash
933e24644fe6d434048c2e4172d045b6
05a1e96a0caaeccbb888378ca989c3ba43fc319a
e20624a1a9ecd3eec6ae77fb643d30449721e290651f489deab30918947dab8d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /a45922fa4966955cecdffbdde5347ae5/invoke.js HTTP/1.1
Host: definedbootnervous.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 14 Oct 2023 22:59:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 082a7636634857ff466e90217611ced8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.r2m03.amazontrust.com/

108.157.228.227

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
108.157.228.227:0
ASN
#0

File type
data
Size
471 B (471 bytes)
Hash
02ca498b6476542955589c29c454c015
7985e28cc1f0596e950d94f57df660d1daee8769
97b3a1f34faf3f970492879972097fadead266c7abfae65b68b4e5ee6429876a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 14 Oct 2023 22:59:36 GMT
Last-Modified: Sat, 14 Oct 2023 21:41:13 GMT
Server: ECAcc (ska/F69C)
X-Cache: Miss from cloudfront
Via: 1.1 d913eed4ff9d3ba68bce11280aa7e1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P2
X-Amz-Cf-Id: wXWxbajXFlnlRPqw9ARuHNNgWpH7sXrcEaaaL6GHYjH-tKXCc-XQ3Q==
Age: 4704

GET nsw2u.com/wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115

188.114.97.1

200 OK

479 B

URL GET HTTP/3
nsw2u.com/wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text
Size
479 B (479 bytes)
Hash
88744222f59f4700c6bc9212e12a653c
df0bf43d60bed605eabbcb2776e0fbb46f1d1c05
4b179f8204186f3aa954f47cd81dbe86bf89c08edb8d5341b8e0697d99e35073

HTTP Headers

GET /wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 10108
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2PlntxrfA5XOC2%2F1HN2uJkHML01CYTs%2BlFJmuIPPx1e4Ei8Zc%2B6QGOt81XIy9ESCA0meepuPo1i%2F4UIuBDc1A4U%2B1WICydDQghrlziSvcefYyX9c9JpjrL3WXvQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81636efcea92b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET professionalswebcheck.com/stats

3.73.202.184

200 OK

40 B

URL GET HTTP/2
professionalswebcheck.com/stats
IP
3.73.202.184:443
ASN
#16509 AMAZON-02

Requested by
https://nsw2u.com/
Certificate
IssuerAmazon
Subjectprofessionalswebcheck.com
Fingerprint75:E9:08:FD:96:58:C7:98:43:E8:21:27:A8:E9:B9:A4:55:28:F2:0C
ValidityWed, 30 Aug 2023 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
2dd4dfa14d8dcf0d89c8615264c5a4ab
a9440e9da8361380d5452760d6c7117560c46bfd
65c42e3d139c510e889ca8565a01c94c07e5ee388ba4b4c127dd498e12d304cb

HTTP Headers

GET /stats HTTP/1.1
Host: professionalswebcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 14 Oct 2023 22:59:36 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://nsw2u.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=5595b258-07ec-439d-bbd1-7fea07f58238:3:1; expires=Tue, 11 Oct 2033 22:59:36 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

GET c0.wp.com/c/6.3.2/wp-includes/js/mediaelement/wp-mediaelement.min.css

192.0.77.37

200 OK

2.5 kB

URL GET HTTP/2
c0.wp.com/c/6.3.2/wp-includes/js/mediaelement/wp-mediaelement.min.css
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (4186), with no line terminators
Size
2.5 kB (2498 bytes)
Hash
ea958276b7de454bd3c2873f0dc47e5f
b143f6e8e8f79d8f104c26b0057ef5514d763219
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

HTTP Headers

GET /c/6.3.2/wp-includes/js/mediaelement/wp-mediaelement.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
content-encoding: br
expires: Sun, 13 Oct 2024 22:59:34 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.67

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
6d008a14974101e1d82c1911a1197973
3264efa3ffba2e687328b8e6f2940921c5fb5944
4445108bc2c18d5fb71890e419bc2d157b1f505e6bb9b29a608c028485aedbeb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Oct 2023 22:59:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

216.58.211.2

200 OK

51 kB

URL GET HTTP/2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP
216.58.211.2:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint70:7D:E3:74:3D:B2:68:A6:79:15:85:2C:E6:A4:E9:90:4F:74:46:F1
ValidityMon, 18 Sep 2023 08:19:20 GMT - Mon, 11 Dec 2023 08:19:19 GMT

File type
ASCII text, with very long lines (3968)
Size
51 kB (51178 bytes)
Hash
678e39a47f887be43bd87b8543ef5302
4aced5bce7fb5eafad77ffa76c20d8e74e5ace41
849837509debd71c4f5e88f5dfdf3b4a0c7ba237dfbf3d29292665c2f9a7d404

HTTP Headers

GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 14 Oct 2023 22:59:36 GMT
expires: Sat, 14 Oct 2023 22:59:36 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 6821326382936011859
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 51178
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET itespurrom.com/tag.min.js

139.45.197.243

200 OK

25 kB

URL GET HTTP/2
itespurrom.com/tag.min.js
IP
139.45.197.243:443
ASN
#9002 RETN Limited

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectitespurrom.com
Fingerprint5D:66:B9:C1:ED:43:A1:06:F2:CC:D6:05:58:38:E8:85:78:9F:83:BE
ValiditySat, 07 Oct 2023 07:19:17 GMT - Fri, 05 Jan 2024 07:19:16 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
25 kB (25432 bytes)
Hash
a95c344616a01fcb847758f5eab31207
274f322059eb248f3518f7c78b2fc69faae0551c
72e9c7cfe696a88de9acd9d80da1b2c4c3441c2ff2c0cf5c57a07aa153d91f13

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: itespurrom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 22:59:36 GMT
content-type: text/javascript; charset=utf-8
content-length: 25432
content-encoding: br
x-trace-id: 5d34ae9b3c16fd9a735b4a0bb598d985
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Fri, 13 Oct 2023 23:17:20 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.67

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
6d008a14974101e1d82c1911a1197973
3264efa3ffba2e687328b8e6f2940921c5fb5944
4445108bc2c18d5fb71890e419bc2d157b1f505e6bb9b29a608c028485aedbeb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Oct 2023 22:59:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=1280&resize=1280&ssl=1

192.0.77.2

200 OK

7.7 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=1280&resize=1280&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 405x155, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
7.7 kB (7712 bytes)
Hash
1f2664d6059193e6c1a59ee7ef14d1a0
46542860abd849426ea23d66c601ff0888d735db
f685610012cd711cdf0f3f186e878030c152058d3705dd751d6048d480bc2621

HTTP Headers

GET /images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=1280&resize=1280&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 22:59:36 GMT
content-type: image/webp
content-length: 7712
last-modified: Sun, 19 Feb 2023 09:06:57 GMT
expires: Tue, 18 Feb 2025 21:06:57 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "95d72d4081ab31e0"
vary: Accept
x-nc: HIT arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

GET nsw2u.com/wp-content/themes/posterpro/js/navigation.js?ver=20120206

188.114.97.1

200 OK

800 B

URL GET HTTP/3
nsw2u.com/wp-content/themes/posterpro/js/navigation.js?ver=20120206
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text
Size
800 B (800 bytes)
Hash
c3a5b08af3e63049707797efe65eab86
f66ed251ef8c24614ff24376d472f2f394f7b93f
d79752e33e156b5cb219ab45103fe0ed7d80f111533dd8eec42c57546b4da500

HTTP Headers

GET /wp-content/themes/posterpro/js/navigation.js?ver=20120206 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 10108
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FFN3WLnfcaYnG5JKhbeT5fPks%2Ft2azyioI9om592oFS5EDTr4X1QEEVNBxLMHneoeKilXmtLYlpNX2hdcoQpQwDHyPVOtXAba5UgzoTPM1CovtD8Xo6MH%2FZQBU0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81636efcea93b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET rabblespidersrenaissance.com/ed/6c/a5/ed6ca5eb8abc9a864ffa39115799b641.js

