GET nsw2u.com/wp-content/plugins/chp-ads-block-detector/assets/img/icon.png
200 OK 16 kB URL GET HTTP/3 nsw2u.com/wp-content/plugins/chp-ads-block-detector/assets/img/icon.png
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File type PNG image data, 350 x 350, 8-bit colormap, non-interlaced\012- data
Hash 134fce13c189ed0e483a1bddb6406204
eed559ac52e9731c56a1fb03eb94fc82e551bb66
723597ec6e9461e79c420faf0454170cf6f9243246a4fac3cef5f05a4b5be791
GET /wp-content/plugins/chp-ads-block-detector/assets/img/icon.png HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/page/561
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 15 Oct 2023 22:18:25 GMT
content-type: image/png
content-length: 15671
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:29:33 GMT
cf-cache-status: HIT
age: 30729
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IwHHuEIocUtkZ22MgWpjNtux7CZ8yOnrVEWa0b3NcbLg%2FfSHUAPYK3P0ZLUfm6iOR6%2Bk8iG1pF%2Fc%2BrPYsvxKqcj5oAgF0TLRCuA%2FRD%2F3GvFF%2FCrPA%2BsBA3V5t14%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 816b70153e65568f-OSL
alt-svc: h3=":443"; ma=86400
GET nsw2u.com/wp-content/plugins/ad-inserter/images/ads.png
200 OK 95 B URL GET HTTP/3 nsw2u.com/wp-content/plugins/ad-inserter/images/ads.png
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File type PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Hash 71a50dbba44c78128b221b7df7bb51f1
0ec63b140374ba704a58fa0c743cb357683313dd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
GET /wp-content/plugins/ad-inserter/images/ads.png HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/page/561
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 15 Oct 2023 22:18:25 GMT
content-type: image/png
content-length: 95
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Fri, 22 Sep 2023 09:31:12 GMT
cf-cache-status: HIT
age: 30729
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xEqpmoXC4pqTdNvHHGrklikmWqLq%2BvREs9Wcqbk2cT2OWcodeApox47%2Bu%2BcRLOc0tipvQ2GhCbv62moAQbPsuJO%2BnTlSGo0A2XkUqwwS70hxfVVryGD2gGvAhaA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 816b70154e78568f-OSL
alt-svc: h3=":443"; ma=86400
GET i0.wp.com/images.vfl.ru/ii/1634656183/cd2bc191/36326378.jpg?ssl=1
200 OK 29 kB URL GET HTTP/2 i0.wp.com/images.vfl.ru/ii/1634656183/cd2bc191/36326378.jpg?ssl=1
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 549x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 3826e8c687a3f41c6c0bddc126d0ef31
7b744934c9465af5c9f7d623364f8f4dbe72d7b6
f0a80483353213f896b96b10ec55b22108f6843b5f7f923a116b5a6cefc26d1c
GET /images.vfl.ru/ii/1634656183/cd2bc191/36326378.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:25 GMT
content-type: image/webp
content-length: 29242
last-modified: Tue, 10 Oct 2023 17:46:54 GMT
expires: Fri, 10 Oct 2025 05:46:54 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1634656183/cd2bc191/36326378.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "1379fa58d886db15"
vary: Accept
x-nc: HIT arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
472 B IP
Hash 36d6fa6dfc6e98e6247ccd33f3a3dc62
ebdc426f8d0a55b5e929dec6ec65255b5b4e6763
3d5cb9b7bcc96e258038879a5a5045a51a3332e68a70cebccc02ef9446e12097
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 15 Oct 2023 22:18:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET i1.wp.com/images.vfl.ru/ii/1638611382/ee1f0170/36954548.jpg?resize=549%2C700&ssl=1
200 OK 17 kB URL GET HTTP/2 i1.wp.com/images.vfl.ru/ii/1638611382/ee1f0170/36954548.jpg?resize=549%2C700&ssl=1
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 549x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a0a8a8d1f8b071eb051d9d07adb33c06
2fd91131543fba852a0c59a4990863720451c7b1
718cae00e078f935395762659c9d07b26f52f1d62b177a9368dae22d665473bc
GET /images.vfl.ru/ii/1638611382/ee1f0170/36954548.jpg?resize=549%2C700&ssl=1 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:25 GMT
content-type: image/webp
content-length: 16910
last-modified: Sat, 30 Sep 2023 15:54:21 GMT
expires: Tue, 30 Sep 2025 03:54:21 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1638611382/ee1f0170/36954548.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "7223145e305a4b05"
vary: Accept
x-nc: HIT arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
GET i0.wp.com/images.vfl.ru/ii/1635150258/5146e563/36405452.jpg?ssl=1
200 OK 29 kB URL GET HTTP/2 i0.wp.com/images.vfl.ru/ii/1635150258/5146e563/36405452.jpg?ssl=1
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 549x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7e6bce8262098b06dea7a64e8a821019
7bbb531ad1b75833f91740d93227539956486be7
e9705b2a20b1c6c8c8f467efa232cf826eb0169f168cb08883b8417307f48156
GET /images.vfl.ru/ii/1635150258/5146e563/36405452.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:25 GMT
content-type: image/webp
content-length: 28616
last-modified: Tue, 10 Oct 2023 17:46:54 GMT
expires: Fri, 10 Oct 2025 05:46:54 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1635150258/5146e563/36405452.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "a66107d36f3c3489"
vary: Accept
x-nc: HIT arn 2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
GET i0.wp.com/game-2u.com/wp-content/uploads/2023/03/Lens-Island-Build-10465382-PC.jpg?ssl=1
200 OK 24 kB URL GET HTTP/2 i0.wp.com/game-2u.com/wp-content/uploads/2023/03/Lens-Island-Build-10465382-PC.jpg?ssl=1
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 241x339, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash ae7d68417cfc1ee8a3ce3e80927acd64
3f842be97baef5c91a8370696b0b9a84b96f08e5
7a2f23ebe7dc611a7200440a750df3331308f7dc1d6bd8f3f0ef61b2382faa73
GET /game-2u.com/wp-content/uploads/2023/03/Lens-Island-Build-10465382-PC.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:25 GMT
content-type: image/webp
content-length: 24534
last-modified: Wed, 04 Oct 2023 11:29:58 GMT
expires: Fri, 03 Oct 2025 23:29:58 GMT
cache-control: public, max-age=63115200
link: <https://game-2u.com/wp-content/uploads/2023/03/Lens-Island-Build-10465382-PC.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "5d5dcf760eb48e78"
vary: Accept
x-nc: HIT arn 4
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
GET i0.wp.com/game-2u.com/wp-content/uploads/2023/10/Spirit-Of-The-Island-Complete-Edition-TENOKE-PC.png?ssl=1
200 OK 103 kB URL GET HTTP/2 i0.wp.com/game-2u.com/wp-content/uploads/2023/10/Spirit-Of-The-Island-Complete-Edition-TENOKE-PC.png?ssl=1
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Size 103 kB (102752 bytes)
Hash 9b6e0cd359c0b9db78edaee8b1c9c820
c2995053f9c9ff0463935956aa1bc489a1a12998
2e63e93b8adf491ba90eae156f7c9115581719ae88a1f549859ac01d912895a0
GET /game-2u.com/wp-content/uploads/2023/10/Spirit-Of-The-Island-Complete-Edition-TENOKE-PC.png?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:25 GMT
content-type: image/webp
content-length: 102752
last-modified: Wed, 04 Oct 2023 13:21:31 GMT
expires: Sat, 04 Oct 2025 01:21:31 GMT
cache-control: public, max-age=63115200
link: <https://game-2u.com/wp-content/uploads/2023/10/Spirit-Of-The-Island-Complete-Edition-TENOKE-PC.png>; rel="canonical"
x-content-type-options: nosniff
etag: "8bbef9f9bf3542ad"
vary: Accept
x-nc: HIT arn 6
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
GET i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/nsw2u.png?w=216&ssl=1
200 OK 2.8 kB URL GET HTTP/2 i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/nsw2u.png?w=216&ssl=1
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 948c6dc3d3c1e2e9d315418f6eabe2bf
ed06ff1f0994f3be033f22d808241d3fcca9d1e8
3a2e29960ba6130c22ce96089a7592ae91b6a0d6a11595a10daaa9662522ad0b
GET /nsw2u.com/wp-content/uploads/2022/07/nsw2u.png?w=216&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:25 GMT
content-type: image/webp
content-length: 2836
last-modified: Sat, 24 Sep 2022 18:25:42 GMT
expires: Tue, 24 Sep 2024 06:25:42 GMT
cache-control: public, max-age=63115200
link: <https://nsw2u.com/wp-content/uploads/2022/07/nsw2u.png>; rel="canonical"
x-content-type-options: nosniff
etag: "0101732b85ce3bdc"
vary: Accept
x-nc: HIT arn 4
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
GET i0.wp.com/game-2u.com/wp-content/uploads/2023/10/Thief-Simulator-2-RUNE-PC.jpg?ssl=1
200 OK 11 kB URL GET HTTP/2 i0.wp.com/game-2u.com/wp-content/uploads/2023/10/Thief-Simulator-2-RUNE-PC.jpg?ssl=1
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 241x339, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 530d9d4789916e53eaf9da2cc54f2edb
b7b8a6a3699f725c77c1ec262a3e516ed316653c
c6d390bae5541a7d85ceb154d194555b604c7a13d7d8c93f1d3d9c839c91db00
GET /game-2u.com/wp-content/uploads/2023/10/Thief-Simulator-2-RUNE-PC.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:25 GMT
content-type: image/webp
content-length: 10654
last-modified: Wed, 04 Oct 2023 13:21:31 GMT
expires: Sat, 04 Oct 2025 01:21:31 GMT
cache-control: public, max-age=63115200
link: <https://game-2u.com/wp-content/uploads/2023/10/Thief-Simulator-2-RUNE-PC.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "03ada48920cf6e42"
vary: Accept
x-nc: HIT arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
HEAD nsw2u.com/page/561
200 OK 74 kB IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (11564)
Hash bc0097bacc917db376f619e4718c0a86
85f097411acde03d6ccc6a7b337e55853e638968
f994322a3e5003642a159a947225cc6faba0686c518f1566f991c3786c1313fd
GET /page/561 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 15 Oct 2023 22:18:25 GMT
content-type: text/html
last-modified: Tue, 10 Oct 2023 21:30:03 GMT
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store, must-revalidate
pragma: no-cache
expires: Mon, 29 Oct 1923 20:30:00 GMT
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vgpad9LAmhQ6CAxJ%2FhbXnEuH04Kxl4UY6OV0b%2Fz4O2VnD6wagSw9NxdHfLuPtfC3587gXlw6sTOhi9X27YGsER7L8ANLIrSI1jHcBKEy1h%2F5J5cf16f5o5OEiys%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 816b70115c2a56ab-OSL
content-encoding: br
X-Firefox-Spdy: h2
472 B IP
Hash c6586490ae5e9261b5c987e8e1dafb4d
6d58c98401fc33ed35507a807b424a38b66e3989
0955de17ff7d32a2ff91d0ebd1fceb8784f371ff5db206bc80b87ea50ffe3f21
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 15 Oct 2023 22:18:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET nsw2u.com/wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.31
200 OK 23 B URL GET HTTP/3 nsw2u.com/wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.31
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File type ASCII text, with no line terminators
Hash e509c98a0bcad0ce8e6248ac8eb31de1
ec5fe203df631088270b5f2b0b7a85498a2aeb8b
352ea4dd2d545563bef7eb0ba6d6ebfe4bc9d9e51ab00d9c925cb9e103edee63
GET /wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.31 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/page/561
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: application/javascript
content-length: 23
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=25