192.243.61.225

200 OK

18 kB

URL GET HTTP/1.1
rabblespidersrenaissance.com/ed/6c/a5/ed6ca5eb8abc9a864ffa39115799b641.js
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectrabblespidersrenaissance.com
Fingerprint73:4E:26:17:C1:CF:AC:01:11:05:12:E6:14:6C:C3:91:DE:DB:06:DE
ValidityWed, 27 Sep 2023 00:59:44 GMT - Tue, 26 Dec 2023 00:59:43 GMT

File type
ASCII text, with very long lines (43160), with no line terminators
Size
18 kB (17609 bytes)
Hash
a4ebc7499985f89f51514a7941d42755
426e11fb788360274437a6b38ddca17df4441172
846d2558831aeb877a06583d06f74a74f5366c810da2739e69ea92df020c0e43

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ed/6c/a5/ed6ca5eb8abc9a864ffa39115799b641.js HTTP/1.1
Host: rabblespidersrenaissance.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 14 Oct 2023 22:59:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8b4aa23aa3133a4c87563ba85fd70a00
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET images.vfl.ru/ii/1697025199/2d40d0fc/39033877.jpg

62.173.140.199

200 OK

71 kB

URL GET HTTP/1.1
images.vfl.ru/ii/1697025199/2d40d0fc/39033877.jpg
IP
62.173.140.199:443
ASN
#34300 Internet-Cosmos LLC

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.vfl.ru
FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04
ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.10], baseline, precision 8, 432x700, components 3\012- data
Size
71 kB (70673 bytes)
Hash
c9578ce1b30a7957a4f58916181545c1
5edd16bdbdd4c4caacd7ba9408b15b01bbb765fe
881c108606af7bdf549477962370e9b2e17f1473a875354f37a09c634e34d492

HTTP Headers

GET /ii/1697025199/2d40d0fc/39033877.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Oct 2023 22:59:36 GMT
Content-Type: image/jpeg
Content-Length: 70673
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Wed, 11 Oct 2023 11:53:19 GMT
ETag: "65268caf-11411"
Expires: Mon, 13 Nov 2023 22:59:36 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

173.233.137.36

307 Temporary Redirect

0 B

URL GET HTTP/1.1
rabblespidersrenaissance.com/watch.1155184760552.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22nsw2u%22%2C%22com%22%2C%22download%22%2C%22switch%22%2C%22roms%22%2C%22eshop%22%2C%22nsp%22%2C%22xci%22%2C%22nsz%22%5D&refer=https%3A%2F%2Fnsw2u.com%2F&tz=0&dev=e&res=14.2079&uuid=5595b258-07ec-439d-bbd1-7fea07f58238%3A3%3A1
IP
173.233.137.36:443
ASN
#7979 SERVERS-COM

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectrabblespidersrenaissance.com
Fingerprint73:4E:26:17:C1:CF:AC:01:11:05:12:E6:14:6C:C3:91:DE:DB:06:DE
ValidityWed, 27 Sep 2023 00:59:44 GMT - Tue, 26 Dec 2023 00:59:43 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1155184760552.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22nsw2u%22%2C%22com%22%2C%22download%22%2C%22switch%22%2C%22roms%22%2C%22eshop%22%2C%22nsp%22%2C%22xci%22%2C%22nsz%22%5D&refer=https%3A%2F%2Fnsw2u.com%2F&tz=0&dev=e&res=14.2079&uuid=5595b258-07ec-439d-bbd1-7fea07f58238%3A3%3A1 HTTP/1.1
Host: rabblespidersrenaissance.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sat, 14 Oct 2023 22:59:36 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent
Custom-Referer: https://nsw2u.com
Access-Control-Allow-Origin: https://nsw2u.com
Access-Control-Allow-Credentials: true
Location: https://rabblespidersrenaissance.com/watch.1155184760552.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22nsw2u%22%2C%22com%22%2C%22download%22%2C%22switch%22%2C%22roms%22%2C%22eshop%22%2C%22nsp%22%2C%22xci%22%2C%22nsz%22%5D&refer=https%3A%2F%2Fnsw2u.com%2F&tz=0&dev=e&res=14.2079&uuid=5595b258-07ec-439d-bbd1-7fea07f58238%3A3%3A1&shu=ac6ddf1f014350d045d96ab2ea05ae8a80831f8619fe0d74888fd84ca8d8167e9a966c3f00e3b21f516203d76a08e9611da09dc8852a15d172f82be64da4e64cb6b7641bf51e5385c736a6e21495375f7da945ddc08ebe9d7e73a7421086&pst=1697324436&rmtc=t
Set-Cookie: u_pl=19067264; expires=Sun, 15 Oct 2023 22:59:36 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTA2NzI2NCwiayI6ImE0NTkyMmZhNDk2Njk1NWNlY2RmZmJkZGU1MzQ3YWU1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNDQ5ODA3LCJwaWQiOjE2MjY3OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjozMiwicHQiOjQsInBrIjoibWh2ZzFhbXRhIiwiY3BrcyI6eyAiMjgiOiJlZDZjYTVlYjhhYmM5YTg2NGZmYTM5MTE1Nzk5YjY0MSIsIjI5IjoiM2EyMjZhNjY0MGE2NDQ2ZGJjN2NkYzk2ZWNjNmIzZTgifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjE3OTA4ODk0OCwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMjQzODYsImJuIjoiRmlyZWZveCIsImJ2IjoiMTExLjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9uc3cydS5jb20vIn19.whvp_sQpIdUSm4SK7_ZQxkz-uJBivC_dFSr-vXd5VZ4; expires=Sat, 14 Oct 2023 23:00:36 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 28354406c9d75af61d8bbad66bccabd6
Strict-Transport-Security: max-age=0; includeSubdomains

GET images.vfl.ru/ii/1696713535/648489ee/39029634.jpg

62.173.140.199

200 OK

31 kB

URL GET HTTP/1.1
images.vfl.ru/ii/1696713535/648489ee/39029634.jpg
IP
62.173.140.199:443
ASN
#34300 Internet-Cosmos LLC

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.vfl.ru
FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04
ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.10], baseline, precision 8, 412x667, components 3\012- data
Size
31 kB (31191 bytes)
Hash
a415bdab5e6150241178552746fe5d71
3cb9afec132f0cf1a88e83abc0b77614ee20f5b6
8155cd0c598eeeb3df53fc23087d819333a91d25521f7f8401241b279e13bf35

HTTP Headers

GET /ii/1696713535/648489ee/39029634.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Oct 2023 22:59:37 GMT
Content-Type: image/jpeg
Content-Length: 31191
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Sat, 07 Oct 2023 21:18:55 GMT
ETag: "6521cb3f-79d7"
Expires: Mon, 13 Nov 2023 22:59:37 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

GET my.rtmark.net/gid.js?userId=a53fc37264d74665b3856b33232234c6

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=a53fc37264d74665b3856b33232234c6
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintB4:02:64:AF:5C:AB:27:5B:1B:80:CF:C8:FF:EB:BF:43:29:C3:C5:C1
ValidityTue, 25 Jul 2023 06:29:27 GMT - Mon, 23 Oct 2023 06:29:26 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
4185597917c681706802b8a43b8ee2c6
c856d5a1dccc5d1b2d7268a73f61446486681820
6ff760df8872ce038a79b2dcea109abc0e77f696bad670a3aa03f61106d46d1d

HTTP Headers

GET /gid.js?userId=a53fc37264d74665b3856b33232234c6 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 22:59:37 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://nsw2u.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=a53fc37264d74665b3856b33232234c6; expires=Sun, 13 Oct 2024 22:59:37 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET images.vfl.ru/ii/1696499345/2d834ce4/39025715.jpg

62.173.140.199

200 OK

46 kB

URL GET HTTP/1.1
images.vfl.ru/ii/1696499345/2d834ce4/39025715.jpg
IP
62.173.140.199:443
ASN
#34300 Internet-Cosmos LLC

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.vfl.ru
FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04
ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.10], baseline, precision 8, 432x700, components 3\012- data
Size
46 kB (45689 bytes)
Hash
d54f3e961e843224381b52420787300b
b24ff4dd6ff0b3c210ac80ccec30d1612bfb2c70
230c8719f7ff0cd67d89b8c5052dcc864b6c7ebbb62bf2ec21228af727652049

HTTP Headers

GET /ii/1696499345/2d834ce4/39025715.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Oct 2023 22:59:36 GMT
Content-Type: image/jpeg
Content-Length: 45689
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Thu, 05 Oct 2023 09:49:05 GMT
ETag: "651e8691-b279"
Expires: Mon, 13 Nov 2023 22:59:36 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

GET images.vfl.ru/ii/1696606849/450212ed/39028293.jpg

62.173.140.199

200 OK

86 kB

URL GET HTTP/1.1
images.vfl.ru/ii/1696606849/450212ed/39028293.jpg
IP
62.173.140.199:443
ASN
#34300 Internet-Cosmos LLC

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.vfl.ru
FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04
ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.10], baseline, precision 8, 432x700, components 3\012- data
Size
86 kB (85525 bytes)
Hash
f31e59ed8b4014e8c240b752b138ca58
92fe10034473f9c1939631c2c50642bfa521bf0f
2e559285efef0bb13f7cb134710ea244f456a76074859562fff2cd86952aed87

HTTP Headers

GET /ii/1696606849/450212ed/39028293.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Oct 2023 22:59:37 GMT
Content-Type: image/jpeg
Content-Length: 85525
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Fri, 06 Oct 2023 15:40:49 GMT
ETag: "65202a81-14e15"
Expires: Mon, 13 Nov 2023 22:59:37 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

GET images.vfl.ru/ii/1692466089/24d36bc8/38995517.jpg

62.173.140.199

200 OK

67 kB

URL GET HTTP/1.1
images.vfl.ru/ii/1692466089/24d36bc8/38995517.jpg
IP
62.173.140.199:443
ASN
#34300 Internet-Cosmos LLC

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.vfl.ru
FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04
ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.9], baseline, precision 8, 432x700, components 3\012- data
Size
67 kB (66636 bytes)
Hash
81eb51e7c3a0df2a962b5b00d61669ff
42c531b818a0bc7e01c602c8668f21065d8cd67d
9ee994cfc66772056b1ae42f4012412d4a9f49fc8250c2c22153e54caed7b965

HTTP Headers

GET /ii/1692466089/24d36bc8/38995517.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Oct 2023 22:59:37 GMT
Content-Type: image/jpeg
Content-Length: 66636
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Sat, 19 Aug 2023 17:28:09 GMT
ETag: "64e0fba9-1044c"
Expires: Mon, 13 Nov 2023 22:59:37 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

GET images.vfl.ru/ii/1696380530/d1e56cf6/39023796.jpg

62.173.140.199

200 OK

54 kB

URL GET HTTP/1.1
images.vfl.ru/ii/1696380530/d1e56cf6/39023796.jpg
IP
62.173.140.199:443
ASN
#34300 Internet-Cosmos LLC

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.vfl.ru
FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04
ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.9], baseline, precision 8, 432x700, components 3\012- data
Size
54 kB (54351 bytes)
Hash
8fb21aff3c5603164134463b537c2f06
db677f758830d5083c36c8cb55bada22376c5b03
6cd036c8cc0d0b0bc4c32b26f0e630234780d45f573d465103ca04f6c25a93e8

HTTP Headers

GET /ii/1696380530/d1e56cf6/39023796.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Oct 2023 22:59:37 GMT
Content-Type: image/jpeg
Content-Length: 54351
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Wed, 04 Oct 2023 00:48:50 GMT
ETag: "651cb672-d44f"
Expires: Mon, 13 Nov 2023 22:59:37 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

GET images.vfl.ru/ii/1692466506/8e093ade/38995519.jpg

62.173.140.199

200 OK

62 kB

URL GET HTTP/1.1
images.vfl.ru/ii/1692466506/8e093ade/38995519.jpg
IP
62.173.140.199:443
ASN
#34300 Internet-Cosmos LLC

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.vfl.ru
FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04
ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.9], baseline, precision 8, 432x700, components 3\012- data
Size
62 kB (61571 bytes)
Hash
f5ca0775d6b4c6d61ccb84d080eab5b3
71044f9bb69af45e4f171cf7e7c0ff3c9bcdfb1f
a968f61a9dcb9774217eee6c6298381b912ef95f00d273c551485c5d73930696

HTTP Headers

GET /ii/1692466506/8e093ade/38995519.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Oct 2023 22:59:37 GMT
Content-Type: image/jpeg
Content-Length: 61571
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Sat, 19 Aug 2023 17:35:06 GMT
ETag: "64e0fd4a-f083"
Expires: Mon, 13 Nov 2023 22:59:37 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

GET i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=500&resize=500&ssl=1

192.0.77.2

200 OK

7.7 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=500&resize=500&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 405x155, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
7.7 kB (7712 bytes)
Hash
1f2664d6059193e6c1a59ee7ef14d1a0
46542860abd849426ea23d66c601ff0888d735db
f685610012cd711cdf0f3f186e878030c152058d3705dd751d6048d480bc2621

HTTP Headers

GET /images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=500&resize=500&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 22:59:37 GMT
content-type: image/webp
content-length: 7712
last-modified: Sun, 19 Feb 2023 09:06:19 GMT
expires: Tue, 18 Feb 2025 21:06:19 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "6b02d3dbdaa697a7"
vary: Accept
x-nc: HIT arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

GET images.vfl.ru/ii/1696413057/d6012654/39024631.jpg

62.173.140.199

200 OK

71 kB

URL GET HTTP/1.1
images.vfl.ru/ii/1696413057/d6012654/39024631.jpg
IP
62.173.140.199:443
ASN
#34300 Internet-Cosmos LLC

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.vfl.ru
FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04
ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.9], baseline, precision 8, 432x700, components 3\012- data
Size
71 kB (71099 bytes)
Hash
33f03174acbe027a947bea29f4bd9a9c
d9ac82e4b1aa6e9d23ab6cf376cdb2e77ea8bbe9
7c83cabdcce42904e30b4444eb9995271eebdaab4399caf7d81d14b6d434b88e

HTTP Headers

GET /ii/1696413057/d6012654/39024631.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Oct 2023 22:59:37 GMT
Content-Type: image/jpeg
Content-Length: 71099
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Wed, 04 Oct 2023 09:50:57 GMT
ETag: "651d3581-115bb"
Expires: Mon, 13 Nov 2023 22:59:37 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

GET images.vfl.ru/ii/1696002141/146fe0ac/39018698.jpg

62.173.140.199

200 OK

72 kB

URL GET HTTP/1.1
images.vfl.ru/ii/1696002141/146fe0ac/39018698.jpg
IP
62.173.140.199:443
ASN
#34300 Internet-Cosmos LLC

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.vfl.ru
FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04
ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.9], baseline, precision 8, 432x700, components 3\012- data
Size
72 kB (72238 bytes)
Hash
c460612c4d4cb7eb70853eebce076baf
3d6be3f9f61590ecaac2ab42fb08786fc0888d39
2448139dc41930859e47eac8e14abb85784ec5577b7ace629055103102371af3

HTTP Headers

GET /ii/1696002141/146fe0ac/39018698.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Oct 2023 22:59:37 GMT
Content-Type: image/jpeg
Content-Length: 72238
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Fri, 29 Sep 2023 15:42:21 GMT
ETag: "6516f05d-11a2e"
Expires: Mon, 13 Nov 2023 22:59:37 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

GET rabblespidersrenaissance.com/watch.1155184760552.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22nsw2u%22%2C%22com%22%2C%22download%22%2C%22switch%22%2C%22roms%22%2C%22eshop%22%2C%22nsp%22%2C%22xci%22%2C%22nsz%22%5D&refer=https%3A%2F%2Fnsw2u.com%2F&tz=0&dev=e&res=14.2079&uuid=5595b258-07ec-439d-bbd1-7fea07f58238%3A3%3A1&shu=ac6ddf1f014350d045d96ab2ea05ae8a80831f8619fe0d74888fd84ca8d8167e9a966c3f00e3b21f516203d76a08e9611da09dc8852a15d172f82be64da4e64cb6b7641bf51e5385c736a6e21495375f7da945ddc08ebe9d7e73a7421086&pst=1697324436&rmtc=t