expires: max-age=A10368000, public
last-modified: Fri, 22 Sep 2023 09:31:13 GMT
cf-cache-status: HIT
age: 30730
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FW1HKZ0nR5RfHIV%2FXf0f%2BFdmy%2BHoAtBDo21Or546r3RRHievh9C63UPrwmlcr3oNd5y8BfgNPiyze5urqUwrQSTPM%2FE3f%2BFxpu2vgOpoxycx0cdmvgN%2FAw3o0FM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 816b701898e5568f-OSL
alt-svc: h3=":443"; ma=86400
GET nsw2u.com/wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.31
200 OK 22 B URL GET HTTP/3 nsw2u.com/wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.31
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File type ASCII text, with no line terminators
Hash 41bd53fe0ee631d5cfd895e18a53291d
9d9d3c42c53ad7f906cb083a0d2d37afb4537764
dfb2e16986e257b608b45d14396378a8f2ac6a7321c0dc2f13c66a33ec8e4a40
GET /wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.31 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/page/561
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: application/javascript
content-length: 22
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=24
expires: max-age=A10368000, public
last-modified: Fri, 22 Sep 2023 09:31:13 GMT
cf-cache-status: HIT
age: 30730
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MyAkg1VtHb7RjRJbhfPtpO%2B4CB1sxJ3s7a56jqhD1xLvATyAUEv63%2BM%2Bo1LFcPYyA1hcjHE5NJoH69UtT4wxLaMOkdsRkdbcXVlWhlo3NjKtTnKXYH0Cf19XhqU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 816b701898e7568f-OSL
alt-svc: h3=":443"; ma=86400
GET nsw2u.com/wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.31
200 OK 21 B URL GET HTTP/3 nsw2u.com/wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.31
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File type ASCII text, with no line terminators
Hash 169a5dd1261e0d434162d1af68acbbcd
c18d59ed069049b012a61a8e6b958bfb25bc1b71
82b3dabc6615507ef352f36aa08a805d409e883f8024fd01fda43175b6b67b38
GET /wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.31 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/page/561
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: application/javascript
content-length: 21
cache-control: public, max-age=16070400
cf-bgj: minify
expires: max-age=A10368000, public
last-modified: Fri, 22 Sep 2023 09:31:14 GMT
cf-cache-status: HIT
age: 30730
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wodA5NvDtn6JSpQuUo3FyOm7QX69oEY968Rzj%2FkerJ6HjFkXw6XCymzK9wxhNgDpsNR2Llo8%2BsvNU0qaMQke8yWXUbGvulPe%2BnZPdhnihvWsFLePPi3YBNmqNXU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 816b701898e9568f-OSL
alt-svc: h3=":443"; ma=86400
GET cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.3.1
200 OK 3.2 kB URL GET HTTP/2 cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.3.1
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (7862)
Hash 45bacd312d5098b4b59f563d8756c15d
fa55e2cff078381e5365d95782a95a787d0b7192
3d9120fa621da6d613c1698b7014ec6bdf4620366e8f2b7b547059f4b6f6272b
GET /ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.3.1 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 3150
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64942b38-c4e"
last-modified: Thu, 22 Jun 2023 11:06:32 GMT
cf-cdnjs-via: cfworker/r2
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 3923536
expires: Fri, 04 Oct 2024 22:18:26 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8MHwAqip%2FwffHDGO4stn0jboPqcetrDy0oDZbiSMNXKvC2KwcJLx0qPCNXHd%2BflkAuPCFQTv6kOC66FT7uYghc18ukQF8T41KaFH%2BqBb1hGQxdY0QU%2Bqu3x8CHQcXavAbByTuHIP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 816b70192f6f56b5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.3.1
200 OK 1.1 kB URL GET HTTP/2 cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.3.1
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (3036)
Hash 94279a9a0c4060a96efcf1da47716f86
ea88b3fd8b01a8b86edfd0f4120cc9a834893018
d41c6733a8c4a3a7f08204de8e3d60e1d2baf17dd7f675a26830fb1047fac40a
GET /ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.3.1 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 1101
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "60641588-bf7"
last-modified: Wed, 31 Mar 2021 06:24:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 11929921
expires: Fri, 04 Oct 2024 22:18:26 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LwnvIymGLaBY8DgTO5zBFmo6y1AJ%2Fb2Pf%2BmbPZNge1mNsRDmaud5KzsvSQIiGz3RRGNwnwuJOHzfIa8pC1kFsINJkBlvp%2B0Qwt0FXKctZvr%2FmvF4qQGfvqP5tGEjnDYC%2BtTUBb8v"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 816b70195f9956b5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.3.1
200 OK 677 B URL GET HTTP/2 cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.3.1
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (1845)
Hash f6a3dd4ecbf227acbafcff33d68dc71d
7421115ddcd5d436b89a1fd27e0cdce5a01978e6
30b2271be76ee2dd43122d0611f8aa498b9781f4cd03904ca12e12d2e91e9421
GET /ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.3.1 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 677
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "60641588-750"
last-modified: Wed, 31 Mar 2021 06:24:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 195239
expires: Fri, 04 Oct 2024 22:18:26 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9dWRKmprsLH1GDSxFk6%2FXgv5aoBaGwhcEJF%2F6bSqnPUCOyOd0P1MGoYDUS4pKMU7B34CohpgYKkOF1cscssUB7%2FP5CqHHT4C5S%2BiLo5FKHAUZAtqWzS6j%2Bi5gcQKeHNivQmoGmvZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 816b70197fbd56b5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET c0.wp.com/c/6.3.1/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js
200 OK 80 kB URL GET HTTP/2 c0.wp.com/c/6.3.1/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (8171), with no line terminators
Hash dda652db133fddb9b80a05c6d1b5c540
60c8514c57a5db2980c4b046b0dd479bd427357b
c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4
GET /c/6.3.1/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 18 Jan 2023 11:16:33 GMT
content-encoding: br
expires: Mon, 14 Oct 2024 22:18:26 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
GET c0.wp.com/c/6.3.1/wp-includes/js/jquery/jquery-migrate.min.js
200 OK 5.2 kB URL GET HTTP/2 c0.wp.com/c/6.3.1/wp-includes/js/jquery/jquery-migrate.min.js
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (13479)
Hash 9ffeb32e2d9efbf8f70caabded242267
3ad0c10e501ac2a9bfa18f9cd7e700219b378738
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
GET /c/6.3.1/wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 09 Jun 2023 05:49:24 GMT
content-encoding: br
expires: Mon, 14 Oct 2024 22:18:26 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
GET i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?resize=405%2C155&ssl=1
200 OK 7.7 kB URL GET HTTP/2 i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?resize=405%2C155&ssl=1
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 405x155, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1f2664d6059193e6c1a59ee7ef14d1a0
46542860abd849426ea23d66c601ff0888d735db
f685610012cd711cdf0f3f186e878030c152058d3705dd751d6048d480bc2621
GET /images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?resize=405%2C155&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: image/webp
content-length: 7712
last-modified: Sat, 11 Jun 2022 22:08:00 GMT
expires: Tue, 11 Jun 2024 10:08:00 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "416c01d7e07bbbbf"
vary: Accept
x-nc: HIT arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
GET c0.wp.com/c/6.3.1/wp-includes/js/mediaelement/wp-mediaelement.min.css
200 OK 69 kB URL GET HTTP/2 c0.wp.com/c/6.3.1/wp-includes/js/mediaelement/wp-mediaelement.min.css
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (4186), with no line terminators
Hash ea958276b7de454bd3c2873f0dc47e5f
b143f6e8e8f79d8f104c26b0057ef5514d763219
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
GET /c/6.3.1/wp-includes/js/mediaelement/wp-mediaelement.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:25 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
content-encoding: br
expires: Mon, 14 Oct 2024 22:18:25 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
GET i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=192%2C192&ssl=1
200 OK 2.6 kB URL GET HTTP/2 i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=192%2C192&ssl=1
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 513677192f138c2aba3a3847c320f723
7ce5b67d80a2c2dedf8685b08547bcc8bf012f99
d60495bc835271423ec6445708aceb3a068ed6f2ebfd796a86c9f9e134ca1788
GET /nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=192%2C192&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: image/webp
content-length: 2568
last-modified: Sat, 24 Sep 2022 18:28:57 GMT
expires: Tue, 24 Sep 2024 06:28:57 GMT
cache-control: public, max-age=63115200
link: <https://nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png>; rel="canonical"
x-content-type-options: nosniff
etag: "deb437b05941c6de"
vary: Accept
x-nc: HIT arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
GET nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188
200 OK 723 B URL GET HTTP/3 nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File type ASCII text, with very long lines (701), with no line terminators
Hash 328b8123661abdd5f4a0c695e7aa9dcc
4164f78bb52e9f2bfbb7ae5fd519b4638063c1f0
27dd9b075cc59cf5f3c0f6ee075f4bd113782d81ce30a4f16aac669ecfdc4fa2
GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/page/561
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 12 Oct 2023 20:06:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 30730
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jg5V%2B%2B9L67xJVPV%2FY1Tz8IuERsY63y2GG3Nk7hQk%2Fhhfs%2B%2Bq5ST5O8%2B1geoPKL3edCOq3b6%2FBRXOZFGls8USFhehYjkGrILU%2FKRVGMlLwFd3KdU5tefogRA2tmo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 816b70191955568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
471 B IP
Hash b383875d47cf3281cf9553fbc71410ac
6275628318e097e7cd3a45aefbf544e3a9bac6eb
b599aba77b5fbc4ad65fcce338306120730c4a4b5e6d358642f0045fc82a51f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 15 Oct 2023 22:18:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET www.google-analytics.com/analytics.js
200 OK 21 kB URL GET HTTP/2 www.google-analytics.com/analytics.js
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint54:FD:04:1B:2E:C7:46:95:DD:15:A3:A0:3F:CE:7F:03:02:53:36:8F
ValidityMon, 18 Sep 2023 08:19:25 GMT - Mon, 11 Dec 2023 08:19:24 GMT
File type ASCII text, with very long lines (2343)
Hash 575b5480531da4d14e7453e2016fe0bc
e5c5f3134fe29e60b591c87ea85951f0aea36ee1
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: object
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20994
date: Sun, 15 Oct 2023 21:01:55 GMT
expires: Sun, 15 Oct 2023 23:01:55 GMT
cache-control: public, max-age=7200
age: 4591
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET www.googletagmanager.com/gtag/js?id=G-V5K7GYT3S4&l=dataLayer&cx=c
200 OK 80 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=G-V5K7GYT3S4&l=dataLayer&cx=c
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint54:FD:04:1B:2E:C7:46:95:DD:15:A3:A0:3F:CE:7F:03:02:53:36:8F
ValidityMon, 18 Sep 2023 08:19:25 GMT - Mon, 11 Dec 2023 08:19:24 GMT
File type ASCII text, with very long lines (5788)
Hash caa8b5d32190896f013f37d596a3df8f
5aa9fa4a6fe58b7e67e97c8817b210d206a784c8
12db65bebfadc0e7e7b462f1bfe9c7a768ad2b79bdeaeee63370be20f3700df3
GET /gtag/js?id=G-V5K7GYT3S4&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 15 Oct 2023 22:18:27 GMT
expires: Sun, 15 Oct 2023 22:18:27 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 80429
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET www.googletagmanager.com/gtag/js?id=G-HS5Y0K7QPG&l=dataLayer&cx=c
200 OK 76 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=G-HS5Y0K7QPG&l=dataLayer&cx=c
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint54:FD:04:1B:2E:C7:46:95:DD:15:A3:A0:3F:CE:7F:03:02:53:36:8F
ValidityMon, 18 Sep 2023 08:19:25 GMT - Mon, 11 Dec 2023 08:19:24 GMT
File type ASCII text, with very long lines (4179)
Hash dffe27e478df6e9186acaf2918eb8f85
5585055b8e3fc42871dd5f09c3942e52d83b4c72
8230085731457e14557ca7022df074c106aca661ebecb355621c18b1c3d346e5
GET /gtag/js?id=G-HS5Y0K7QPG&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 15 Oct 2023 22:18:27 GMT
expires: Sun, 15 Oct 2023 22:18:27 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76392
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.5.0
200 OK 2.8 kB URL GET HTTP/3 nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.5.0
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
Hash e65cb4d4cd399c1b09798edfcea1b41e
49a2a4a502ac7e2c15727c3b7fd6e3d9d5960ff2
d2e0e4ea817ec2075d8ad25c70e9c8e124df393088286cfe1e75dd56069abc2b
GET /wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.5.0 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/page/561
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Mon, 25 Sep 2023 10:34:20 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 30730
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A27BRlqe%2B79aBONeWw9CYbvCc%2BxaYxyYkcnl%2BZx23UA0BknWRoH2rE549oCAEpAJOGVDJ0USvhJ%2FkFxcUq8ro2HGy1fE%2BsCsjtqMLh8V%2FZxmiWdiq3Wbkwlt%2BPI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 816b7018f93c568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET c0.wp.com/c/6.3.1/wp-includes/js/dist/hooks.min.js
200 OK 12 kB URL GET HTTP/2 c0.wp.com/c/6.3.1/wp-includes/js/dist/hooks.min.js
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (4592)
Hash 7bd48eb3bd568033e96caf0fb62e6690
b38066999294b99d92d95db5f38bc15707eb1f22
7868467c94a5aa0b3f11ef542f45287967f9627b3b5acdc86e47f8f77a126596
GET /c/6.3.1/wp-includes/js/dist/hooks.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 27 Jun 2023 14:24:19 GMT
content-encoding: br
expires: Mon, 14 Oct 2024 22:18:26 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
GET nsw2u.com/wp-content/cache/wpfc-minified/7kcuf8x0/5qz0r.js
200 OK 3.0 kB URL GET HTTP/3 nsw2u.com/wp-content/cache/wpfc-minified/7kcuf8x0/5qz0r.js
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File type ASCII text, with very long lines (6042)
Hash 38fca9e0ca205130e3dddbdcda3b4a85
2c0ac19235a88fb361aff39bc0922e4b946c2c5e
43c8d614ba6e97fd9ee9dcf0ae49334ed5d601403ffe8551a74e1a9faf70efaa
GET /wp-content/cache/wpfc-minified/7kcuf8x0/5qz0r.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/page/561
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Tue, 29 Aug 2023 11:06:03 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 30730
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j39ywRzzaT%2BpUVCVNK37qNAGZgz9ksbQv0aDfCIYwj9xX8dR%2FaV3zjiJAVBNomfNhUCdyIxt9%2FCT%2Fc4ggaAKhA3BiszFt6m6dPSHA5IItsQpCoYEhapBhB4bGuU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 816b7019296c568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET professionalswebcheck.com/stats
200 OK 40 B URL GET HTTP/2 professionalswebcheck.com/stats
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerAmazon
Subjectprofessionalswebcheck.com
Fingerprint75:E9:08:FD:96:58:C7:98:43:E8:21:27:A8:E9:B9:A4:55:28:F2:0C
ValidityWed, 30 Aug 2023 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 5a4a969c1238767791efa1f75517fa9a
1c8fc78ad5ec4aa24c3cdff2a66034e4d5026003
b994e7662faf599a52803b24fff0e89dfabc86c5605d6ca9cbe743330f29b096
GET /stats HTTP/1.1
Host: professionalswebcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 15 Oct 2023 22:18:28 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://nsw2u.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=9fb7bd1c-3298-4356-a2c7-cf090afdd8ff:3:1; expires=Wed, 12 Oct 2033 22:18:28 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
HEAD nsw2u.com/page/561
200 OK 0 B IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /page/561 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/page/561
Cookie: _ga_V5K7GYT3S4=GS1.1.1697408307.1.0.1697408307.0.0.0; _ga=GA1.1.1020275193.1697408308; _ga_HS5Y0K7QPG=GS1.1.1697408307.1.0.1697408307.0.0.0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 15 Oct 2023 22:18:28 GMT
content-type: text/html
last-modified: Tue, 10 Oct 2023 21:30:03 GMT
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store, must-revalidate
pragma: no-cache
expires: Mon, 29 Oct 1923 20:30:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wPiLAs7zbe0t94H91T8ccrTALm2%2FkxEVes0zV6rjxXtoG3GBVDECbsGLx5v4Qcmz6YCzh53ZN2%2FUbK5azagzSk9pVViKknmNyzmpyVwas742VXsTdHcLgdqGJOc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 816b70257eb4568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.5128634598431111
200 OK 50 B URL GET HTTP/2 pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.5128634598431111
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File type GIF image data, version 89a, 6 x 5\012- data
Hash e4d673a55c5656f19ef81563fb10884c
1f2d8ed221d39329251ad3a6ff1edb20b7219443
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
GET /g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.5128634598431111 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:28 GMT
content-type: image/gif
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
GET i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=1280&resize=1280&ssl=1
200 OK 7.7 kB URL GET HTTP/2 i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=1280&resize=1280&ssl=1
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 405x155, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1f2664d6059193e6c1a59ee7ef14d1a0
46542860abd849426ea23d66c601ff0888d735db
f685610012cd711cdf0f3f186e878030c152058d3705dd751d6048d480bc2621
GET /images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=1280&resize=1280&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:28 GMT
content-type: image/webp
content-length: 7712
last-modified: Sun, 19 Feb 2023 09:06:57 GMT
expires: Tue, 18 Feb 2025 21:06:57 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "95d72d4081ab31e0"
vary: Accept
x-nc: HIT arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
GET i1.wp.com/images.vfl.ru/ii/1638611382/ee1f0170/36954548.jpg?w=1280&resize=1280&ssl=1
200 OK 17 kB URL GET HTTP/2 i1.wp.com/images.vfl.ru/ii/1638611382/ee1f0170/36954548.jpg?w=1280&resize=1280&ssl=1
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 549x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a0a8a8d1f8b071eb051d9d07adb33c06
2fd91131543fba852a0c59a4990863720451c7b1
718cae00e078f935395762659c9d07b26f52f1d62b177a9368dae22d665473bc
GET /images.vfl.ru/ii/1638611382/ee1f0170/36954548.jpg?w=1280&resize=1280&ssl=1 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:28 GMT
content-type: image/webp
content-length: 16910
last-modified: Tue, 10 Oct 2023 17:56:32 GMT
expires: Fri, 10 Oct 2025 05:56:32 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1638611382/ee1f0170/36954548.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "46bc0485203d6548"
vary: Accept
x-nc: HIT arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
GET nsw2u.com/wp-content/cache/wpfc-minified/ehn7s3j8/dmlqt.css
200 OK 5.6 kB URL GET HTTP/3 nsw2u.com/wp-content/cache/wpfc-minified/ehn7s3j8/dmlqt.css
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File type ASCII text, with very long lines (6817)
Hash 1fee9d9ba9d8cc17b88610f753052dd1
b8608a7bcb05bcca68814671bb114871f2c97f0e
f50cc3d3d3714cc7aae738eb19b41f70b1eec94c290f8985af4dcd36dcfad0dd
GET /wp-content/cache/wpfc-minified/ehn7s3j8/dmlqt.css HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/page/561
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 15 Oct 2023 22:18:25 GMT
content-type: text/css
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sun, 03 Sep 2023 08:56:51 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 30729
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tw2E%2BR4F8z9aPqhCgY%2F8YrTJXHj%2BazcKa7Mf9jLUWWQSjNJJwpwUVDef%2BMSj0NzHr5XfKqXldtf7TfrckvjNo6mVJODkPUeQ%2B0N%2FgeYAZT2%2B1YT%2FyMteLFEGosU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 816b70151e51568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET joathath.com/tag.min.js
200 OK 25 kB IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectjoathath.com
Fingerprint50:21:4D:D6:AE:63:1F:5B:D5:76:5A:59:87:C9:DC:D3:F7:D7:CC:F1
ValidityTue, 19 Sep 2023 05:21:46 GMT - Mon, 18 Dec 2023 05:21:45 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash a95c344616a01fcb847758f5eab31207
274f322059eb248f3518f7c78b2fc69faae0551c
72e9c7cfe696a88de9acd9d80da1b2c4c3441c2ff2c0cf5c57a07aa153d91f13
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tag.min.js HTTP/1.1
Host: joathath.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:28 GMT
content-type: text/javascript; charset=utf-8
content-length: 25432
content-encoding: br
x-trace-id: 86d05edcda1599ca95e13961a5863e8d
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Fri, 13 Oct 2023 23:15:53 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
GET nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-ajax-search.min.js?ver=5.5.2
200 OK 43 kB URL GET HTTP/3 nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-ajax-search.min.js?ver=5.5.2
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File type Unicode text, UTF-8 text, with very long lines (65506), with no line terminators
Hash 51480f0afb0a30743ae59a3455633c75
2b46f094cb87015fa342da2bf1767413ec5c92b5
108cd01e5eaa34e9942ca8af9f8fe70271d3a3a5028fa085c628c162c3706d2d
GET /wp-content/plugins/add-search-to-menu/public/js/ivory-ajax-search.min.js?ver=5.5.2 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/page/561
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:31:33 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 30730