192.243.61.225

200 OK

2.1 kB

URL GET HTTP/1.1
rabblespidersrenaissance.com/watch.1155184760552.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22nsw2u%22%2C%22com%22%2C%22download%22%2C%22switch%22%2C%22roms%22%2C%22eshop%22%2C%22nsp%22%2C%22xci%22%2C%22nsz%22%5D&refer=https%3A%2F%2Fnsw2u.com%2F&tz=0&dev=e&res=14.2079&uuid=5595b258-07ec-439d-bbd1-7fea07f58238%3A3%3A1&shu=ac6ddf1f014350d045d96ab2ea05ae8a80831f8619fe0d74888fd84ca8d8167e9a966c3f00e3b21f516203d76a08e9611da09dc8852a15d172f82be64da4e64cb6b7641bf51e5385c736a6e21495375f7da945ddc08ebe9d7e73a7421086&pst=1697324436&rmtc=t
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectrabblespidersrenaissance.com
Fingerprint73:4E:26:17:C1:CF:AC:01:11:05:12:E6:14:6C:C3:91:DE:DB:06:DE
ValidityWed, 27 Sep 2023 00:59:44 GMT - Tue, 26 Dec 2023 00:59:43 GMT

File type
HTML document text\012- HTML document, ASCII text, with very long lines (2648)
Size
2.1 kB (2101 bytes)
Hash
fafdbcab2e841e3d69d7e9c3c405e448
07d1afb007a773dce187343699668377330cd1b1
d0eda76105203b6d866ad156af1d12a6c00b892d065408669cdda0e1b6bb775a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1155184760552.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22nsw2u%22%2C%22com%22%2C%22download%22%2C%22switch%22%2C%22roms%22%2C%22eshop%22%2C%22nsp%22%2C%22xci%22%2C%22nsz%22%5D&refer=https%3A%2F%2Fnsw2u.com%2F&tz=0&dev=e&res=14.2079&uuid=5595b258-07ec-439d-bbd1-7fea07f58238%3A3%3A1&shu=ac6ddf1f014350d045d96ab2ea05ae8a80831f8619fe0d74888fd84ca8d8167e9a966c3f00e3b21f516203d76a08e9611da09dc8852a15d172f82be64da4e64cb6b7641bf51e5385c736a6e21495375f7da945ddc08ebe9d7e73a7421086&pst=1697324436&rmtc=t HTTP/1.1
Host: rabblespidersrenaissance.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
Referer: https://nsw2u.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=19067264; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTA2NzI2NCwiayI6ImE0NTkyMmZhNDk2Njk1NWNlY2RmZmJkZGU1MzQ3YWU1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNDQ5ODA3LCJwaWQiOjE2MjY3OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjozMiwicHQiOjQsInBrIjoibWh2ZzFhbXRhIiwiY3BrcyI6eyAiMjgiOiJlZDZjYTVlYjhhYmM5YTg2NGZmYTM5MTE1Nzk5YjY0MSIsIjI5IjoiM2EyMjZhNjY0MGE2NDQ2ZGJjN2NkYzk2ZWNjNmIzZTgifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjE3OTA4ODk0OCwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMjQzODYsImJuIjoiRmlyZWZveCIsImJ2IjoiMTExLjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9uc3cydS5jb20vIn19.whvp_sQpIdUSm4SK7_ZQxkz-uJBivC_dFSr-vXd5VZ4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 14 Oct 2023 22:59:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent
Custom-Referer: https://nsw2u.com
Access-Control-Allow-Origin: https://nsw2u.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=5595b258-07ec-439d-bbd1-7fea07f58238:3:1; expires=Sat, 21 Oct 2023 22:59:37 GMT; secure; SameSite=None
iprc43849944d24ebb057e4e7a7d8065a15f=3570421; expires=Sun, 15 Oct 2023 02:59:37 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 15 Oct 2023 22:59:37 GMT; secure; SameSite=None
uncs=1; expires=Sun, 15 Oct 2023 22:59:37 GMT; secure; SameSite=None
pdhtkv32=true; expires=Sun, 15 Oct 2023 22:59:37 GMT; secure; SameSite=None
uncs32=1; expires=Sun, 15 Oct 2023 22:59:37 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3c2a155692f438a19eec62a5f7a09fb1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET banquetunarmedgrater.com/advertisers.js

172.67.196.166

200 OK

0 B

URL GET HTTP/2
banquetunarmedgrater.com/advertisers.js
IP
172.67.196.166:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectbanquetunarmedgrater.com
Fingerprint77:2B:76:51:D0:51:70:02:2E:BF:B7:9B:02:8B:5A:A4:91:FA:0B:9E
ValidityMon, 11 Sep 2023 08:34:11 GMT - Sun, 10 Dec 2023 08:34:10 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 14 Oct 2023 22:59:37 GMT
content-type: application/javascript
content-length: 0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=172800
x-request-id: 376238843fcbe525af67dc483cfc4476
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 14 Oct 2023 22:59:36 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oPsPucHfMjQaGz%2BfSKf2zWkSjQGctqJTI1HquOYIgKerAcRwYcZkTvJ6pcgmMTZZURrj16QBZylZ18vF77CtC3CpIOKDtPvpQmarUA7gctg7KyAwTQsIVIcHeaTZAIlywh0s7SKG%2BagMGo4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81636f0d2fcd56b1-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.core.js

188.114.97.1

200 OK

4.5 kB

URL GET HTTP/3
nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.core.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text
Size
4.5 kB (4487 bytes)
Hash
0e78b1db7d662e95ae8c3506146b080a
9f1675c87a306e4dd45f84d0b7ac484ae506245e
6e79424f448b401656e2384514c9332a4baa6ab4d458ba048655e01f4b1c60f2

HTTP Headers

GET /wp-content/themes/posterpro/foundation/js/foundation.core.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 10108
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MRUcZN%2BuWy4EG4vVLwUEUpSgv0VQ55LYMqAXwnAsDUWdKW5J90zcwrowtgQZwoOIgE7ynQGWpKiFteGdUcvV550DTTIkuBD6E3zLH57iiC2xqySWMBwDsJDQ9%2BI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81636efcea8db4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg

45.133.44.10

200 OK

25 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint62:DE:BA:BA:30:E9:EE:15:E9:24:B9:C5:BF:E1:7E:39:8B:20:E5:42
ValiditySun, 24 Sep 2023 23:04:02 GMT - Sat, 23 Dec 2023 23:04:01 GMT

File type
JPEG image data, baseline, precision 8, 320x50, components 3\012- data
Size
25 kB (24714 bytes)
Hash
d465d02b90e928dfd9d9846e102a9dac
22f7333777bec813bd9a7b870913a2b79b6d2fe4
e393d4f1c6b5d4973e157f0f10764b92037dc18239500f42b72bed8ecef462fd

HTTP Headers

GET /cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 14 Oct 2023 22:59:37 GMT
content-type: image/jpeg
content-length: 24714
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 14:06:18 GMT
etag: "62e1465a-608a"
expires: Mon, 16 Oct 2023 22:59:37 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET friendshipmale.com/sfp.js

104.21.234.33

200 OK

86 kB

URL GET HTTP/2
friendshipmale.com/sfp.js
IP
104.21.234.33:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT

File type

Size
86 kB (85471 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 14 Oct 2023 22:59:37 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 5633dd0ac2d2e8cf0e5c0e0d5df76d7f
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 14 Oct 2023 22:59:36 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U8jF%2FLjwIOFvvp4nNdh0LOXVqksU7mU83JpwcKTQw6F2g7gl1ocFCO6Ur5C81swNalUlkgLxjf4lWI2m7j5eRSUBMf20xjZneR66asx7zBKhaYySjjHqCn3%2B6J7QQE%2FRWe28vNc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81636f0c6ac16359-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET c0.wp.com/p/jetpack/12.7/css/jetpack.css

192.0.77.37

200 OK

101 kB

URL GET HTTP/2
c0.wp.com/p/jetpack/12.7/css/jetpack.css
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type

Size
101 kB (100602 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /p/jetpack/12.7/css/jetpack.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 10 Oct 2023 19:16:20 GMT
content-encoding: br
expires: Sun, 13 Oct 2024 22:59:34 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

GET stats.wp.com/w.js?ver=202341

192.0.76.3

200 OK

11 kB

URL GET HTTP/2
stats.wp.com/w.js?ver=202341
IP
192.0.76.3:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (10778), with no line terminators
Size
11 kB (10778 bytes)
Hash
f6c87bc49e7646c7ccda489b9defc829
9003fc52b4c4014b4bd9fe2f4506440b299478b2
e97d12898ebf1039197a2a1c2f87bfe3b56f93eca2bfe60a46a1053fab7ad860

HTTP Headers

GET /w.js?ver=202341 HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/javascript
vary: Accept-Encoding
x-minify: t
x-minify-cache: hit
etag: W/10813-1684461103132.7104
content-encoding: br
expires: Mon, 07 Oct 2024 13:30:34 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2

GET i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?resize=405%2C155&ssl=1

192.0.77.2

200 OK

7.7 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?resize=405%2C155&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 405x155, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
7.7 kB (7712 bytes)
Hash
1f2664d6059193e6c1a59ee7ef14d1a0
46542860abd849426ea23d66c601ff0888d735db
f685610012cd711cdf0f3f186e878030c152058d3705dd751d6048d480bc2621

HTTP Headers

GET /images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?resize=405%2C155&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: image/webp
content-length: 7712
last-modified: Sat, 11 Jun 2022 22:08:00 GMT
expires: Tue, 11 Jun 2024 10:08:00 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "416c01d7e07bbbbf"
vary: Accept
x-nc: HIT arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

GET nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.min.js

188.114.97.1

200 OK

124 kB

URL GET HTTP/3
nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.min.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (32024)
Size
124 kB (123510 bytes)
Hash
7ed39eb42c8c450b59a24bab9cfa7fae
7fdd3fee90709f703fac533b6061864fcd7ec206
35ddb1ce73a4ac4f4792b00c8b8c56cbf857910ada5e2a0183d898b01adc16bb

HTTP Headers

GET /wp-content/themes/posterpro/foundation/js/foundation.min.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 10108
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tBDSUsURiwACu4F%2FeeII5tnfrddiSsupiQukl3ybJiGJWOWNW4RDjQ5EKm3L2uuyxuarfbSkpebIiiIVM5XwSmIFiKPIfAQaewXsOe31TIkVwOyvd8djyGc0RGY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81636efcda86b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET c0.wp.com/c/6.3.2/wp-includes/js/dist/url.min.js

192.0.77.37

200 OK

9.1 kB

URL GET HTTP/2
c0.wp.com/c/6.3.2/wp-includes/js/dist/url.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (10357), with no line terminators
Size
9.1 kB (9079 bytes)
Hash
93d89333b0ea716b0dded414b6fd690e
bea26f3b7bf556a03bf81259459154e5728de2cb
acab68f8aa0636ce9058f6bf3d72d59dede88fb7111dd75532dcbd572ecb8722

HTTP Headers

GET /c/6.3.2/wp-includes/js/dist/url.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 27 Jun 2023 14:24:19 GMT
content-encoding: br
expires: Sun, 13 Oct 2024 22:59:34 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

GET c0.wp.com/c/6.3.2/wp-includes/css/dist/block-library/style.min.css

192.0.77.37

200 OK

104 kB

URL GET HTTP/2
c0.wp.com/c/6.3.2/wp-includes/css/dist/block-library/style.min.css
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type

Size
104 kB (104484 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c/6.3.2/wp-includes/css/dist/block-library/style.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Wed, 19 Jul 2023 11:13:55 GMT
content-encoding: br
expires: Sun, 13 Oct 2024 22:59:34 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

GET nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.5.0

188.114.97.1

200 OK

8.0 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.5.0
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (8246), with no line terminators
Size
8.0 kB (8005 bytes)
Hash
95e8541b1c7d8d1c6d971b8a1254f05e
a0a315f535cefee969c8f938ae9133beb051b51d
94d90d0cae68aae94246413284189ad0fd41bca226dcfc1d3394f25087df2ede

HTTP Headers

GET /wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.5.0 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Mon, 25 Sep 2023 10:34:20 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 10108
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EcthfPfLMu1mWxBnNUX2uzYgSMw8VC3%2FmvUxugF2s5b6MDI4FDZvFmsrEeKpTUvsg3E0Tj%2FY0uhS9pD5edj1hgDpU%2F8BCscm2TlkcYC0NxCRe5WaXVkbhkSYy4Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81636efcea97b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-ajax-search.min.js?ver=5.5.2

188.114.97.1

200 OK

68 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-ajax-search.min.js?ver=5.5.2
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type

Size
68 kB (67604 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/plugins/add-search-to-menu/public/js/ivory-ajax-search.min.js?ver=5.5.2 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:31:33 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 10108
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bi%2Bz6Y%2Be3Vicg%2Foc5QOytyauFji%2BUvV9tcRbbjAtHzN9JGA6M0Yv%2FqYBHFuh%2FF%2BHBQUPpuVqZZdeHTfBUD%2BrN3ZxXEIM%2FM6nDq4c3DzAFtinabRfiNQS2KbQfyw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81636efcea96b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET c0.wp.com/c/6.3.2/wp-includes/js/dist/i18n.min.js

192.0.77.37

200 OK

9.4 kB

URL GET HTTP/2
c0.wp.com/c/6.3.2/wp-includes/js/dist/i18n.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (9729), with no line terminators
Size
9.4 kB (9445 bytes)
Hash
3597d2da73a2e3de74981fcc5ecbfce4
94f7e899ca4635c129e8285579b3f0e38cf19730
080a50955b97dc50d39c296cc22e8d02f07a3cfcc58d3127d93466e281514637

HTTP Headers

GET /c/6.3.2/wp-includes/js/dist/i18n.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 28 Jun 2023 20:08:46 GMT
content-encoding: br
expires: Sun, 13 Oct 2024 22:59:34 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

GET nsw2u.com/

188.114.97.1

200 OK

333 kB

URL User Request GET HTTP/2
nsw2u.com/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type

Size
333 kB (333368 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 14 Oct 2023 22:59:33 GMT
content-type: text/html
last-modified: Sat, 14 Oct 2023 20:07:00 GMT
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store, must-revalidate
pragma: no-cache
expires: Mon, 29 Oct 1923 20:30:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ghg6%2BYvEydpTCpA9U0xJE5OSad37bh2u7dUyiYXWIkMCTBC0rIW9piVFiEypOqQjq8KQbkMgqm3D%2F5AbxCn3uxnyNgWNFqdWFSZppJyXJkyO9sZcxsNcuni3oEI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81636ef57a9db509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET nsw2u.com/wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.31

188.114.97.1

200 OK

22 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.31
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with no line terminators
Size
22 B (22 bytes)
Hash
41bd53fe0ee631d5cfd895e18a53291d
9d9d3c42c53ad7f906cb083a0d2d37afb4537764
dfb2e16986e257b608b45d14396378a8f2ac6a7321c0dc2f13c66a33ec8e4a40

HTTP Headers

GET /wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.31 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/javascript
content-length: 22
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=24
expires: max-age=A10368000, public
last-modified: Fri, 22 Sep 2023 09:31:13 GMT
cf-cache-status: HIT
age: 10108
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vd1xe%2FDnNBKhKmPs99RPwhvl2Hb9X6EUocG%2BK7SgkvEUNsKDjEYwMxiNoyRnUIZHMEds%2B5W1jMmw1m%2FFW1ZPBoJiBPU8%2FOT0Pw%2F1y5c1Ky7vmAeamamZdliniOw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81636efcba74b4fa-OSL
alt-svc: h3=":443"; ma=86400