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NJpqt4lGc1lQizKj2Lz5zQw%2FqL6hNI9e7XAudRtEnkZdb0izW3eHOG34V4aOvcQxEIQaCGGsI7D9mYg05Umb4Ejpez83QvB2Uk8x3Oe1jMUfO51yPvS4FVEAKzk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 816b7018a8ef568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=a812fafe63c2ca6c059f
200 OK 24 kB URL GET HTTP/3 nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=a812fafe63c2ca6c059f
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File type Unicode text, UTF-8 text, with very long lines (65453)
Hash 3c7e73dd02f57abb6fec8fadea6e35b0
dfec9a1a86ae00e26c0067bd8c8b7ea4860239c8
d4e76d642b11df90fe1e33c420b70c975a23eebc7aea1416a272439ea9903019
GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=a812fafe63c2ca6c059f HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/page/561
Cookie: _ga_V5K7GYT3S4=GS1.1.1697408307.1.0.1697408307.0.0.0; _ga=GA1.1.1020275193.1697408308; _ga_HS5Y0K7QPG=GS1.1.1697408307.1.0.1697408307.0.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 15 Oct 2023 22:18:28 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 12 Oct 2023 20:06:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 30732
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nopXpT2XtyKlQ%2FX2n4mfSins8boUcqMzucHgzQ3lyPZdByUX5XDoX5JochFxougeKkaILtr6%2BEySPDPDzsTx6a24GCXPXGLsVWfAUzdxsNNl92ilMiTAl6FA5sI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 816b7026af8d568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET my.rtmark.net/gid.js?userId=b669b2fe56344b899492cca32a6ae7fc
200 OK 65 B URL GET HTTP/2 my.rtmark.net/gid.js?userId=b669b2fe56344b899492cca32a6ae7fc
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectrtmark.net
FingerprintB4:02:64:AF:5C:AB:27:5B:1B:80:CF:C8:FF:EB:BF:43:29:C3:C5:C1
ValidityTue, 25 Jul 2023 06:29:27 GMT - Mon, 23 Oct 2023 06:29:26 GMT
File type JSON data\012- , ASCII text
Hash a9e446edd61e5c9a75018eb7435440c5
57f745884de60b52781a1115370ffa5b8a2d1b07
18fa269dceb7e128d24871e9744eac2b30aa13668f973ded5a24c2aac5db48cf
GET /gid.js?userId=b669b2fe56344b899492cca32a6ae7fc HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:28 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://nsw2u.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=b669b2fe56344b899492cca32a6ae7fc; expires=Mon, 14 Oct 2024 22:18:28 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
GET images.vfl.ru/ii/1696606849/450212ed/39028293.jpg
200 OK 86 kB URL GET HTTP/1.1 images.vfl.ru/ii/1696606849/450212ed/39028293.jpg
IP
ASN #24940 Hetzner Online GmbH
Requested by https://nsw2u.com/page/561
Certificate IssuerGoogle Trust Services LLC
Subject*.vfl.ru
FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04
ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.10], baseline, precision 8, 432x700, components 3\012- data
Hash f31e59ed8b4014e8c240b752b138ca58
92fe10034473f9c1939631c2c50642bfa521bf0f
2e559285efef0bb13f7cb134710ea244f456a76074859562fff2cd86952aed87
GET /ii/1696606849/450212ed/39028293.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 Oct 2023 22:18:28 GMT
Content-Type: image/jpeg
Content-Length: 85525
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Fri, 06 Oct 2023 15:40:49 GMT
ETag: "65202a81-14e15"
Expires: Tue, 14 Nov 2023 22:18:28 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GET images.vfl.ru/ii/1692466506/8e093ade/38995519.jpg
200 OK 62 kB URL GET HTTP/1.1 images.vfl.ru/ii/1692466506/8e093ade/38995519.jpg
IP
ASN #24940 Hetzner Online GmbH
Requested by https://nsw2u.com/page/561
Certificate IssuerGoogle Trust Services LLC
Subject*.vfl.ru
FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04
ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.9], baseline, precision 8, 432x700, components 3\012- data
Hash f5ca0775d6b4c6d61ccb84d080eab5b3
71044f9bb69af45e4f171cf7e7c0ff3c9bcdfb1f
a968f61a9dcb9774217eee6c6298381b912ef95f00d273c551485c5d73930696
GET /ii/1692466506/8e093ade/38995519.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 Oct 2023 22:18:28 GMT
Content-Type: image/jpeg
Content-Length: 61571
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Sat, 19 Aug 2023 17:35:06 GMT
ETag: "64e0fd4a-f083"
Expires: Tue, 14 Nov 2023 22:18:28 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GET images.vfl.ru/ii/1696413057/d6012654/39024631.jpg
200 OK 71 kB URL GET HTTP/1.1 images.vfl.ru/ii/1696413057/d6012654/39024631.jpg
IP
ASN #24940 Hetzner Online GmbH
Requested by https://nsw2u.com/page/561
Certificate IssuerGoogle Trust Services LLC
Subject*.vfl.ru
FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04
ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.9], baseline, precision 8, 432x700, components 3\012- data
Hash 33f03174acbe027a947bea29f4bd9a9c
d9ac82e4b1aa6e9d23ab6cf376cdb2e77ea8bbe9
7c83cabdcce42904e30b4444eb9995271eebdaab4399caf7d81d14b6d434b88e
GET /ii/1696413057/d6012654/39024631.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 Oct 2023 22:18:28 GMT
Content-Type: image/jpeg
Content-Length: 71099
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Wed, 04 Oct 2023 09:50:57 GMT
ETag: "651d3581-115bb"
Expires: Tue, 14 Nov 2023 22:18:28 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GET nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=be4054ef01b79af42428
200 OK 90 kB URL GET HTTP/3 nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=be4054ef01b79af42428
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File type Unicode text, UTF-8 text, with very long lines (20675)
Hash 492b6d5195d2fbd9e612a20a9bd1a009
abd6a079460dc394397df83a9ea641ee03884c58
937ba827d294056f81fcab0e37e5769ca968072be205dcd7125fb61e5a7cdac9
GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=be4054ef01b79af42428 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/page/561
Cookie: _ga_V5K7GYT3S4=GS1.1.1697408307.1.0.1697408307.0.0.0; _ga=GA1.1.1020275193.1697408308; _ga_HS5Y0K7QPG=GS1.1.1697408307.1.0.1697408307.0.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 15 Oct 2023 22:18:28 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 12 Oct 2023 20:06:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 30732
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cLaRpxgwj2%2FdtZrpNof4gY2skBkgcJrX8RHY38KYPCtlXt5NfS7UW%2BtaFTgi0WF%2BawCe6c%2BuJXNhN6r5dgWupBBFQkMoeEU2qf7KzEUQpMvmvg2MWB%2FboK9s0VA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 816b7026cfa5568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET images.vfl.ru/ii/1696499345/2d834ce4/39025715.jpg
200 OK 46 kB URL GET HTTP/1.1 images.vfl.ru/ii/1696499345/2d834ce4/39025715.jpg
IP
ASN #24940 Hetzner Online GmbH
Requested by https://nsw2u.com/page/561
Certificate IssuerGoogle Trust Services LLC
Subject*.vfl.ru
FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04
ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.10], baseline, precision 8, 432x700, components 3\012- data
Hash d54f3e961e843224381b52420787300b
b24ff4dd6ff0b3c210ac80ccec30d1612bfb2c70
230c8719f7ff0cd67d89b8c5052dcc864b6c7ebbb62bf2ec21228af727652049
GET /ii/1696499345/2d834ce4/39025715.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 Oct 2023 22:18:28 GMT
Content-Type: image/jpeg
Content-Length: 45689
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Thu, 05 Oct 2023 09:49:05 GMT
ETag: "651e8691-b279"
Expires: Tue, 14 Nov 2023 22:18:28 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GET images.vfl.ru/ii/1695333094/924a0c46/39014176.jpg
200 OK 58 kB URL GET HTTP/1.1 images.vfl.ru/ii/1695333094/924a0c46/39014176.jpg
IP
ASN #24940 Hetzner Online GmbH
Requested by https://nsw2u.com/page/561
Certificate IssuerGoogle Trust Services LLC
Subject*.vfl.ru
FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04
ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.9], baseline, precision 8, 432x700, components 3\012- data
Hash 134f8969617eff6944cd04c9f38ab74a
866457b782255714fc929ae820c34e8303b028cc
71077ceec671fb2757240c7163ca59fa238b59a8672fc970159082239ff16ca6
GET /ii/1695333094/924a0c46/39014176.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 Oct 2023 22:18:28 GMT
Content-Type: image/jpeg
Content-Length: 58469
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Thu, 21 Sep 2023 21:51:34 GMT
ETag: "650cbae6-e465"
Expires: Tue, 14 Nov 2023 22:18:28 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GET hypocrisypreliminary.com/watch.802474924375.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22nsw2u%22%2C%22com%22%2C%22page%22%2C%22561%22%2C%22of%22%2C%22900%22%2C%22download%22%2C%22switch%22%2C%22roms%22%2C%22eshop%22%2C%22nsp%22%2C%22xci%22%2C%22nsz%22%5D&refer=https%3A%2F%2Fnsw2u.com%2Fpage%2F561&tz=0&dev=e&res=14.2079&uuid=9fb7bd1c-3298-4356-a2c7-cf090afdd8ff%3A3%3A1&shu=f8a713ffc4067123145a8a32e859d8b842ea781333a88d2f58cd2b394fa9ca18703c9d68271f2bd4495fe22a137b50f04ff12532c74fb625f9d3789630881ae6707b496953c4dae62bf0a9a0f64f998c3bc39627d0a8fac3c0cd02d0947d18&pst=1697408368&rmtc=t
200 OK 2.1 kB URL GET HTTP/1.1 hypocrisypreliminary.com/watch.802474924375.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22nsw2u%22%2C%22com%22%2C%22page%22%2C%22561%22%2C%22of%22%2C%22900%22%2C%22download%22%2C%22switch%22%2C%22roms%22%2C%22eshop%22%2C%22nsp%22%2C%22xci%22%2C%22nsz%22%5D&refer=https%3A%2F%2Fnsw2u.com%2Fpage%2F561&tz=0&dev=e&res=14.2079&uuid=9fb7bd1c-3298-4356-a2c7-cf090afdd8ff%3A3%3A1&shu=f8a713ffc4067123145a8a32e859d8b842ea781333a88d2f58cd2b394fa9ca18703c9d68271f2bd4495fe22a137b50f04ff12532c74fb625f9d3789630881ae6707b496953c4dae62bf0a9a0f64f998c3bc39627d0a8fac3c0cd02d0947d18&pst=1697408368&rmtc=t
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjecthypocrisypreliminary.com
Fingerprint09:A0:32:D7:DA:33:C3:90:9D:2D:A1:F1:34:7B:7A:FA:D1:4C:DF:5C
ValidityTue, 10 Oct 2023 08:45:55 GMT - Mon, 08 Jan 2024 08:45:54 GMT
File type HTML document text\012- HTML document, ASCII text, with very long lines (2630)
Hash 20ae9a652be2b0d11ff84f475f758c8a
9d14fcf4e35ca45700e9ca36bfdf494f33880e6d
089bcb53059cb2fade21f1e283aadcc22c42f11bb46d9ed65ba52e91b3b87fdb
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.802474924375.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22nsw2u%22%2C%22com%22%2C%22page%22%2C%22561%22%2C%22of%22%2C%22900%22%2C%22download%22%2C%22switch%22%2C%22roms%22%2C%22eshop%22%2C%22nsp%22%2C%22xci%22%2C%22nsz%22%5D&refer=https%3A%2F%2Fnsw2u.com%2Fpage%2F561&tz=0&dev=e&res=14.2079&uuid=9fb7bd1c-3298-4356-a2c7-cf090afdd8ff%3A3%3A1&shu=f8a713ffc4067123145a8a32e859d8b842ea781333a88d2f58cd2b394fa9ca18703c9d68271f2bd4495fe22a137b50f04ff12532c74fb625f9d3789630881ae6707b496953c4dae62bf0a9a0f64f998c3bc39627d0a8fac3c0cd02d0947d18&pst=1697408368&rmtc=t HTTP/1.1
Host: hypocrisypreliminary.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
Referer: https://nsw2u.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=19067264; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTA2NzI2NCwiayI6ImE0NTkyMmZhNDk2Njk1NWNlY2RmZmJkZGU1MzQ3YWU1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNDQ5ODA3LCJwaWQiOjE2MjY3OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjozMiwicHQiOjQsInBrIjoibWh2ZzFhbXRhIiwiY3BrcyI6eyAiMjgiOiJlZDZjYTVlYjhhYmM5YTg2NGZmYTM5MTE1Nzk5YjY0MSIsIjI5IjoiM2EyMjZhNjY0MGE2NDQ2ZGJjN2NkYzk2ZWNjNmIzZTgifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjE3OTA4ODk0OCwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMjQzODYsImJuIjoiRmlyZWZveCIsImJ2IjoiMTExLjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9uc3cydS5jb20vcGFnZS81NjEifX0.ScE7fEinZuS_8XFzCaT2lqal1nTdKUTUBCIOUZ18x0c
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 15 Oct 2023 22:18:28 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent
Custom-Referer: https://nsw2u.com
Access-Control-Allow-Origin: https://nsw2u.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=9fb7bd1c-3298-4356-a2c7-cf090afdd8ff:3:1; expires=Sun, 22 Oct 2023 22:18:28 GMT; secure; SameSite=None
iprc154f1e20bd56f79d7877e3dbf811a3d2=3570421; expires=Mon, 16 Oct 2023 02:18:28 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 16 Oct 2023 22:18:28 GMT; secure; SameSite=None
uncs=1; expires=Mon, 16 Oct 2023 22:18:28 GMT; secure; SameSite=None
pdhtkv32=true; expires=Mon, 16 Oct 2023 22:18:28 GMT; secure; SameSite=None
uncs32=1; expires=Mon, 16 Oct 2023 22:18:28 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bff966b11855ee5c4a5e83737ce0034d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
GET images.vfl.ru/ii/1612605383/854d114a/33235794.jpg
200 OK 61 kB URL GET HTTP/1.1 images.vfl.ru/ii/1612605383/854d114a/33235794.jpg
IP
ASN #24940 Hetzner Online GmbH
Requested by https://nsw2u.com/page/561
Certificate IssuerGoogle Trust Services LLC
Subject*.vfl.ru
FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04
ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.15], baseline, precision 8, 412x667, components 3\012- data
Hash 0039f65e691c878028c26d3441da8f11
bfb85aa878d30bd16218df29537d2b816cc5b9d9
147bc6a64142022d21af493884dc0b153a7d13067a343def8c2e3d56a6bce6c8
GET /ii/1612605383/854d114a/33235794.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 Oct 2023 22:18:28 GMT
Content-Type: image/jpeg
Content-Length: 61444
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Sat, 06 Feb 2021 09:56:23 GMT
ETag: "601e67c7-f004"
Expires: Tue, 14 Nov 2023 22:18:28 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GET images.vfl.ru/ii/1613668160/524ae41b/33386468.jpg
200 OK 53 kB URL GET HTTP/1.1 images.vfl.ru/ii/1613668160/524ae41b/33386468.jpg
IP
ASN #24940 Hetzner Online GmbH
Requested by https://nsw2u.com/page/561
Certificate IssuerGoogle Trust Services LLC
Subject*.vfl.ru
FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04
ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.15], baseline, precision 8, 412x667, components 3\012- data
Hash ad7fbf8eaaed1685f1bf3d8726ee04b0
3cc72291403e74e62e9520908584016bff314ba9
016e2fbf14f9431b163b16abb76b071adf9fc2acd02e7cdaea336f782a76c55b
GET /ii/1613668160/524ae41b/33386468.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 Oct 2023 22:18:28 GMT
Content-Type: image/jpeg
Content-Length: 53278
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Thu, 18 Feb 2021 17:09:20 GMT
ETag: "602e9f40-d01e"
Expires: Tue, 14 Nov 2023 22:18:28 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GET images.vfl.ru/ii/1613668893/0f17f282/33386660.jpg
200 OK 50 kB URL GET HTTP/1.1 images.vfl.ru/ii/1613668893/0f17f282/33386660.jpg
IP
ASN #24940 Hetzner Online GmbH
Requested by https://nsw2u.com/page/561
Certificate IssuerGoogle Trust Services LLC
Subject*.vfl.ru
FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04
ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.15], baseline, precision 8, 412x667, components 3\012- data
Hash cc331afcf1e8f83e31859fd8472ed4b9
573c8bb62fbe40f6e869c2a42fa812d7607a3f1e
41ea9b0d692245e2ecadae9781ed8d88c7059b8b82b172a6eafd5a465ece1d11
GET /ii/1613668893/0f17f282/33386660.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 Oct 2023 22:18:28 GMT
Content-Type: image/jpeg
Content-Length: 50052
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Thu, 18 Feb 2021 17:21:33 GMT
ETag: "602ea21d-c384"
Expires: Tue, 14 Nov 2023 22:18:28 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GET i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=500&resize=500&ssl=1
200 OK 7.7 kB URL GET HTTP/2 i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=500&resize=500&ssl=1
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 405x155, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1f2664d6059193e6c1a59ee7ef14d1a0
46542860abd849426ea23d66c601ff0888d735db
f685610012cd711cdf0f3f186e878030c152058d3705dd751d6048d480bc2621
GET /images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=500&resize=500&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:29 GMT
content-type: image/webp
content-length: 7712
last-modified: Sun, 19 Feb 2023 09:06:19 GMT
expires: Tue, 18 Feb 2025 21:06:19 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "6b02d3dbdaa697a7"
vary: Accept
x-nc: HIT arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
GET images.vfl.ru/ii/1612962173/59ddf73d/33284285.jpg
200 OK 54 kB URL GET HTTP/1.1 images.vfl.ru/ii/1612962173/59ddf73d/33284285.jpg
IP
ASN #24940 Hetzner Online GmbH
Requested by https://nsw2u.com/page/561
Certificate IssuerGoogle Trust Services LLC
Subject*.vfl.ru
FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04
ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.15], baseline, precision 8, 412x667, components 3\012- data
Hash 6b9e3fbc631741d06bcdf6ca0b9b7638
f08222857b35b0fdca710138d24b1793f63f7294
ec7f0b340d623d9d9349e2d2b0f1a05e9e2480bd99f96277d525c38f64af2faf
GET /ii/1612962173/59ddf73d/33284285.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 Oct 2023 22:18:29 GMT
Content-Type: image/jpeg
Content-Length: 53992
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Wed, 10 Feb 2021 13:02:53 GMT
ETag: "6023d97d-d2e8"
Expires: Tue, 14 Nov 2023 22:18:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GET images.vfl.ru/ii/1612655568/35f87d84/33241879.jpg
200 OK 42 kB URL GET HTTP/1.1 images.vfl.ru/ii/1612655568/35f87d84/33241879.jpg
IP
ASN #24940 Hetzner Online GmbH
Requested by https://nsw2u.com/page/561
Certificate IssuerGoogle Trust Services LLC
Subject*.vfl.ru
FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04
ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.15], baseline, precision 8, 412x667, components 3\012- data
Hash 387f74dc078d9981f2a8cf1cb3b2a6e2
180042ba65c92abc5416a9c18c597185730413f6
8d7f21bc2cbc1ab630c5bd791b5b849eeda19a2904e1a804bd4bf53b3ec314cf
GET /ii/1612655568/35f87d84/33241879.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 Oct 2023 22:18:29 GMT
Content-Type: image/jpeg
Content-Length: 41925
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Sat, 06 Feb 2021 23:52:48 GMT
ETag: "601f2bd0-a3c5"
Expires: Tue, 14 Nov 2023 22:18:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GET images.vfl.ru/ii/1613670246/0cd149f9/33387100.jpg
200 OK 77 kB URL GET HTTP/1.1 images.vfl.ru/ii/1613670246/0cd149f9/33387100.jpg
IP
ASN #24940 Hetzner Online GmbH
Requested by https://nsw2u.com/page/561
Certificate IssuerGoogle Trust Services LLC
Subject*.vfl.ru
FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04
ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.15], baseline, precision 8, 412x667, components 3\012- data
Hash 47bbb8d57a2f4c72b6899d80ddfc9de2
9e8bf5097192607944d16e6f250083e6a8247c02
1b8f5b8b68ccc7febf7886736983cbe5ee75a4e606a4a2d42e65a21766d8308d
GET /ii/1613670246/0cd149f9/33387100.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 Oct 2023 22:18:29 GMT
Content-Type: image/jpeg
Content-Length: 76607
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Thu, 18 Feb 2021 17:44:06 GMT
ETag: "602ea766-12b3f"
Expires: Tue, 14 Nov 2023 22:18:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GET banquetunarmedgrater.com/advertisers.js
200 OK 0 B URL GET HTTP/2 banquetunarmedgrater.com/advertisers.js
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerGoogle Trust Services LLC
Subjectbanquetunarmedgrater.com
Fingerprint77:2B:76:51:D0:51:70:02:2E:BF:B7:9B:02:8B:5A:A4:91:FA:0B:9E
ValidityMon, 11 Sep 2023 08:34:11 GMT - Sun, 10 Dec 2023 08:34:10 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 15 Oct 2023 22:18:29 GMT
content-type: application/javascript
content-length: 0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=172800
x-request-id: 59b44444ab5eb69480145cc186182d17
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 15 Oct 2023 22:18:28 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AunKwcGK69AMNKY3CSik07keUHMnmgW6CvRZ0rpKmmqULxcZhn2hG1%2B0lL8rfdLH5w3kpoftYjnS8SU7X8AnZsMZux2fkL7suy2Ff%2BdflKgyRub9J%2Fu%2FWCxMiezIf9vpQxXtXOYwjppmOFQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 816b702cdda25687-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET facilitypestilent.com/pixel/purst?dl=0&th=0&sc=0&rs=3897&rd=3897&fd=703&bv=23.10.v.1&tmpl=70
200 OK 0 B URL GET HTTP/1.1 facilitypestilent.com/pixel/purst?dl=0&th=0&sc=0&rs=3897&rd=3897&fd=703&bv=23.10.v.1&tmpl=70
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectfacilitypestilent.com
Fingerprint42:46:45:8C:52:C9:7F:D5:30:8D:B2:FD:C3:91:45:A7:62:B7:DE:B4
ValiditySat, 23 Sep 2023 00:45:55 GMT - Fri, 22 Dec 2023 00:45:54 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3897&rd=3897&fd=703&bv=23.10.v.1&tmpl=70 HTTP/1.1
Host: facilitypestilent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 15 Oct 2023 22:18:29 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
GET cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg
200 OK 25 kB URL GET HTTP/2 cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint62:DE:BA:BA:30:E9:EE:15:E9:24:B9:C5:BF:E1:7E:39:8B:20:E5:42
ValiditySun, 24 Sep 2023 23:04:02 GMT - Sat, 23 Dec 2023 23:04:01 GMT
File type JPEG image data, baseline, precision 8, 320x50, components 3\012- data
Hash d465d02b90e928dfd9d9846e102a9dac
22f7333777bec813bd9a7b870913a2b79b6d2fe4
e393d4f1c6b5d4973e157f0f10764b92037dc18239500f42b72bed8ecef462fd
GET /cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 15 Oct 2023 22:18:29 GMT
content-type: image/jpeg
content-length: 24714
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 14:06:18 GMT
etag: "62e1465a-608a"
expires: Tue, 17 Oct 2023 22:18:29 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
GET nsw2u.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
200 OK 12 kB URL GET HTTP/3 nsw2u.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File type ASCII text, with very long lines (12331)
Hash 88a769d2fe35899fd45a332a0a032cc0
514c6c1d8475d17e412849a4c90159517d0fa10a
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/page/561
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 15 Oct 2023 22:18:25 GMT
content-type: application/javascript
last-modified: Mon, 09 Oct 2023 07:53:33 GMT