GET nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.2

188.114.97.1

200 OK

4.6 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.2
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (4857), with no line terminators
Size
4.6 kB (4591 bytes)
Hash
3c05b4818fda400788cc5c2f60d87ea4
01e544e8461be8bb14a13fb8be13cc1e8259858e
db8170cdde3c954a075a4c1cfe836be73fc450ee8a298978470ca6a110284a08

HTTP Headers

GET /wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.2 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:31:33 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 10108
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7ZpXwgT0nuGah0hbQ5PljCTxyzFdhL9F1ofY7NeJXJzt34DlXM52guJZLQz%2F9PqiK69%2BfO8jF7t82UFIQOdOBR8x9sc868STeFwPxaKhq93zRyZjNi0bl5WFxoM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81636efcea9ab4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/wp-polyfill.min.js

192.0.77.37

200 OK

16 kB

URL GET HTTP/2
c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/wp-polyfill.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type

Size
16 kB (16146 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c/6.3.2/wp-includes/js/dist/vendor/wp-polyfill.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 27 Jun 2023 14:24:19 GMT
content-encoding: br
expires: Sun, 13 Oct 2024 22:59:34 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

GET nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=a812fafe63c2ca6c059f

188.114.97.1

200 OK

77 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=a812fafe63c2ca6c059f
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type

Size
77 kB (77230 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=a812fafe63c2ca6c059f HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Cookie: _ga_V5K7GYT3S4=GS1.1.1697324376.1.0.1697324376.0.0.0; _ga=GA1.1.1560127986.1697324376; _ga_HS5Y0K7QPG=GS1.1.1697324376.1.0.1697324376.0.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 14 Oct 2023 22:59:36 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 12 Oct 2023 20:06:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 9614
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HxOGwPdqZ10McdaiBcnbNPGwtjYR5nHcGGd%2BNI2551yfzbKYABFpIh5VCZDrcc9rJo%2FJ%2FmvHeeF4o%2FKgBNXsKd%2FFfAZtt1LqVlQ%2BFWglNSyEwdSz6ccl9FM7ouA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81636f099b1ab4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET c0.wp.com/c/6.3.2/wp-includes/js/dist/hooks.min.js

192.0.77.37

200 OK

4.6 kB

URL GET HTTP/2
c0.wp.com/c/6.3.2/wp-includes/js/dist/hooks.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (4704), with no line terminators
Size
4.6 kB (4627 bytes)
Hash
414c8462f6209b4905f767c8ba5c787d
a80b8b79908e6cdf11648f810e707a75c859cda3
007c3734a3f7737d74061ab5b96905dcb14ba1f88e7a6df55364b9d9573e3ce1

HTTP Headers

GET /c/6.3.2/wp-includes/js/dist/hooks.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 27 Jun 2023 14:24:19 GMT
content-encoding: br
expires: Sun, 13 Oct 2024 22:59:34 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

GET c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/regenerator-runtime.min.js

192.0.77.37

200 OK

6.6 kB

URL GET HTTP/2
c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/regenerator-runtime.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (6777), with no line terminators
Size
6.6 kB (6607 bytes)
Hash
4b5583c1e3d9c4f85089eebae5b0ea63
8f1a4ba1dabf9fb35cfc2a2ebd08b93a91c0923b
4c4ee791f1baebfe9e127c3341a2eda8e6e8a5debf27d91fae8c04cd2adb1527

HTTP Headers

GET /c/6.3.2/wp-includes/js/dist/vendor/regenerator-runtime.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 07 Feb 2023 15:56:37 GMT
content-encoding: br
expires: Sun, 13 Oct 2024 22:59:34 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

HEAD nsw2u.com/

188.114.97.1

200 OK

0 B

URL HEAD HTTP/3
nsw2u.com/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD / HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Cookie: _ga_V5K7GYT3S4=GS1.1.1697324376.1.0.1697324376.0.0.0; _ga=GA1.1.1560127986.1697324376; _ga_HS5Y0K7QPG=GS1.1.1697324376.1.0.1697324376.0.0.0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 14 Oct 2023 22:59:36 GMT
content-type: text/html
last-modified: Sat, 14 Oct 2023 20:07:00 GMT
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store, must-revalidate
pragma: no-cache
expires: Mon, 29 Oct 1923 20:30:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FwmIowBUB%2FVc%2B6NAoP2y95suS4Lno42DxldLKExQW58WsruEbKVfBtXXpnwZGcgiBcmmbFrmRHbMlKHl58eUH0G3WtT8F5%2BBkMUNIRoLhZuHRi7K9VNuCipvq7A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81636f09cb4db4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET nsw2u.com/wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.31

188.114.97.1

200 OK

21 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.31
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with no line terminators
Size
21 B (21 bytes)
Hash
169a5dd1261e0d434162d1af68acbbcd
c18d59ed069049b012a61a8e6b958bfb25bc1b71
82b3dabc6615507ef352f36aa08a805d409e883f8024fd01fda43175b6b67b38

HTTP Headers

GET /wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.31 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/javascript
content-length: 21
cache-control: public, max-age=16070400
cf-bgj: minify
expires: max-age=A10368000, public
last-modified: Fri, 22 Sep 2023 09:31:14 GMT
cf-cache-status: HIT
age: 10108
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0h%2B9ynDMEP7%2FqYehE%2Bs%2B4gTC6StTMRkB%2FzntMulNXhOk2SEZMOXUjc8PvQgcAju9UWHiRe5NoUICRNrd5DU7rLSF%2FHekq9vi0A8HIh5Zj4bDA59vX6cOCSLc9z4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81636efcea95b4fa-OSL
alt-svc: h3=":443"; ma=86400

GET nsw2u.com/wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.31

188.114.97.1

200 OK

110 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.31
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with no line terminators
Size
110 B (110 bytes)
Hash
70cd599fb1a952f67216cc82829f9ada
74cfae7f053f69abf2dce9cb74c962a83b8ba8bf
1fa8347df53b4287898f910b10e189b287e5610aa9d6cd322fb53d487b37a56d

HTTP Headers

GET /wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.31 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=112
expires: max-age=A10368000, public
last-modified: Fri, 22 Sep 2023 09:31:13 GMT
cf-cache-status: HIT
age: 10108
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M0l454Br4nTyLOJcR2ZxKERRaucauHiFQ951QQaHUP0X0D4hfsgcoblDx2rhn5C8NjCRW%2B%2B6Cl1w1gDHotuM4OqwuGbdvH6apebNl1ZcWXZSyTXt2aFI3GE19Bg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81636efcca76b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET nsw2u.com/wp-content/cache/wpfc-minified/7kcuf8x0/5qz0r.js

188.114.97.1

200 OK

6.2 kB

URL GET HTTP/3
nsw2u.com/wp-content/cache/wpfc-minified/7kcuf8x0/5qz0r.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (6303), with no line terminators
Size
6.2 kB (6206 bytes)
Hash
f9853427f0beb8a283ac3cdabe910ad6
8fcd5776a89dbe61bde8c23df7abd40148d0a336
1d280a7d6bcd1ea74968f32131f53c6a7b39468f6d7f9a21543fef8525b405ca

HTTP Headers

GET /wp-content/cache/wpfc-minified/7kcuf8x0/5qz0r.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Tue, 29 Aug 2023 11:06:03 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 10108
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CI9mOQ2w4sHxN6R1yQTIH0nkC9cknEVbeS6JC1%2FLxWOaKHtnPKeLDD3oLl%2FtaNxmQSvXRcjl4QTasnk5EGyDNC13GBl9yZSdjgUXX999b%2Bm3R320iPkr2o4ND38%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81636efd2abeb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js

192.0.77.37

200 OK

8.2 kB

URL GET HTTP/2
c0.wp.com/c/6.3.2/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (8365), with no line terminators
Size
8.2 kB (8171 bytes)
Hash
08e6714eaf3cfe8f3c7839f22d90ba4e
94fdad68854d0d3482b877aef7ba7c2eb265c621
e424039d5a737a1bda8a5ded60919e5067085729310762eebb09c20e07d249c8

HTTP Headers

GET /c/6.3.2/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 18 Jan 2023 11:16:33 GMT
content-encoding: br
expires: Sun, 13 Oct 2024 22:59:34 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