etag: W/"6523b17d-302c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D8BHmBOOQY%2FTj2XyoVGVbfFq4qZQFO9l1%2FxHmJsERUaZEZOMOWJukIxgPhJPKq72jpzOByojByw2j%2B%2Bu8rQBrlGCnAKGNAD4dUgUOI5Nz%2Beqf3GF%2FL%2FYdRp0guQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 816b70155e8a568f-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Tue, 17 Oct 2023 22:18:25 GMT
cache-control: max-age=172800, public
content-encoding: gzip
GET c0.wp.com/c/6.3.1/wp-includes/js/jquery/jquery.min.js
200 OK 88 kB URL GET HTTP/2 c0.wp.com/c/6.3.1/wp-includes/js/jquery/jquery.min.js
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (65447)
Hash ff04dd1ef5c67998d8652330c0441689
5e6ff5bd5240181a8bdea983837f39ac231dac4d
5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164
GET /c/6.3.1/wp-includes/js/jquery/jquery.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 26 May 2023 11:33:35 GMT
content-encoding: br
expires: Mon, 14 Oct 2024 22:18:26 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
GET c0.wp.com/c/6.3.1/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css
200 OK 11 kB URL GET HTTP/2 c0.wp.com/c/6.3.1/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (11256), with no line terminators
Hash 2b0dd7eecea03b4bdedb94ba622fdb03
703becba85161118dd6fc66af465428ef43f561c
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
GET /c/6.3.1/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:25 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
content-encoding: br
expires: Mon, 14 Oct 2024 22:18:25 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
GET nsw2u.com/wp-content/themes/posterpro/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
200 OK 77 kB URL GET HTTP/3 nsw2u.com/wp-content/themes/posterpro/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
GET /wp-content/themes/posterpro/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/wp-content/cache/wpfc-minified/fhg2umku/5qz0r.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: application/font-woff2
content-length: 77160
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
cf-cache-status: HIT
age: 30486
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KVaiEWfK%2BwOelWkjH1OwT1WqCj8Z3BMERCd3vFFhcFeI1nhO00w0JOgXjbc6V6L6LhvXqxkpLq6Vl6omWDr0y8khE%2BYK2fBXHA5L6Q9hRnMrrcfmetKQ1ywwahQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 816b7019f9fc568f-OSL
alt-svc: h3=":443"; ma=86400
GET hypocrisypreliminary.com/watch.802474924375.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22nsw2u%22%2C%22com%22%2C%22page%22%2C%22561%22%2C%22of%22%2C%22900%22%2C%22download%22%2C%22switch%22%2C%22roms%22%2C%22eshop%22%2C%22nsp%22%2C%22xci%22%2C%22nsz%22%5D&refer=https%3A%2F%2Fnsw2u.com%2Fpage%2F561&tz=0&dev=e&res=14.2079&uuid=9fb7bd1c-3298-4356-a2c7-cf090afdd8ff%3A3%3A1
307 Temporary Redirect 3.5 kB URL GET HTTP/1.1 hypocrisypreliminary.com/watch.802474924375.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22nsw2u%22%2C%22com%22%2C%22page%22%2C%22561%22%2C%22of%22%2C%22900%22%2C%22download%22%2C%22switch%22%2C%22roms%22%2C%22eshop%22%2C%22nsp%22%2C%22xci%22%2C%22nsz%22%5D&refer=https%3A%2F%2Fnsw2u.com%2Fpage%2F561&tz=0&dev=e&res=14.2079&uuid=9fb7bd1c-3298-4356-a2c7-cf090afdd8ff%3A3%3A1
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjecthypocrisypreliminary.com
Fingerprint09:A0:32:D7:DA:33:C3:90:9D:2D:A1:F1:34:7B:7A:FA:D1:4C:DF:5C
ValidityTue, 10 Oct 2023 08:45:55 GMT - Mon, 08 Jan 2024 08:45:54 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.802474924375.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22nsw2u%22%2C%22com%22%2C%22page%22%2C%22561%22%2C%22of%22%2C%22900%22%2C%22download%22%2C%22switch%22%2C%22roms%22%2C%22eshop%22%2C%22nsp%22%2C%22xci%22%2C%22nsz%22%5D&refer=https%3A%2F%2Fnsw2u.com%2Fpage%2F561&tz=0&dev=e&res=14.2079&uuid=9fb7bd1c-3298-4356-a2c7-cf090afdd8ff%3A3%3A1 HTTP/1.1
Host: hypocrisypreliminary.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sun, 15 Oct 2023 22:18:28 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent
Custom-Referer: https://nsw2u.com
Access-Control-Allow-Origin: https://nsw2u.com
Access-Control-Allow-Credentials: true
Location: https://hypocrisypreliminary.com/watch.802474924375.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22nsw2u%22%2C%22com%22%2C%22page%22%2C%22561%22%2C%22of%22%2C%22900%22%2C%22download%22%2C%22switch%22%2C%22roms%22%2C%22eshop%22%2C%22nsp%22%2C%22xci%22%2C%22nsz%22%5D&refer=https%3A%2F%2Fnsw2u.com%2Fpage%2F561&tz=0&dev=e&res=14.2079&uuid=9fb7bd1c-3298-4356-a2c7-cf090afdd8ff%3A3%3A1&shu=f8a713ffc4067123145a8a32e859d8b842ea781333a88d2f58cd2b394fa9ca18703c9d68271f2bd4495fe22a137b50f04ff12532c74fb625f9d3789630881ae6707b496953c4dae62bf0a9a0f64f998c3bc39627d0a8fac3c0cd02d0947d18&pst=1697408368&rmtc=t
Set-Cookie: u_pl=19067264; expires=Mon, 16 Oct 2023 22:18:28 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTA2NzI2NCwiayI6ImE0NTkyMmZhNDk2Njk1NWNlY2RmZmJkZGU1MzQ3YWU1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNDQ5ODA3LCJwaWQiOjE2MjY3OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjozMiwicHQiOjQsInBrIjoibWh2ZzFhbXRhIiwiY3BrcyI6eyAiMjgiOiJlZDZjYTVlYjhhYmM5YTg2NGZmYTM5MTE1Nzk5YjY0MSIsIjI5IjoiM2EyMjZhNjY0MGE2NDQ2ZGJjN2NkYzk2ZWNjNmIzZTgifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjE3OTA4ODk0OCwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMjQzODYsImJuIjoiRmlyZWZveCIsImJ2IjoiMTExLjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9uc3cydS5jb20vcGFnZS81NjEifX0.ScE7fEinZuS_8XFzCaT2lqal1nTdKUTUBCIOUZ18x0c; expires=Sun, 15 Oct 2023 22:19:28 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c574fd9cff238ed8e80c592537375adb
Strict-Transport-Security: max-age=0; includeSubdomains
GET nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.core.js
200 OK 14 kB URL GET HTTP/3 nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.core.js
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
Hash 0e78b1db7d662e95ae8c3506146b080a
9f1675c87a306e4dd45f84d0b7ac484ae506245e
6e79424f448b401656e2384514c9332a4baa6ab4d458ba048655e01f4b1c60f2
GET /wp-content/themes/posterpro/foundation/js/foundation.core.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/page/561
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 30730
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ATqiJ33NeBWtnj%2FNxdp7DjqfOMu6wVE9TcnLfT9tSQcMUyYHogVQQ%2FE11sfOMO3Go6kRqOB2P5d4JvWoEKYw8En4sMPKNfIH3M86ZRRXZIunHgMVo5OiAiO8k7Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 816b70190948568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET nsw2u.com/wp-content/cache/wpfc-minified/6zu0bqmr/5qz0r.js
200 OK 2.8 kB URL GET HTTP/3 nsw2u.com/wp-content/cache/wpfc-minified/6zu0bqmr/5qz0r.js
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File type HTML document text\012- HTML document, ASCII text, with very long lines (2972), with no line terminators
Hash 931b85cb75ffe4c6b196a0d45d0b92c0
9e55c38907d27589edd3f8638a36dcfd2a64d779
3ecde2005a956084887d85ad2aed0c01c0afcdba4abaa03f378e8ecdc1dbd359
GET /wp-content/cache/wpfc-minified/6zu0bqmr/5qz0r.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/page/561
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Tue, 29 Aug 2023 11:06:03 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 30730
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X3G4HnNOL45QCO98VRZRCmC%2FB4pouUulEXYSqWjihTDqHPo7unyj52M5SqTebwwmaQPQsq%2F89AtHJZT756QtzPOlt5MJk7V3%2FULwB%2BdZEUH4a1jp8n7ExYedH6M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 816b7019296b568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=0aa4f53ecbe8911b5307
200 OK 7.6 kB URL GET HTTP/3 nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=0aa4f53ecbe8911b5307
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File type ASCII text, with very long lines (7804), with no line terminators
Hash 9c77b566bd54b44feb40dae5abb672fd
4800962e6abb9f034197101fd654cd8f89e40e51
4fa5b8f79358bd73eafe22ac4a73531acbbed4b61f646d001d8636f27c4b2b07
GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=0aa4f53ecbe8911b5307 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/page/561
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 12 Oct 2023 20:06:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 30730
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oCHHvyJYRC%2B2ioRcugZzlcYAJOmXjDK%2Ftb01amH9wCHFekikeitOG8jfHEostEgz%2FNeQ7fuo4O%2FaYe2iHB0s7yXc8Z3kVKPCeEHigPQ%2FTJjQ614TeqOWaIDuAJ4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 816b70191954568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET friendshipmale.com/sfp.js
200 OK 86 kB URL GET HTTP/2 friendshipmale.com/sfp.js
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 15 Oct 2023 22:18:28 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 2d0186bc214ed835cf0112ba6446556c
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 15 Oct 2023 22:18:28 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ke1zChsyNopfxB0BA3zKq5BQbRM3sLOlJqz0smqgeTBcjF4HvZiMDVTkUnIwxwzJ5X077k5SaN9Y9uQM2C5eQjgkQJuoNpgD%2FOXsr4SIl9A%2FSkhYEAErvB8unBck0ahu3YChUPw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 816b702a6da963c6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.2
200 OK 4.6 kB URL GET HTTP/3 nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.2
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File type ASCII text, with very long lines (4857), with no line terminators
Hash 3c05b4818fda400788cc5c2f60d87ea4
01e544e8461be8bb14a13fb8be13cc1e8259858e
db8170cdde3c954a075a4c1cfe836be73fc450ee8a298978470ca6a110284a08
GET /wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.2 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/page/561
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:31:33 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 30730
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Il8GFk9NS%2FzBI6jpGKgZebpI6f9mnuByjtRO6npNbDYKxELUbdLswaO9rDH7lTHnqJ8dX7fzXB3GlREbSkP3%2BSqmyeGlfjXJYpo9lm6yWwUtl8AwP8NHQq8wAWQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 816b7018f93d568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET nsw2u.com/wp-content/cache/wpfc-minified/q8eepl4d/dmlqt.css
200 OK 8.1 kB URL GET HTTP/3 nsw2u.com/wp-content/cache/wpfc-minified/q8eepl4d/dmlqt.css
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File type ASCII text, with very long lines (8145), with no line terminators
Hash 734068ce5268bc23a7506f3e9e9f5d41
acf53910826dc6702a5fb8f2bf6aab44b17f4886
2dd5b45b7df3d954548b70324f5730bf593bcdab6dac3632cc19ac119e8912a8
GET /wp-content/cache/wpfc-minified/q8eepl4d/dmlqt.css HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/page/561
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 15 Oct 2023 22:18:25 GMT
content-type: text/css
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sun, 03 Sep 2023 08:56:51 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 30729
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jN6podAG6hNsZ6s4Xqx79jMTSGmuTGblyheiT%2BNEEW9x4Dx6U71JmGJmjaKz7o7nzBWEWnPDuQmkffC39Njb0xKduMtu8Vg8QJqQVg9GNHNUMAx4zYK%2BrmqVoZU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 816b70154e77568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET www.googletagmanager.com/gtag/js?id=UA-262573192-2
200 OK 189 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=UA-262573192-2
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint54:FD:04:1B:2E:C7:46:95:DD:15:A3:A0:3F:CE:7F:03:02:53:36:8F
ValidityMon, 18 Sep 2023 08:19:25 GMT - Mon, 11 Dec 2023 08:19:24 GMT
File type ASCII text, with very long lines (4179)
Size 189 kB (188585 bytes)
Hash f557eefd23d47d20ff461386fb720951
a12295597e44b9db104cc56474dec7f3ace4aeb4
65bedd792f8fea770f0f919ea8904c517a29bd86b7465f3bc04e8fbac9287c34
GET /gtag/js?id=UA-262573192-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 15 Oct 2023 22:18:26 GMT
expires: Sun, 15 Oct 2023 22:18:26 GMT
cache-control: private, max-age=900
last-modified: Sun, 15 Oct 2023 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 68135
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET c0.wp.com/c/6.3.1/wp-includes/js/dist/vendor/regenerator-runtime.min.js
200 OK 6.6 kB URL GET HTTP/2 c0.wp.com/c/6.3.1/wp-includes/js/dist/vendor/regenerator-runtime.min.js
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (6777), with no line terminators
Hash 4b5583c1e3d9c4f85089eebae5b0ea63
8f1a4ba1dabf9fb35cfc2a2ebd08b93a91c0923b
4c4ee791f1baebfe9e127c3341a2eda8e6e8a5debf27d91fae8c04cd2adb1527
GET /c/6.3.1/wp-includes/js/dist/vendor/regenerator-runtime.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 07 Feb 2023 15:56:37 GMT
content-encoding: br
expires: Mon, 14 Oct 2024 22:18:26 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
GET images.vfl.ru/ii/1695834573/4660033d/39017471.jpg
200 OK 70 kB URL GET HTTP/1.1 images.vfl.ru/ii/1695834573/4660033d/39017471.jpg
IP
ASN #24940 Hetzner Online GmbH
Requested by https://nsw2u.com/page/561
Certificate IssuerGoogle Trust Services LLC
Subject*.vfl.ru
FingerprintD9:F0:63:03:03:30:7F:C2:7F:42:0C:BB:FC:94:2E:0B:8F:53:F3:04
ValidityThu, 05 Oct 2023 07:19:50 GMT - Wed, 03 Jan 2024 07:19:49 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 700x700, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.9], baseline, precision 8, 432x700, components 3\012- data
Hash e9e36581a8f6a42af1035931c689e924
b7d83e5d7c68d1c2e433d3510b97cb2403f8a356
17c758228b7074f2e08ed5fa5a8b3cb77f4fd54f4ce819c962a3819cdbc82435
GET /ii/1695834573/4660033d/39017471.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 Oct 2023 22:18:28 GMT
Content-Type: image/jpeg
Content-Length: 69490
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Wed, 27 Sep 2023 17:09:33 GMT
ETag: "651461cd-10f72"
Expires: Tue, 14 Nov 2023 22:18:28 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GET c0.wp.com/p/jetpack/12.6.2/css/jetpack.css
200 OK 100 kB URL GET HTTP/2 c0.wp.com/p/jetpack/12.6.2/css/jetpack.css
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
Size 100 kB (100132 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/jetpack/12.6.2/css/jetpack.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:25 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Mon, 11 Sep 2023 22:30:19 GMT
content-encoding: br
expires: Mon, 14 Oct 2024 22:18:25 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
GET hypocrisypreliminary.com/ed/6c/a5/ed6ca5eb8abc9a864ffa39115799b641.js
200 OK 43 kB URL GET HTTP/1.1 hypocrisypreliminary.com/ed/6c/a5/ed6ca5eb8abc9a864ffa39115799b641.js
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjecthypocrisypreliminary.com
Fingerprint09:A0:32:D7:DA:33:C3:90:9D:2D:A1:F1:34:7B:7A:FA:D1:4C:DF:5C
ValidityTue, 10 Oct 2023 08:45:55 GMT - Mon, 08 Jan 2024 08:45:54 GMT
File type ASCII text, with very long lines (43166), with no line terminators
Hash 352a8b5675ddda8bc32083255f1af38e
8c7c7e2a7bb6bcdb8167fd871e67b9a873a37e41
03efc65ce4f02cb5adf1656c0252d179bc8eaadb88a6090905eb776a6b1e7358
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ed/6c/a5/ed6ca5eb8abc9a864ffa39115799b641.js HTTP/1.1
Host: hypocrisypreliminary.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 15 Oct 2023 22:18:28 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ae9f2ac6ffb922748cb64094a85e115a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
GET joathath.com/5/3812660/?oo=1&aab=1
200 OK 2.8 kB URL GET HTTP/2 joathath.com/5/3812660/?oo=1&aab=1
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectjoathath.com
Fingerprint50:21:4D:D6:AE:63:1F:5B:D5:76:5A:59:87:C9:DC:D3:F7:D7:CC:F1
ValidityTue, 19 Sep 2023 05:21:46 GMT - Mon, 18 Dec 2023 05:21:45 GMT
File type troff or preprocessor input, ASCII text, with very long lines (2990), with no line terminators
Hash a7dbaff98217b67fefdf633774989a49
e06d646e34d25468275b1cdd0ce0475880dff4e4
701cb4b53366cf5e04549381de29c97bffc0e180ff487f36e6a39b95bb81e737
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /5/3812660/?oo=1&aab=1 HTTP/1.1
Host: joathath.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:28 GMT
content-type: application/json
x-trace-id: da1da7cc8b4aa5c2d8bf633112a7e5b5
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://nsw2u.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=b669b2fe56344b899492cca32a6ae7fc; expires=Mon, 14 Oct 2024 22:18:28 GMT; path=/; secure; SameSite=None
oaidts=1697408308; expires=Mon, 14 Oct 2024 22:18:28 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
GET nsw2u.com/wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115
200 OK 880 B URL GET HTTP/3 nsw2u.com/wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File type ASCII text, with very long lines (965), with no line terminators
Hash fa7fe6b99dd294598a44154cb2f424b7
78a909d97e5dfeffa1e1311e2c7ad8633d768960
9600c505b5d0d438a661c90d7b6ef5c6098024ff4e16e58a3577d5d0c837237f
GET /wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/page/561
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 30730
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qwF2iB%2Btu%2FKRk%2Bm5jBHwLHaXi7ePxFO17C3VHG21kq7vB%2BCTRNkvi9SAYgRu6bWEQjL8XZy%2BB%2BGZGbNLpst%2FYvHifEaNXzOsHbW%2FukufZcEWf1La3w6bXVpfIt4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 816b70190949568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET stats.wp.com/w.js?ver=202341
200 OK 11 kB URL GET HTTP/2 stats.wp.com/w.js?ver=202341
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (10778), with no line terminators
Hash f6c87bc49e7646c7ccda489b9defc829
9003fc52b4c4014b4bd9fe2f4506440b299478b2
e97d12898ebf1039197a2a1c2f87bfe3b56f93eca2bfe60a46a1053fab7ad860
GET /w.js?ver=202341 HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: application/javascript
vary: Accept-Encoding
x-minify: t
x-minify-cache: hit
etag: W/10813-1684461103132.7104
content-encoding: br
expires: Mon, 07 Oct 2024 13:30:34 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2
GET c0.wp.com/c/6.3.1/wp-includes/js/dist/url.min.js
200 OK 9.1 kB URL GET HTTP/2 c0.wp.com/c/6.3.1/wp-includes/js/dist/url.min.js
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (10357), with no line terminators
Hash 93d89333b0ea716b0dded414b6fd690e
bea26f3b7bf556a03bf81259459154e5728de2cb
acab68f8aa0636ce9058f6bf3d72d59dede88fb7111dd75532dcbd572ecb8722
GET /c/6.3.1/wp-includes/js/dist/url.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 27 Jun 2023 14:24:19 GMT
content-encoding: br
expires: Mon, 14 Oct 2024 22:18:26 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
GET definedbootnervous.com/a45922fa4966955cecdffbdde5347ae5/invoke.js
200 OK 30 kB URL GET HTTP/1.1 definedbootnervous.com/a45922fa4966955cecdffbdde5347ae5/invoke.js
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectdefinedbootnervous.com
FingerprintFE:CF:3A:96:3E:47:C4:AA:55:62:56:91:23:16:FC:0A:94:CC:D9:DC
ValidityTue, 19 Sep 2023 06:24:07 GMT - Mon, 18 Dec 2023 06:24:06 GMT
File type exported SGML document, ASCII text, with very long lines (29685), with no line terminators
Hash c2a12674e0ef733b0051fbae13e26ddf
bf0291bed7b83985af22da3ac1fa29d35bab1fe2
5f8297c94efb45c86bfa624e8e1bc56d4d4ed43c4ec7966d61b166c466d43dff
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /a45922fa4966955cecdffbdde5347ae5/invoke.js HTTP/1.1
Host: definedbootnervous.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 15 Oct 2023 22:18:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 91bc0448a62a1b7fbf6a018a20956b94
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
GET nsw2u.com/wp-content/cache/wpfc-minified/fhg2umku/5qz0r.css
200 OK 148 kB URL GET HTTP/3 nsw2u.com/wp-content/cache/wpfc-minified/fhg2umku/5qz0r.css
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
Size 148 kB (147784 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-content/cache/wpfc-minified/fhg2umku/5qz0r.css HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/page/561
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 15 Oct 2023 22:18:25 GMT
content-type: text/css
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Tue, 29 Aug 2023 11:06:03 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 30729
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BlbfAncOvzg%2Ftksr0GDH1EN4Ux%2BGat%2BBbHtC%2F6fxrBmFihaJSd7WA24%2BsUiqxVHFvw25AF0VPXMP%2BsR2pnD1vIvAXqiMmpyXof5NRBYdrbUnu9br6eZCGRPzBzc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 816b70152e54568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/css/lazyload.css?ver=4.5.0
200 OK 399 B URL GET HTTP/3 nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/css/lazyload.css?ver=4.5.0
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File type ASCII text, with very long lines (423), with no line terminators
Hash ed94fa94e236140899a07d0bb24f233d
8e7f16eda1a41233d4d0f19264382b6222959b6c
2fb43730229e7993c5976889479bdd4488ce1cab9f939f11d7bba6e327c9a5df
GET /wp-content/plugins/featured-image-from-url/includes/html/css/lazyload.css?ver=4.5.0 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/page/561
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 15 Oct 2023 22:18:25 GMT
content-type: text/css
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Mon, 25 Sep 2023 10:34:20 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 30729
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jdmpkm01y35OvotchhOxna2%2Bpm6LctPZ%2FIplKZAfOao89O9jyTVP%2FIqzyKj0AWvZMbUtYeRR%2FZWjcjqDY5Ple2fa31nW%2FEofn7Wyk41muaxv3JJjhsToXqthJHQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 816b70153e67568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.min.js
200 OK 124 kB URL GET HTTP/3 nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.min.js
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File type ASCII text, with very long lines (32024)
Size 124 kB (123510 bytes)
Hash 7ed39eb42c8c450b59a24bab9cfa7fae
7fdd3fee90709f703fac533b6061864fcd7ec206
35ddb1ce73a4ac4f4792b00c8b8c56cbf857910ada5e2a0183d898b01adc16bb
GET /wp-content/themes/posterpro/foundation/js/foundation.min.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/page/561
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 30730
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=arJeSQwJvAjdin7mUlWj%2FnUTIcwFy%2BMsEupNUeQHX9rDiUJ%2BZ7vuEuIcGgiCOv%2B1DaDADWFeIYSxNRzwm4AuYy0%2FRioDA%2F6ehNpTyYoNJIhUo0GzpTlWDjr07pg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 816b70190947568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET nsw2u.com/wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.31
200 OK 110 B URL GET HTTP/3 nsw2u.com/wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.31
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File type ASCII text, with no line terminators
Hash 70cd599fb1a952f67216cc82829f9ada
74cfae7f053f69abf2dce9cb74c962a83b8ba8bf
1fa8347df53b4287898f910b10e189b287e5610aa9d6cd322fb53d487b37a56d
GET /wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.31 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/page/561
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=112
expires: max-age=A10368000, public
last-modified: Fri, 22 Sep 2023 09:31:13 GMT
cf-cache-status: HIT
age: 30730
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ncBVtvHi4w0%2FFJ07vWCh6Y4bXpyg5FeLQAkSunaB7Xc6nOnNgx3WUutKmM2T%2F2fbiKC%2BOTO2iHnK4uNsEqSgOpFHx1PSDLUWxKXb%2B4CPy%2BxgwOpMie3oJR%2FkcZ4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 816b701898eb568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=32%2C32&ssl=1
200 OK 374 B URL GET HTTP/2 i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=32%2C32&ssl=1
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 43df8a9873aa31bb000672a677ac1640
4c1bcd8c3a797217d375df16b4bcab2d6a2763a3
d865b1c06cbff014e7c47cf5afb4332de4c95a537f86074e001b577c50aef07d
GET /nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=32%2C32&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: image/webp
content-length: 374
last-modified: Sat, 24 Sep 2022 18:25:44 GMT
expires: Tue, 24 Sep 2024 06:25:44 GMT
cache-control: public, max-age=63115200
link: <https://nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png>; rel="canonical"
x-content-type-options: nosniff
etag: "9a9a255d155ea6c0"
vary: Accept
x-nc: HIT arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
GET joathath.com/?rb=AccRxwk83n2tIu9NiXXUHoM2AQ8K5MC_Z4sLzZfN8RDeTH53pTqdUhjAd6mCoGNoQEmsCr-jMZ0VZJD4TGsbWL2SCcL9kqnTCkPlZqAGcqvEXjMDPxB7vWbcChqq62ePB-q86zyYrEBlVf8kCzjzuFpyITxtRyr9AUh3Mh63sVUvLYDm05vwuSls9KBYWjiiHNEGp6XrCG_fNDEfW29LAQ%3D%3D&request_ab2=0&zoneid=3812660&js_build=iclick-v1.606.3-auto&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=2&pl=https%3A%2F%2Fnsw2u.com%2Fpage%2F561&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.606.3-auto&bs=cc46923b-0478-48d6-a633-31654e3e776e&userId=b669b2fe56344b899492cca32a6ae7fc&m=link
200 OK 2.1 kB URL GET HTTP/2 joathath.com/?rb=AccRxwk83n2tIu9NiXXUHoM2AQ8K5MC_Z4sLzZfN8RDeTH53pTqdUhjAd6mCoGNoQEmsCr-jMZ0VZJD4TGsbWL2SCcL9kqnTCkPlZqAGcqvEXjMDPxB7vWbcChqq62ePB-q86zyYrEBlVf8kCzjzuFpyITxtRyr9AUh3Mh63sVUvLYDm05vwuSls9KBYWjiiHNEGp6XrCG_fNDEfW29LAQ%3D%3D&request_ab2=0&zoneid=3812660&js_build=iclick-v1.606.3-auto&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=2&pl=https%3A%2F%2Fnsw2u.com%2Fpage%2F561&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.606.3-auto&bs=cc46923b-0478-48d6-a633-31654e3e776e&userId=b669b2fe56344b899492cca32a6ae7fc&m=link
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectjoathath.com
Fingerprint50:21:4D:D6:AE:63:1F:5B:D5:76:5A:59:87:C9:DC:D3:F7:D7:CC:F1
ValidityTue, 19 Sep 2023 05:21:46 GMT - Mon, 18 Dec 2023 05:21:45 GMT
File type troff or preprocessor input, ASCII text, with very long lines (2139), with no line terminators
Hash 93bc584936fa0745c2469fe51322bbd9
6c52fb50592395ab84db34c0face9bab5a926fe6
1b2276c15467ab962b8cc2a9c8a92ae3dd419356d277e949263605be0926854e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /?rb=AccRxwk83n2tIu9NiXXUHoM2AQ8K5MC_Z4sLzZfN8RDeTH53pTqdUhjAd6mCoGNoQEmsCr-jMZ0VZJD4TGsbWL2SCcL9kqnTCkPlZqAGcqvEXjMDPxB7vWbcChqq62ePB-q86zyYrEBlVf8kCzjzuFpyITxtRyr9AUh3Mh63sVUvLYDm05vwuSls9KBYWjiiHNEGp6XrCG_fNDEfW29LAQ%3D%3D&request_ab2=0&zoneid=3812660&js_build=iclick-v1.606.3-auto&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=2&pl=https%3A%2F%2Fnsw2u.com%2Fpage%2F561&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.606.3-auto&bs=cc46923b-0478-48d6-a633-31654e3e776e&userId=b669b2fe56344b899492cca32a6ae7fc&m=link HTTP/1.1
Host: joathath.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nsw2u.com/
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Cookie: OAID=b669b2fe56344b899492cca32a6ae7fc; oaidts=1697408308
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:28 GMT
content-type: application/json
x-trace-id: 6325761ff5f12d2522d3de156a842a8c
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://nsw2u.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=b669b2fe56344b899492cca32a6ae7fc; expires=Mon, 14 Oct 2024 22:18:28 GMT; path=/; secure; SameSite=None
oaidts=1697408308; expires=Mon, 14 Oct 2024 22:18:28 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sun, 22 Oct 2023 22:18:28 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
GET nsw2u.com/wp-content/themes/posterpro/js/navigation.js?ver=20120206
200 OK 2.3 kB URL GET HTTP/3 nsw2u.com/wp-content/themes/posterpro/js/navigation.js?ver=20120206
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File type ASCII text, with very long lines (2474), with no line terminators
Hash 2ea8be541e460acf6fcdc3c80a6d0ba8
49ae474a65aea7683fc0bc240d8188ab4439a8a3
51ef203dec6836fddecac912cb5b68f9e38378018a276975b4f927adc8de574d
GET /wp-content/themes/posterpro/js/navigation.js?ver=20120206 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/page/561
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 30730
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q97wo%2B7WJU0qbMgyjrqSBiDwIPcDeXx2UVBfUxgzjjFzVHwV16gB3xlHUWXn%2Bpj3R4ARFMatPr%2FSowARSYu44SJ6a%2F%2Fu8WfLHIWuBmEVqXbgnF66%2FQhF5s6Gzb0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 816b70191952568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET c0.wp.com/c/6.3.1/wp-includes/js/dist/vendor/wp-polyfill.min.js
200 OK 16 kB URL GET HTTP/2 c0.wp.com/c/6.3.1/wp-includes/js/dist/vendor/wp-polyfill.min.js
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c/6.3.1/wp-includes/js/dist/vendor/wp-polyfill.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 27 Jun 2023 14:24:19 GMT
content-encoding: br
expires: Mon, 14 Oct 2024 22:18:26 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
GET nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.css?minify=false&ver=ae1ab3cfcf7670b1d705
200 OK 36 kB URL GET HTTP/3 nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.css?minify=false&ver=ae1ab3cfcf7670b1d705
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.css?minify=false&ver=ae1ab3cfcf7670b1d705 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/page/561
Cookie: _ga_V5K7GYT3S4=GS1.1.1697408307.1.0.1697408307.0.0.0; _ga=GA1.1.1020275193.1697408308; _ga_HS5Y0K7QPG=GS1.1.1697408307.1.0.1697408307.0.0.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 15 Oct 2023 22:18:28 GMT
content-type: text/css
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 12 Oct 2023 20:06:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 30732
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uUndgS5kToeSN0QxM9kQ%2Fhd%2BgcUbLRl8NoIaBCU6YkvIpRO%2B0c89FH8elGcXgr8yBoeqdAaHICL19UMQ1%2FEfUQFeFaRoBd8DXUJnXQQA6m3gOxEzB6B6g6tfOig%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 816b7026af90568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET fonts.googleapis.com/css?family=Open+Sans%3A100%2C300%2C400%2C700&ver=6.3.1
200 OK 8.3 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Open+Sans%3A100%2C300%2C400%2C700&ver=6.3.1
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint73:C0:B4:AB:41:0A:6A:68:D4:AE:EE:E2:11:A4:38:23:EF:D2:86:B7
ValidityMon, 18 Sep 2023 08:25:07 GMT - Mon, 11 Dec 2023 08:25:06 GMT
File type ASCII text, with very long lines (8472), with no line terminators
Hash 3f5613f7160c3b6638dbbe32b93f8e97
62d3566bc0e2a74456c2bebb6d280be511402791
5d5d0961816e9953501ec925709e8c23de9e3add0dd57ccbc3f4402a0f53207c
GET /css?family=Open+Sans%3A100%2C300%2C400%2C700&ver=6.3.1 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 15 Oct 2023 22:18:25 GMT
date: Sun, 15 Oct 2023 22:18:25 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.5.0
200 OK 3.9 kB URL GET HTTP/3 nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.5.0
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintF3:56:5A:DF:95:E2:A8:CF:9E:B7:3F:B3:5B:E6:CA:39:3C:E0:F4:8E
ValiditySun, 08 Oct 2023 01:00:13 GMT - Sat, 06 Jan 2024 01:00:12 GMT
File type ASCII text, with very long lines (4076), with no line terminators
Hash 2541a2baf045e01159ee696c0811648d
b2263916a7fde84879fc3bda16095767ddf000f4
0548af9bb27732d955c46677c38cbffd67f7bcbdcf2d95797d395eefe44a6464
GET /wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.5.0 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/page/561
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Mon, 25 Sep 2023 10:34:20 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 30730
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l%2BbLMgxyGjCFoh1H9MN9wmTWQ3Kf7XrfC9RBm0kIB1cbbbVCeFwo%2FeKQg%2F1UGL%2F%2Fpd18Q49JCZrxfBpUrZBpTUSUJpxVhNcDPxVqDx%2BwGYOynAjuG3Fj8hNjnXU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 816b7018a8fa568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET c0.wp.com/c/6.3.1/wp-includes/js/dist/i18n.min.js
200 OK 9.4 kB URL GET HTTP/2 c0.wp.com/c/6.3.1/wp-includes/js/dist/i18n.min.js
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (9729), with no line terminators
Hash 3597d2da73a2e3de74981fcc5ecbfce4
94f7e899ca4635c129e8285579b3f0e38cf19730
080a50955b97dc50d39c296cc22e8d02f07a3cfcc58d3127d93466e281514637
GET /c/6.3.1/wp-includes/js/dist/i18n.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:26 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 28 Jun 2023 20:08:46 GMT
content-encoding: br
expires: Mon, 14 Oct 2024 22:18:26 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
GET c0.wp.com/c/6.3.1/wp-includes/css/dist/block-library/style.min.css
200 OK 104 kB URL GET HTTP/2 c0.wp.com/c/6.3.1/wp-includes/css/dist/block-library/style.min.css
IP
Requested by https://nsw2u.com/page/561
Certificate IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
Size 104 kB (104484 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c/6.3.1/wp-includes/css/dist/block-library/style.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 15 Oct 2023 22:18:25 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Wed, 19 Jul 2023 11:13:55 GMT
content-encoding: br
expires: Mon, 14 Oct 2024 22:18:25 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
188.114.96.1
104.17.24.14
64.233.165.101
139.45.197.242
78.46.73.220
0.0.0.0