GET nsw2u.com/wp-content/cache/wpfc-minified/q8eepl4d/dmlqt.css

188.114.97.1

200 OK

8.1 kB

URL GET HTTP/3
nsw2u.com/wp-content/cache/wpfc-minified/q8eepl4d/dmlqt.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (8145), with no line terminators
Size
8.1 kB (8143 bytes)
Hash
734068ce5268bc23a7506f3e9e9f5d41
acf53910826dc6702a5fb8f2bf6aab44b17f4886
2dd5b45b7df3d954548b70324f5730bf593bcdab6dac3632cc19ac119e8912a8

HTTP Headers

GET /wp-content/cache/wpfc-minified/q8eepl4d/dmlqt.css HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: text/css
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sun, 03 Sep 2023 08:56:51 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 9614
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L5nZnZIcCSseLq903GywFoZ8R5td5n79suP2SJlM%2FwgRHeWF8%2FXrHMm0qPJ7b4YgOQI3ibbiYWGeW1Uuf2lV1Ue82U7RUd7xsQHn55kIzo98X1NAX%2BREOQAvULQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81636ef9c805b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.3.2

104.17.24.14

200 OK

3.1 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.3.2
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3166), with no line terminators
Size
3.1 kB (3063 bytes)
Hash
268941a21977d78e5375571a621395be
e31219f1b0ded9a8cc5834a977297006fedd2c07
b6e184987af8853a448d3300cecb87e5c9c91adcf6af8bde29199a9d94bc3cd7

HTTP Headers

GET /ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.3.2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 1101
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "60641588-bf7"
last-modified: Wed, 31 Mar 2021 06:24:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 11845989
expires: Thu, 03 Oct 2024 22:59:34 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kfSZsb3TWToecf2s26U1Bds4yjHf76M97%2BTuv%2BsPY262P4d2xMnqyOD8rz9GjHTQJu8hhTeekT1a3JDUict8HTaCRUAXZfyO6txs4daNnymsk%2BuO8dEbeet7ADvA98WWyC8jqp5C"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 81636efd3f90b500-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=0aa4f53ecbe8911b5307

188.114.97.1

200 OK

7.6 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=0aa4f53ecbe8911b5307
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (7804), with no line terminators
Size
7.6 kB (7553 bytes)
Hash
9c77b566bd54b44feb40dae5abb672fd
4800962e6abb9f034197101fd654cd8f89e40e51
4fa5b8f79358bd73eafe22ac4a73531acbbed4b61f646d001d8636f27c4b2b07

HTTP Headers

GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=0aa4f53ecbe8911b5307 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 12 Oct 2023 20:06:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 10108
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dyxeRAWGWp59trcShph4xgIx9SVt%2Be%2FqeG%2FdTj6IizrHpfgdouFGYqhKpyRW78rvvpCd9fBowakim83Hu8tLQ8ao4i8peuCG%2F4N0FSp%2Bz9S6o1KkE932ipfwFZ4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81636efd0aa1b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET formationwallet.com/pixel/purst?dl=0&th=0&sc=0&rs=3512&rd=3512&fd=608&bv=23.10.v.1&tmpl=70

173.233.137.52

200 OK

0 B

URL GET HTTP/1.1
formationwallet.com/pixel/purst?dl=0&th=0&sc=0&rs=3512&rd=3512&fd=608&bv=23.10.v.1&tmpl=70
IP
173.233.137.52:443
ASN
#7979 SERVERS-COM

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectformationwallet.com
FingerprintFB:1B:95:13:DB:5E:B2:BD:D9:2C:E1:1E:D6:05:5D:BA:63:17:4D:14
ValiditySat, 23 Sep 2023 00:48:03 GMT - Fri, 22 Dec 2023 00:48:02 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=3512&rd=3512&fd=608&bv=23.10.v.1&tmpl=70 HTTP/1.1
Host: formationwallet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 14 Oct 2023 22:59:37 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.css?minify=false&ver=ae1ab3cfcf7670b1d705

188.114.97.1

200 OK

36 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.css?minify=false&ver=ae1ab3cfcf7670b1d705
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type

Size
36 kB (36458 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.css?minify=false&ver=ae1ab3cfcf7670b1d705 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Cookie: _ga_V5K7GYT3S4=GS1.1.1697324376.1.0.1697324376.0.0.0; _ga=GA1.1.1560127986.1697324376; _ga_HS5Y0K7QPG=GS1.1.1697324376.1.0.1697324376.0.0.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 14 Oct 2023 22:59:36 GMT
content-type: text/css
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 12 Oct 2023 20:06:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 9614
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b5NFKMEXdrmiwEDNDFuJrbp5m29vzD3JqwSaQ3uLaKwaQHUQvB3JXo%2FW03dxQMYLhvbSkaIA23v8EaK3R08PpsN9pzIkRbJK5jLtyQMqehVkNf66Ez%2Fqjuiec6U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81636f09cb50b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET nsw2u.com/wp-content/cache/wpfc-minified/ehn7s3j8/dmlqt.css

188.114.97.1

200 OK

15 kB

URL GET HTTP/3
nsw2u.com/wp-content/cache/wpfc-minified/ehn7s3j8/dmlqt.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (6817)
Size
15 kB (15333 bytes)
Hash
1fee9d9ba9d8cc17b88610f753052dd1
b8608a7bcb05bcca68814671bb114871f2c97f0e
f50cc3d3d3714cc7aae738eb19b41f70b1eec94c290f8985af4dcd36dcfad0dd

HTTP Headers

GET /wp-content/cache/wpfc-minified/ehn7s3j8/dmlqt.css HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: text/css
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sun, 03 Sep 2023 08:56:51 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 10108
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p9IQQQIUD2YX6Bg6983mMsDL6ZraOW1aAFghnqNCFigrnbEqbh5AWYLcdNhpVNXGhnEGL6UNu6hrGWlKiQ%2BQ5btEz%2Bw97ThsPT2l%2B2VqCPKjPMPaQR3hvkN%2FVdg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81636ef9afe9b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET itespurrom.com/5/3812660/?oo=1&aab=1

139.45.197.243

200 OK

2.8 kB

URL GET HTTP/2
itespurrom.com/5/3812660/?oo=1&aab=1
IP
139.45.197.243:443
ASN
#9002 RETN Limited

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectitespurrom.com
Fingerprint5D:66:B9:C1:ED:43:A1:06:F2:CC:D6:05:58:38:E8:85:78:9F:83:BE
ValiditySat, 07 Oct 2023 07:19:17 GMT - Fri, 05 Jan 2024 07:19:16 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2994), with no line terminators
Size
2.8 kB (2754 bytes)
Hash
f4b721f81f3a3d8a159950a3a72636e2
905c05a50cd939d8ad1147b5eb3cf67c9128c350
3b54b8a88e8d4b31a9cf6b4dd2fd755990f88d2c9f3f699a6f289176c60222d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/3812660/?oo=1&aab=1 HTTP/1.1
Host: itespurrom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 22:59:36 GMT
content-type: application/json
x-trace-id: 034ba47766173e9530a7ed94a776763c
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://nsw2u.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=a53fc37264d74665b3856b33232234c6; expires=Sun, 13 Oct 2024 22:59:36 GMT; path=/; secure; SameSite=None
oaidts=1697324376; expires=Sun, 13 Oct 2024 22:59:36 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

GET c0.wp.com/c/6.3.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css

192.0.77.37

200 OK

11 kB

URL GET HTTP/2
c0.wp.com/c/6.3.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (11256), with no line terminators
Size
11 kB (11256 bytes)
Hash
2b0dd7eecea03b4bdedb94ba622fdb03
703becba85161118dd6fc66af465428ef43f561c
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

HTTP Headers

GET /c/6.3.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
content-encoding: br
expires: Sun, 13 Oct 2024 22:59:34 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

GET nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/css/lazyload.css?ver=4.5.0

188.114.97.1

200 OK

399 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/css/lazyload.css?ver=4.5.0
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (423), with no line terminators
Size
399 B (399 bytes)
Hash
ed94fa94e236140899a07d0bb24f233d
8e7f16eda1a41233d4d0f19264382b6222959b6c
2fb43730229e7993c5976889479bdd4488ce1cab9f939f11d7bba6e327c9a5df

HTTP Headers

GET /wp-content/plugins/featured-image-from-url/includes/html/css/lazyload.css?ver=4.5.0 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: text/css
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Mon, 25 Sep 2023 10:34:20 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 9614
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r2OtNJ7s4mFeBlu56jokJIPhWwnxH%2BMRBBIITsTrqSrxSHitjJI7mXo1T9Luo9uCvXqa0rWeIZPbq1dzh9eycMl%2Bi359FSdHjLHznDQsTehItNa76vKdewcE29M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81636ef9c804b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188

188.114.97.1

200 OK

701 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
ASCII text, with very long lines (727), with no line terminators
Size
701 B (701 bytes)
Hash
e8b1dbb3b1a9bc1b59010bd6f7035465
c9d0ec84d9184c72ea6335c67193d25a90e003af
18c991e1cdc15a5c427215cf20569d60a7aa9bc32f1f7a2382640782a6e5bfe7

HTTP Headers

GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 12 Oct 2023 20:06:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 10108
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=poBLm%2FK%2B9lTD%2FnsukX%2BPl%2BGGdWXB6dDUH%2FaUndOe%2Fhj3hw72tdpiT5tLZW9oNrIXcONOReCaSObZZ4Z73y6SxqeR84y84h8Kvk3lIyzaOCStDcYFKF1XAyEz3N8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81636efd2abbb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET itespurrom.com/?rb=cSXrXxPFHjJk7hcC3ol27RPq8Bli84vLwRVOlepRUHkcfyrQApHw2NNQVJvAxBaUbt1_ovO0d1k1W1ompqth7WriPwEtOl-TIaCvekEgrfO8H0Q210RWGiWpacZ-K9T1FZWeeAGGY3q6PkvJraGg3AzxKxAD7jq4HRTlkOy3Eyyb4ziyI9AG6cnFpCOHAWqRyBkXbtnUtXsY_mnWC5prbA%3D%3D&request_ab2=0&zoneid=3812660&js_build=iclick-v1.606.3-auto&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=2&pl=https%3A%2F%2Fnsw2u.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.606.3-auto&bs=724062f4-4be5-42a6-9e31-7c1c2eddaa21&userId=a53fc37264d74665b3856b33232234c6&m=link

139.45.197.243

200 OK

2.3 kB

URL GET HTTP/2
itespurrom.com/?rb=cSXrXxPFHjJk7hcC3ol27RPq8Bli84vLwRVOlepRUHkcfyrQApHw2NNQVJvAxBaUbt1_ovO0d1k1W1ompqth7WriPwEtOl-TIaCvekEgrfO8H0Q210RWGiWpacZ-K9T1FZWeeAGGY3q6PkvJraGg3AzxKxAD7jq4HRTlkOy3Eyyb4ziyI9AG6cnFpCOHAWqRyBkXbtnUtXsY_mnWC5prbA%3D%3D&request_ab2=0&zoneid=3812660&js_build=iclick-v1.606.3-auto&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=2&pl=https%3A%2F%2Fnsw2u.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.606.3-auto&bs=724062f4-4be5-42a6-9e31-7c1c2eddaa21&userId=a53fc37264d74665b3856b33232234c6&m=link
IP
139.45.197.243:443
ASN
#9002 RETN Limited

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectitespurrom.com
Fingerprint5D:66:B9:C1:ED:43:A1:06:F2:CC:D6:05:58:38:E8:85:78:9F:83:BE
ValiditySat, 07 Oct 2023 07:19:17 GMT - Fri, 05 Jan 2024 07:19:16 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2349), with no line terminators
Size
2.3 kB (2320 bytes)
Hash
d4aa6b9f017ac5d4bf92af21d1b57706
ae241f5b9327f2e0bd09c6d0795c2a4a397aeffc
5d7e4a11127e9edd16d7e668c74abf01749838ba4ab028929a84af5b177e2b72

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=cSXrXxPFHjJk7hcC3ol27RPq8Bli84vLwRVOlepRUHkcfyrQApHw2NNQVJvAxBaUbt1_ovO0d1k1W1ompqth7WriPwEtOl-TIaCvekEgrfO8H0Q210RWGiWpacZ-K9T1FZWeeAGGY3q6PkvJraGg3AzxKxAD7jq4HRTlkOy3Eyyb4ziyI9AG6cnFpCOHAWqRyBkXbtnUtXsY_mnWC5prbA%3D%3D&request_ab2=0&zoneid=3812660&js_build=iclick-v1.606.3-auto&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=2&pl=https%3A%2F%2Fnsw2u.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.606.3-auto&bs=724062f4-4be5-42a6-9e31-7c1c2eddaa21&userId=a53fc37264d74665b3856b33232234c6&m=link HTTP/1.1
Host: itespurrom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nsw2u.com/
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Cookie: OAID=a53fc37264d74665b3856b33232234c6; oaidts=1697324376
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 22:59:37 GMT
content-type: application/json
x-trace-id: d1ef7a753863f8a38ce458c68cab30bb
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://nsw2u.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=a53fc37264d74665b3856b33232234c6; expires=Sun, 13 Oct 2024 22:59:37 GMT; path=/; secure; SameSite=None
oaidts=1697324377; expires=Sun, 13 Oct 2024 22:59:37 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 21 Oct 2023 22:59:37 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

GET nsw2u.com/wp-content/cache/wpfc-minified/6zu0bqmr/5qz0r.js

188.114.97.1

200 OK

2.8 kB

URL GET HTTP/3
nsw2u.com/wp-content/cache/wpfc-minified/6zu0bqmr/5qz0r.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type
HTML document text\012- HTML document, ASCII text, with very long lines (2972), with no line terminators
Size
2.8 kB (2817 bytes)
Hash
931b85cb75ffe4c6b196a0d45d0b92c0
9e55c38907d27589edd3f8638a36dcfd2a64d779
3ecde2005a956084887d85ad2aed0c01c0afcdba4abaa03f378e8ecdc1dbd359

HTTP Headers

GET /wp-content/cache/wpfc-minified/6zu0bqmr/5qz0r.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 14 Oct 2023 22:59:34 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Tue, 29 Aug 2023 11:06:03 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 10108
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2r%2BWcM6NPyL5h4JTDdMH4A6CSjnEKn%2F4oPTvvS0IfIC9ue%2BLJKh2Viv4YThZaHCQpoQ7dfODya%2BbYTXw37mU70UA7QmVkh2GErPq0duuFPC0Ht8JwNE8zDk0EEA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81636efd2abdb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=be4054ef01b79af42428

188.114.97.1

200 OK

79 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=be4054ef01b79af42428
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT

File type

Size
79 kB (79073 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=be4054ef01b79af42428 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Cookie: _ga_V5K7GYT3S4=GS1.1.1697324376.1.0.1697324376.0.0.0; _ga=GA1.1.1560127986.1697324376; _ga_HS5Y0K7QPG=GS1.1.1697324376.1.0.1697324376.0.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 14 Oct 2023 22:59:36 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 12 Oct 2023 20:06:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 9614
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wciwViKajrKC8TOLHv2cnP1npdxKJQuvvvUYvu0EPVRXhWF0Se0K52KY3DSYF08D0aClubPBcJ1YglyYFWFjMkf4rsVaTmPU28TR6o8ArhvD%2FMyrhuvkfVVDIxw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81636f099b1cb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.10147797850100404

192.0.76.3

200 OK

50 B

URL GET HTTP/2
pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.10147797850100404
IP
192.0.76.3:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
GIF image data, version 89a, 6 x 5\012- data
Size
50 B (50 bytes)
Hash
e4d673a55c5656f19ef81563fb10884c
1f2d8ed221d39329251ad3a6ff1edb20b7219443
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

HTTP Headers

GET /g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.10147797850100404 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 22:59:36 GMT
content-type: image/gif
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (64)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML