Report - nsw2u.com/doom-switch-xci-nsp

Report Overview

Submitted URL
nsw2u.com/doom-switch-xci-nsp
IP
188.114.96.1
ASN
#13335 CLOUDFLARENET
Submitted
2023-06-05 18:48:45
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
13

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2023-06-05	1.4 kB	8.0 kB	104.17.25.14
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2023-06-05	483 B	9.0 kB	142.250.74.106
ciscobinary.openh264.org	40822	2013-10-19	2014-10-07	2023-06-05	295 B	512 kB	62.115.252.122
www.googletagmanager.com	75	2011-11-11	2013-05-22	2023-06-05	857 B	252 kB	142.250.74.168
1.gravatar.com	7167	2004-07-15	2012-05-21	2023-06-05	507 B	1.5 kB	192.0.73.2
i0.wp.com	3021	1997-03-28	2013-09-17	2023-06-05	24 kB	687 kB	192.0.77.2
s0.wp.com	6184	1997-03-28	2017-01-30	2023-06-05	3.2 kB	129 kB	192.0.77.32
images.vfl.ru	275945	2001-02-13	2012-10-04	2023-05-29	440 B	20 kB	212.47.236.38
pagead2.googlesyndication.com	101	2003-01-21	2021-02-20	2023-06-05	447 B	48 kB	142.250.74.34
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2023-06-05	1.3 kB	141 kB	104.18.7.185
mgnetu.com	93129	2019-07-12	2019-07-13	2023-05-31	810 B	2.4 kB	172.67.146.233
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2023-06-05	538 B	49 kB	142.250.74.35
ad.a-ads.com	26970	2012-07-07	2013-04-19	2023-06-05	1.5 kB	43 kB	136.243.3.135
0.gravatar.com	6977	2004-07-15	2012-05-21	2023-06-05	1.5 kB	33 kB	192.0.73.2
woovoree.net	unknown	2023-04-29	2023-04-29	2023-06-02	2.0 kB	87 kB	139.45.197.243
www.google-analytics.com	40	2005-07-18	2012-10-03	2023-06-05	422 B	21 kB	142.250.74.110
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2023-06-05	513 B	1.2 kB	35.244.181.201
jetpack.wordpress.com	139476	2000-03-03	2012-08-03	2023-06-05	923 B	24 kB	192.0.78.33
stats.wp.com	2711	1997-03-28	2017-01-30	2023-06-05	394 B	78 kB	192.0.76.3
definedbootnervous.com	unknown	2023-05-22	2023-05-22	2023-05-29	1.3 kB	1.5 kB	173.233.139.164
c0.wp.com	6988	1997-03-28	2018-09-24	2023-06-05	5.3 kB	282 kB	192.0.77.37
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-06-05	3.0 kB	6.3 kB	142.250.74.131
ocsp.sectigo.com	487	2018-08-16	2019-11-29	2023-06-05	330 B	773 B	104.18.14.101
static.a-ads.com	34827	2012-07-07	2013-06-01	2023-06-05	942 B	441 kB	136.243.3.135
secure.gravatar.com	1671	2004-07-15	2012-05-22	2023-06-05	1.3 kB	36 kB	192.0.73.2
2.bp.blogspot.com	11071	2000-07-31	2012-05-21	2023-06-05	1.1 kB	257 kB	142.250.74.129
my.rtmark.net	9054	2014-10-29	2015-02-04	2023-06-05	453 B	738 B	139.45.195.8
nsw2u.com	unknown	2020-12-05	2020-12-20	2023-05-29	19 kB	1.0 MB	188.114.96.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator
2023-06-05	medium	definedbootnervous.com
2023-06-05	medium	definedbootnervous.com
2023-06-05	medium	definedbootnervous.com
2023-06-05	medium	woovoree.net
2023-06-05	medium	woovoree.net
2023-06-05	medium	woovoree.net

ThreatFox

No alerts detected

Files detected

URL
ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
IP
62.115.252.122
ASN
#1299 Telia Company AB

File type
Zip archive data, at least v2.0 to extract, compression method=deflate\012- data
Size
512 kB (511815 bytes)
Hash
152eda253e242e18443ef3282495bc7c
ff0fa85565f21ec4931baad4573b4c0bd08c4019
8e03090fee16f6e0ee2e436af8e51d0c3deed6d9f0db80dec048e668fc009a48

Detections

Analyzer	Verdict	Alert
VirusTotal	0/60	VirusTotal -

JavaScript (85)

	URL	Size	First Seen	Last Seen
	nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.core.js	14 kB	2023-03-08	2024-02-25
Pretty URL nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.core.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:39:55 Last Seen2024-02-25 19:18:35 Times Seen93 Hash 0e78b1db7d662e95ae8c3506146b080a 9f1675c87a306e4dd45f84d0b7ac484ae506245e 6e79424f448b401656e2384514c9332a4baa6ab4d458ba048655e01f4b1c60f2 Loading...

	nsw2u.com/doom-switch-xci-nsp	1.5 kB	2023-06-05	2023-06-05
Pretty URL nsw2u.com/doom-switch-xci-nsp IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-05 20:48:48 Last Seen2023-06-05 20:48:48 Times Seen1 Hash 157fa981dff5ff917964313fbba03d2d 1aa04c903ded46845d9543aec84307b703f8bd2c 4e0fe885335c44d30707cf1ec7c92b478e8f7f36fc1fc54ba8d0028efac85b26 Loading...

	nsw2u.com/doom-switch-xci-nsp	294 B	2023-05-11	2023-10-30
Pretty URL nsw2u.com/doom-switch-xci-nsp IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-11 18:42:32 Last Seen2023-10-30 14:42:44 Times Seen20 Hash f73754c10536a2e729f6d06f9e7f191f f69f394a68fcebecbce2ada0f6f8a91ffc077790 06dc51e59503bfca6c59b6050f0dba624b14358f3644d81a3f6605f6586151f6 Loading...

	jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp	261 B	2023-03-07	2024-04-26
Pretty URL jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:29:43 Last Seen2024-04-26 01:43:31 Times Seen809 Hash 045d9793bea2147d49e2091523bca32f add12c4d76b79a2ac35faec35f62d29a95aba30f e08353fd145bf9e8bfd944b3d6f4ccfa8ee927eda9209edeb5b1744e3b3a85b7 Loading...

	jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp	2.2 kB	2023-06-01	2023-06-27
Pretty URL jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-01 00:42:29 Last Seen2023-06-27 16:30:57 Times Seen43 Hash 3de232ed5e0fddf0b7075b35e4332aff 977a8a715289bd4faa668fc6e121118c47d29459 f249560705f5291630f39e96354dda7537d18184d21c77c2d4f8cd58d41c6e3a Loading...

	s0.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1610363240i	655 B	2023-05-08	2024-04-26
Pretty URL s0.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1610363240i IP 192.0.77.32 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-08 13:17:26 Last Seen2024-04-26 01:43:33 Times Seen652 Hash 5048b7bf6f335c259cae5d653d50726e 96f45044f726eef7c8e7c7f21f6368bf23a2b3f0 b6e4492d3b8358a81b80908b1f84e6bd2f64a7a46d48793af99d27bf29f4c2e8 Loading...

	jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp	146 B	2023-03-07	2024-04-23
Pretty URL jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:29:43 Last Seen2024-04-23 20:28:20 Times Seen573 Hash 72f439fe6bf6582d8adf0d55188233de 378d954e6f18090933d44d706389c0c06a71be6f cef4c937f7ca9c40f6229250024c340ec4ddaf281d22416866f8a34b9cc933c3 Loading...

	c0.wp.com/p/jetpack/12.1.1/_inc/build/photon/photon.min.js	685 B	2023-03-07	2024-04-15
Pretty URL c0.wp.com/p/jetpack/12.1.1/_inc/build/photon/photon.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:05 Last Seen2024-04-15 22:34:30 Times Seen3122 Hash 24626ac4453bf45fe07e6c5d4e859fbd 9adbe5e7a5e1b5fb19aee82a9d765631b62ecb2f 5cfd3418ebf7c95f8f7a9024ebfa383ff5a267a8568c9a2708c26733824bdf07 Loading...

	cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.2.2	1.9 kB	2023-03-07	2024-04-24
Pretty URL cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.2.2 IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:32:49 Last Seen2024-04-24 15:47:38 Times Seen5483 Hash f6a3dd4ecbf227acbafcff33d68dc71d 7421115ddcd5d436b89a1fd27e0cdce5a01978e6 30b2271be76ee2dd43122d0611f8aa498b9781f4cd03904ca12e12d2e91e9421 Loading...

	nsw2u.com/doom-switch-xci-nsp	77 B	2023-03-07	2024-01-21
Pretty URL nsw2u.com/doom-switch-xci-nsp IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:20:55 Last Seen2024-01-21 14:54:58 Times Seen68 Hash f486773dbb77eb5b9182557e3840f210 4a73976fdc72e2ef507a9a8b33ff2c9d40d8a1d6 5b297fb5c6efaf543008e21acb2090de623631fde2c2f64bd5da19682bb3fed1 Loading...

	nsw2u.com/wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.28	21 B	2023-03-10	2023-07-23
Pretty URL nsw2u.com/wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.28 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 10:15:53 Last Seen2023-07-23 15:36:34 Times Seen18 Hash 7b5568740085d86e99a5b2b3e3451cf7 0e46d43f176a16789e65b3a786fd418fec4d1c38 c1673ed04d0735a2c9fcfcb9c77d9f19e5fc6937feb503e99090bdc24ea0eea2 Loading...

	pagead2.googlesyndication.com/pagead/js/adsbygoogle.js	1.6 kB	2023-05-06	2024-04-26
Pretty URL pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP 142.250.74.34 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-06 01:21:43 Last Seen2024-04-26 06:23:26 Times Seen21082 Hash 2e9e391ad98fbe1b2de0b7b4fa9ca904 21d7771223e8286a06ad878af425094a40de32b5 1468d954f25ab75355f3c0f42cd9c84efd64a67922c47d3b69bdb6d0eb399e69 Loading...

	nsw2u.com/doom-switch-xci-nsp	270 B	2023-03-07	2023-11-02
Pretty URL nsw2u.com/doom-switch-xci-nsp IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 23:12:48 Last Seen2023-11-02 10:22:11 Times Seen8 Hash ade5a653a6b3bba943c16a1935b02736 46f64238653dbf29a88d1ac29b92ffb0c0d191f3 20a1e80d1f33e16353ea76c30b348467e209fb19c35b788d814bacddd53b7acb Loading...

	jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp	1.5 kB	2023-03-07	2023-09-30
Pretty URL jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:29:43 Last Seen2023-09-30 12:22:55 Times Seen223 Hash 0c90870a9fede81d37a7ad747c981b3e 02e4dfb0177e11e6bc67118299d100d1c96ad788 1b452057bafde56e6ec3008fa7df1b0f06d9af1e9d6890e032f9e611cac727f8 Loading...

	nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.3.6	8.0 kB	2023-03-29	2024-02-25
Pretty URL nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.3.6 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:25:58 Last Seen2024-02-25 19:18:34 Times Seen87 Hash e65cb4d4cd399c1b09798edfcea1b41e 49a2a4a502ac7e2c15727c3b7fd6e3d9d5960ff2 d2e0e4ea817ec2075d8ad25c70e9c8e124df393088286cfe1e75dd56069abc2b Loading...

	c0.wp.com/p/jetpack/12.1.1/modules/wpgroho.js	2.0 kB	2023-03-07	2024-04-26
Pretty URL c0.wp.com/p/jetpack/12.1.1/modules/wpgroho.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:05:01 Last Seen2024-04-26 01:43:31 Times Seen485 Hash c1fafcf478e9f5d874558524ddade40a e6aa77fbcc1bc2739f9f3742523b7ae623e9691c ccd911729403decd6e3b74702fdc4d2c1b1e3ecf35a147f7e5373669932cc708 Loading...

	cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.2.2	3.1 kB	2023-03-07	2024-03-04
Pretty URL cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.2.2 IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:06:25 Last Seen2024-03-04 00:51:51 Times Seen483 Hash 94279a9a0c4060a96efcf1da47716f86 ea88b3fd8b01a8b86edfd0f4120cc9a834893018 d41c6733a8c4a3a7f08204de8e3d60e1d2baf17dd7f675a26830fb1047fac40a Loading...

	nsw2u.com/wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.28	22 B	2023-03-08	2024-02-26
Pretty URL nsw2u.com/wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.28 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:02:15 Last Seen2024-02-26 21:59:00 Times Seen69 Hash 41bd53fe0ee631d5cfd895e18a53291d 9d9d3c42c53ad7f906cb083a0d2d37afb4537764 dfb2e16986e257b608b45d14396378a8f2ac6a7321c0dc2f13c66a33ec8e4a40 Loading...

	nsw2u.com/cdn-cgi/challenge-platform/scripts/invisible.js	24 kB	2023-06-05	2023-06-05
Pretty URL nsw2u.com/cdn-cgi/challenge-platform/scripts/invisible.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-05 20:48:48 Last Seen2023-06-05 20:48:49 Times Seen2 Hash d5a474b33d9ff5c463fb9f8f53f6dcfe 0fc051a3adf717b4390f20b43bb37141f62a3e78 d71207c8d00d27bd25a0ec0b8afc92491c0bc5445f3b2e129039166cb6674f45 Loading...

	nsw2u.com/doom-switch-xci-nsp	327 B	2023-06-05	2023-06-05
Pretty URL nsw2u.com/doom-switch-xci-nsp IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-05 20:48:48 Last Seen2023-06-05 20:48:48 Times Seen1 Hash fdef078c9399b836db0a5684000d448a e7deb56d9ded1b50c3943ddb4f325beccd0b6acc e73cf02ad5140032787bea1285b7484c89d1416646077fd981df042e54de0b08 Loading...

	nsw2u.com/sandbox%20eval%20code	128 B	2023-05-06	2024-04-26
Pretty URL nsw2u.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-06 01:21:43 Last Seen2024-04-26 06:23:25 Times Seen21220 Hash 23c336606ee3a6d444b305153fa0e2e2 473a2111970ae2a94b373e656d20c4bd4184d703 305375d5052f6a14434d2d338f852f0f4f04fb26495f88a5d62b6afde2e2cc60 Loading...

	nsw2u.com/doom-switch-xci-nsp	328 B	2023-06-05	2023-06-05
Pretty URL nsw2u.com/doom-switch-xci-nsp IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-05 20:48:48 Last Seen2023-06-05 20:48:48 Times Seen1 Hash bf6c3f465f74a4e51d21dfa120ef5add 1a4b35c9443628428f9bb93b8db40ffdf73739a4 2d8e51625bdd29c126e5451063b836be93006c9bb8db36f7016325b0b45f76b4 Loading...

	c0.wp.com/c/6.2.2/wp-includes/js/jquery/jquery.min.js	90 kB	2023-03-29	2024-04-26
Pretty URL c0.wp.com/c/6.2.2/wp-includes/js/jquery/jquery.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 22:52:25 Last Seen2024-04-26 06:02:10 Times Seen102882 Hash 0e850a69bc7fd0acc2e92ce6eee87959 8be6d9e7f7a61ccf0b8eac8a8144d770b608a19c afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a Loading...

	s0.wp.com/_static/??/wp-content/mu-plugins/likes/queuehandler.js,/wp-content/mu-plugins/akismet-3.0/_inc/akismet-frontend.js?m=1683897436j	24 kB	2023-05-15	2023-11-01
Pretty URL s0.wp.com/_static/??/wp-content/mu-plugins/likes/queuehandler.js,/wp-content/mu-plugins/akismet-3.0/_inc/akismet-frontend.js?m=1683897436j IP 192.0.77.32 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-15 19:50:26 Last Seen2023-11-01 14:54:58 Times Seen314 Hash 4704c1eb35424d96800d3c41a2442a39 bb2e6c029d5aa36ecebce1276f088dc30cd3ff65 780b61f483cfb44ee9881cbd362d41cf89609d401d12e9726e1471530ab14738 Loading...

	jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp	87 B	2023-03-07	2024-04-26
Pretty URL jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:06:26 Last Seen2024-04-26 06:23:26 Times Seen6011 Hash bd5f648f4fa75f28b17faffe66049687 c9c2791b295684a919a2bfd7b7e2ef5aab3c178a 1a4ba4a340b3f30596d32c1b272ddcfdbf3ccb8e89c2fa917ea60469017aeee4 Loading...

	nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.1	4.6 kB	2023-03-07	2024-04-17
Pretty URL nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.1 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:29 Last Seen2024-04-17 04:06:23 Times Seen887 Hash 3940eede2b6841663dddd9e946dec11e ccb59e18338a06a5f0168be0bd1677710f6d7bd4 b0fadf75681475e975bd2bdaceac6c08e8f5ef06f9a1c7fe9f3f7a571f5bc935 Loading...

	nsw2u.com/doom-switch-xci-nsp	327 B	2023-06-05	2024-02-26
Pretty URL nsw2u.com/doom-switch-xci-nsp IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-05 20:48:48 Last Seen2024-02-26 21:58:59 Times Seen19 Hash 0a55a8928cbca5bfac5a66c1723452e6 9f786632275f60fbb585193fa762b0dc5e711a51 7528db72a98a32805f731cc62e8a47bf9218f6e7d02183d9c77e73868e8884a0 Loading...

	stats.wp.com/e-202322.js	14 kB	2023-05-09	2024-01-25
Pretty URL stats.wp.com/e-202322.js IP 192.0.76.3 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-09 13:10:00 Last Seen2024-01-25 13:47:17 Times Seen6255 Hash 36a5287b66e9d145da53194a97a6245a 8569750e9f82d96f556d6f549cba940b2f316d2c ab8517f3d5171dd42a8b9c22af6a2f944b41d00e7ea54ba02b4ed71a6c59e543 Loading...

	nsw2u.com/doom-switch-xci-nsp	25 kB	2023-06-05	2023-06-05
Pretty URL nsw2u.com/doom-switch-xci-nsp IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-05 20:48:48 Last Seen2023-06-05 20:48:48 Times Seen1 Hash 5532e2a99309e22cc9844ceaebd37e9c 56bdb34f16a9b3a096af59d548ed3e89fa737718 5d73c9f679d14a4c93e296ed31bf659ebdd05473ebbba33cd1c639b40ff6efc5 Loading...

	jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp	31 B	2023-03-07	2024-04-23
Pretty URL jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:29:43 Last Seen2024-04-23 20:28:20 Times Seen480 Hash 4157bf26a5609634f3f2c1a8377c9deb db23b4aed4cb5b8fea2e78d0568308d0b8bba67f 27b2ab69381ccff549a515e554b6255aa0d071150c1b9578714ebcf8c243ce85 Loading...

	nsw2u.com/doom-switch-xci-nsp	531 B	2023-05-11	2024-02-25
Pretty URL nsw2u.com/doom-switch-xci-nsp IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-11 18:42:32 Last Seen2024-02-25 19:18:34 Times Seen25 Hash 40821d4e91d3a31a9389e35229622915 f8ba7dd9ac6fb3e00dcb67c271e21618199a1d67 726951036f66a7e3da01b64e1bdfc15d9fcb04cc3428a4f62117eb72c4eb49f9 Loading...

	nsw2u.com/doom-switch-xci-nsp	1.7 kB	2023-05-11	2024-02-25
Pretty URL nsw2u.com/doom-switch-xci-nsp IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-11 18:42:32 Last Seen2024-02-25 19:18:34 Times Seen12 Hash 2fa2dec3b7dc63f6f484bc05c732b177 33fc22ce4ba19926b4317c9d27d02b5aa3be6d07 df44dc601860072657c4ba165bee686d1d1886431754f2263bbea5199e4fed6d Loading...

	nsw2u.com/doom-switch-xci-nsp	82 B	2023-06-05	2023-06-05
Pretty URL nsw2u.com/doom-switch-xci-nsp IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-05 20:48:48 Last Seen2023-06-05 20:48:48 Times Seen1 Hash c16dd6c7cd4fff7986e3e90d9f4dbd8d 99adbceaf70a6a8799894944330b4fc767254f2b ddcf58714fdb795723155330e6e7ed6e8a72aa79075425448f4351915339c3ca Loading...

	c0.wp.com/c/6.2.2/wp-includes/js/comment-reply.min.js	3.0 kB	2023-03-07	2024-04-26
Pretty URL c0.wp.com/c/6.2.2/wp-includes/js/comment-reply.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:09 Last Seen2024-04-26 06:23:26 Times Seen29316 Hash 492f2c1a7ea7eb83fe42e0ff7cb51aa2 db36a77f6aaa2063bfbec02c2c0e967438c5a245 e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789 Loading...

	woovoree.net/tag.min.js	74 kB	2023-06-03	2023-06-06
Pretty URL woovoree.net/tag.min.js IP 139.45.197.243 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-03 00:00:41 Last Seen2023-06-06 12:49:30 Times Seen98 Hash 108831d56861ea0ee92dd3bbcb128e7c 35f1b3aae946f0ed3b5c607a30165f4eebfaed2b ada0b5209a666e8a22bb806893202d4ce19cb37ce808654a9fcdfb3261310e1e Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-04-26
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.110 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-04-26 06:30:58 Times Seen341812 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	s0.wp.com/_static/??/wp-content/js/mobile-useragent-info.js,/wp-content/js/rlt-proxy.js?m=1637704497j	19 kB	2023-03-07	2024-01-04
Pretty URL s0.wp.com/_static/??/wp-content/js/mobile-useragent-info.js,/wp-content/js/rlt-proxy.js?m=1637704497j IP 192.0.77.32 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:49 Last Seen2024-01-04 19:38:18 Times Seen404 Hash 4ba6be1612fb7d972e306b40ca81c69e f438812921a7e44f4649a8cc1e0680f3b16350b6 7551cbecbf078a66df8f9d246d8b11c773247921f5ff0bbe601f0cf67e1e287b Loading...

	jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp	575 B	2023-03-07	2023-07-29
Pretty URL jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:29:43 Last Seen2023-07-29 16:27:24 Times Seen230 Hash d14b696f639bf06fcf50f3a588bc54c1 c3fa02c02c3656a281222c14a7d664cc55bd05eb e5824f6c2d4c5605f1f879f7c6fc629a2c00a18a45e8b35ef549d9e59ddb7e2c Loading...

	jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp	1.1 kB	2023-06-05	2023-06-05
Pretty URL jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-05 20:48:48 Last Seen2023-06-05 20:48:48 Times Seen1 Hash 47c7c7bf53ec0c03b2ae5ae9d0cc9deb 93d1a56320fab1cdfaa028bf873675f1c9b5a2fa 9582738d3fdc9725c257cc44d3c24372a209d4ef079171042f464fc7c7a684aa Loading...

	jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp	433 B	2023-03-07	2024-04-26
Pretty URL jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:29:53 Last Seen2024-04-26 01:43:32 Times Seen416 Hash a5d5dbc6c924c130e19a4bbb0bda501e f9e86bc281d8428ab5138ad9bbefcedefdc3fa6c 55a522308c2e64b1b37e362dd7525887e36dddd1e313df2cc67b26f993ebb8e0 Loading...

	nsw2u.com/wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115	880 B	2023-03-07	2024-03-22
Pretty URL nsw2u.com/wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:25:13 Last Seen2024-03-22 06:13:54 Times Seen165 Hash 88744222f59f4700c6bc9212e12a653c df0bf43d60bed605eabbcb2776e0fbb46f1d1c05 4b179f8204186f3aa954f47cd81dbe86bf89c08edb8d5341b8e0697d99e35073 Loading...

	cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.2.2	7.9 kB	2023-03-07	2024-04-26
Pretty URL cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.2.2 IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:08 Last Seen2024-04-26 05:38:05 Times Seen3252 Hash 45bacd312d5098b4b59f563d8756c15d fa55e2cff078381e5365d95782a95a787d0b7192 3d9120fa621da6d613c1698b7014ec6bdf4620366e8f2b7b547059f4b6f6272b Loading...

	nsw2u.com/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1679380905	11 kB	2023-03-08	2024-04-25
Pretty URL nsw2u.com/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1679380905 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:27:25 Last Seen2024-04-25 19:45:26 Times Seen5617 Hash 94bc4228bb5941670e191e40a6bc44bd ad06418894462185e7eecc1421310f552e1e5e36 5734f1b66dcb622529d435aba20990813d43553f949bc0813719b4e7d1252527 Loading...

	nsw2u.com/doom-switch-xci-nsp	59 kB	2023-06-05	2023-06-05
Pretty URL nsw2u.com/doom-switch-xci-nsp IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-05 20:48:48 Last Seen2023-06-05 20:48:48 Times Seen1 Hash 85b98f423eaf5b22f8fb3766bb6fc90c b242f93116cc6a944cc3485c25cfe80e3ae9df15 24b2da18eaf570b1f217d99f80ce58f002a203f0872ab0aa18e34f3da90c3295 Loading...

	nsw2u.com/wp-content/cache/wpfc-minified/1difh1hx/6x2u.js	3.9 kB	2023-06-05	2023-06-05
Pretty URL nsw2u.com/wp-content/cache/wpfc-minified/1difh1hx/6x2u.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-05 20:48:48 Last Seen2023-06-05 20:48:48 Times Seen1 Hash 447f353fba7053988d94f36f1d8c2460 5f80623142f265e96378fd214c484075d9a0b977 0d99482835941c91b2c9dea45d1092f4cb2ae033e6f4797614fd86581a9a446f Loading...

	nsw2u.com/doom-switch-xci-nsp	447 B	2023-06-05	2023-06-05
Pretty URL nsw2u.com/doom-switch-xci-nsp IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-05 20:48:48 Last Seen2023-06-05 20:48:48 Times Seen1 Hash 0740617092675b8de802bebcab069793 37297696fb107283a9f28c9ff6b62e9a4ae41a17 d5072c7c5b854208cf4ef5456747f94185b240858b31c735ae76595e3c0bfe60 Loading...

	c0.wp.com/c/6.2.2/wp-includes/js/jquery/jquery-migrate.min.js	13 kB	2023-03-07	2024-04-25
Pretty URL c0.wp.com/c/6.2.2/wp-includes/js/jquery/jquery-migrate.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:08:52 Last Seen2024-04-25 14:51:24 Times Seen76208 Hash 5cfa2b481de6e87c2190a0e3538515d8 0fccf3c8ab2c10b4dcc7970e64ce997ab1622f68 9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3 Loading...

	nsw2u.com/doom-switch-xci-nsp	57 B	2023-03-07	2024-04-26
Pretty URL nsw2u.com/doom-switch-xci-nsp IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:05:01 Last Seen2024-04-26 01:43:32 Times Seen759 Hash d77da3c7eb06c88002d0a71f5871b32d 4bc85e9a6d37969174c7683858d8b3e135391e24 598ae4650a5f41a182576c1295a6d4c2439c16437d9e8a5f992cee5fa9cb1668 Loading...

	nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-lazy-images/dist/lazy-images.js?minify=false&ver=2e29137590434abf5fbe	2.4 kB	2023-04-16	2024-04-25
Pretty URL nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-lazy-images/dist/lazy-images.js?minify=false&ver=2e29137590434abf5fbe IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-16 17:25:02 Last Seen2024-04-25 15:09:14 Times Seen1520 Hash dbd2c18733ff907be35d6ce7012cda58 ab99ef32c7c79407b2781a0b2d492fb9b00467f9 c8be1269a134d7df5a75a02b0fce70d409e6d6984554acef232eabdaa4c39d66 Loading...

	www.googletagmanager.com/gtag/js?id=UA-262573192-2	122 kB	2023-06-05	2023-06-05
Pretty URL www.googletagmanager.com/gtag/js?id=UA-262573192-2 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-05 20:48:48 Last Seen2023-06-05 20:48:48 Times Seen2 Hash af458cb325013ac8ffb5ba72eff2c257 ed411ee94f6535007b1fe7c33ee174d0a2064c07 6efaee0a208f530d16a2040d6c83fccae723ef753b0d6669f5c441cf0a948f83 Loading...

	www.googletagmanager.com/gtag/js?id=G-HS5Y0K7QPG&l=dataLayer&cx=c	203 kB	2023-06-05	2023-06-05
Pretty URL www.googletagmanager.com/gtag/js?id=G-HS5Y0K7QPG&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-05 20:48:48 Last Seen2023-06-05 20:48:49 Times Seen2 Hash c9741d8b0f42f70088841fcc09994ffd 83d4de7a21429fd6c6c768ab250d3b8b147ab952 e0864ca29fd42e0e6dfe87a69f626eafbd12b7e5317d23eb7be57e90f42691dc Loading...

	0.gravatar.com/js/gprofiles.js?ver=202323a38e82b72ca7b7f7489a6e0d2e13bda8e1ecaa4ef340fc6b01754378626ee67e	26 kB	2023-06-01	2023-08-06
Pretty URL 0.gravatar.com/js/gprofiles.js?ver=202323a38e82b72ca7b7f7489a6e0d2e13bda8e1ecaa4ef340fc6b01754378626ee67e IP 192.0.73.2 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-01 19:13:25 Last Seen2023-08-06 05:57:10 Times Seen440 Hash caf0f706328fcd249a7fbeae23b0a62f 6e2d57c57b1603ffc814a9808a880618a2b36a44 a38e82b72ca7b7f7489a6e0d2e13bda8e1ecaa4ef340fc6b01754378626ee67e Loading...

	jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp	441 B	2023-03-07	2024-04-26
Pretty URL jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:29:43 Last Seen2024-04-26 01:43:33 Times Seen873 Hash 23ca0b3a0fde2fc9a555587728c5957c 7f0efa6919fb0217494430cb6bf1d363de29cb22 bf6041d623e98d8ce3224e766a2c61ac436ddefaab7f3363096553c1eb553114 Loading...

	nsw2u.com/doom-switch-xci-nsp	144 B	2023-03-07	2024-04-25
Pretty URL nsw2u.com/doom-switch-xci-nsp IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:07:48 Last Seen2024-04-25 22:19:47 Times Seen1092 Hash 9e60c60d1ac13537d561b60bd92a94de 185933689964a81f1eb8c3858783ad5127b9a6f5 912b0476e0fe39e642fa3ca9c200ef83d008d7a0b2c110cc787c4ef5f16b8ef6 Loading...

	nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.min.js	124 kB	2023-03-07	2024-04-11
Pretty URL nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.min.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:57:57 Last Seen2024-04-11 16:24:48 Times Seen148 Hash 7ed39eb42c8c450b59a24bab9cfa7fae 7fdd3fee90709f703fac533b6061864fcd7ec206 35ddb1ce73a4ac4f4792b00c8b8c56cbf857910ada5e2a0183d898b01adc16bb Loading...

	nsw2u.com/doom-switch-xci-nsp	182 B	2023-06-05	2023-06-05
Pretty URL nsw2u.com/doom-switch-xci-nsp IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-05 20:48:48 Last Seen2023-06-05 20:48:48 Times Seen1 Hash 844286c7b9cbc50377dc1231f283e4a1 f7fbc78e11f9368f90d0dfa3dfd4bac3fcf1565c 07367f21c27856f2c5887272d0b1c43b30ccdad84c320fb490a5fe4a0e68dd03 Loading...

	c0.wp.com/p/jetpack/12.1.1/_inc/build/sharedaddy/sharing.min.js	8.8 kB	2023-03-25	2024-04-21
Pretty URL c0.wp.com/p/jetpack/12.1.1/_inc/build/sharedaddy/sharing.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-25 23:47:26 Last Seen2024-04-21 15:18:29 Times Seen1432 Hash fdf202abd4476fbb38a872c322fe32b3 d728b2a9cc4a0875c901aa602a3920b198922b54 9e1dae23d3ad3212f67d09ca79a50003c32953c36bab976f634c9b38d8a8c6dc Loading...

	nsw2u.com/wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.28	23 B	2023-03-08	2024-02-26
Pretty URL nsw2u.com/wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.28 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:02:15 Last Seen2024-02-26 21:59:00 Times Seen67 Hash e509c98a0bcad0ce8e6248ac8eb31de1 ec5fe203df631088270b5f2b0b7a85498a2aeb8b 352ea4dd2d545563bef7eb0ba6d6ebfe4bc9d9e51ab00d9c925cb9e103edee63 Loading...

	nsw2u.com/doom-switch-xci-nsp	79 B	2023-03-07	2024-04-26
Pretty URL nsw2u.com/doom-switch-xci-nsp IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:07:29 Last Seen2024-04-26 01:52:40 Times Seen644 Hash ab1b0ef42311479d7559bffd29ef8d7d ba1509057a5f82563a2b55a7379f4825fe35bcab 37bf8b4db5288941c20c28fd7c0b201d2270201a94739d64462744ffe6b52f79 Loading...

	nsw2u.com/sandbox%20eval%20code	147 B	2023-04-11	2024-04-26
Pretty URL nsw2u.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-04-26 06:30:58 Times Seen342311 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp	2.8 kB	2023-04-12	2023-06-26
Pretty URL jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-12 16:39:53 Last Seen2023-06-26 14:50:50 Times Seen63 Hash 8d53125a2fe9b8c05ea1bd551745bba6 e007f7677ee7d55f3ed7825632cf5c4de137e592 da419e897802a769fed04005e2ae26c9daa2257d017ed1b464009abb4bbd44df Loading...

	nsw2u.com/doom-switch-xci-nsp	70 B	2023-03-08	2024-04-24
Pretty URL nsw2u.com/doom-switch-xci-nsp IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 07:05:06 Last Seen2024-04-24 21:59:04 Times Seen85 Hash dab1184244d47ac25667c940eff90dfc 6cd473b92e1956bd305f0056a46f18b6a4dfd80f 071ab71aea40b26ed6bb74deeb4fb203bd381f3e418588089f4a46d36b3daa07 Loading...

	nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-lazy-images/dist/intersection-observer.js?minify=false&ver=83ec8aa758f883d6da14	9.0 kB	2023-03-07	2024-04-25
Pretty URL nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-lazy-images/dist/intersection-observer.js?minify=false&ver=83ec8aa758f883d6da14 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:19 Last Seen2024-04-25 15:09:14 Times Seen2753 Hash ed3b4417df0895e4cf8465d32b69adc6 a63d0bad2dcb235c62a843eb3e8506e8931cede0 9900b23f9f49af5f34387eb63a8673a563ab131c1e171cfaf14cf8b67a466b9d Loading...

	nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.3.6	3.9 kB	2023-03-29	2024-02-26
Pretty URL nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.3.6 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 21:02:17 Last Seen2024-02-26 05:33:40 Times Seen141 Hash 87015559c535c9314bb1a8d6ed05597e b9e3b22a2bd7457d044551d5126a29bae25489a9 e5903bfc201247ffb215a9c8ca6b66cf2b77d63dc7c7953937619535dd394a7e Loading...

	nsw2u.com/wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.28	110 B	2023-03-08	2024-02-27
Pretty URL nsw2u.com/wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.28 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:02:15 Last Seen2024-02-27 14:10:33 Times Seen52 Hash b7d8aab20ec0137a23e4ff03411bd06c bd7e901bbf5968d13abb3dee762244715541bdfe 651cbb53c3e67a452582c597784a988f2ad5db132c709c279a23ad74b9917448 Loading...

	unknown	361 B	2023-06-05	2023-06-05
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-05 20:48:48 Last Seen2023-06-05 20:48:48 Times Seen1 Hash 2d74358f4d9b03071904a17ea40811e2 6caf6b7a6f980af2837782bcce1effeee63003f1 5cf368066fbfd6380fa5daba2f1dde949d82b0f28fb68d0d6f5ec536e05bb8d4 Loading...

	nsw2u.com/doom-switch-xci-nsp	244 B	2023-06-05	2023-06-05
Pretty URL nsw2u.com/doom-switch-xci-nsp IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-05 20:48:48 Last Seen2023-06-05 20:48:48 Times Seen1 Hash c5e3c56db4d0c97c9378273b38c04afa fc2ac9428240972f4e601c053a57137d81c71389 b10b651a229fba78bf2e45462d82c40ea64d0b296f773f071da794c82c968de4 Loading...

	nsw2u.com/doom-switch-xci-nsp	102 B	2023-03-07	2024-04-21
Pretty URL nsw2u.com/doom-switch-xci-nsp IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:17:28 Last Seen2024-04-21 15:18:30 Times Seen742 Hash 022fc06d2e8ac6dbbb4131af64e32ee2 7db3d6ac8ebd56f614da701fd7f3b20f8d5b1c0f 332c9e04ae54dd9ed509d89de9d9d5ec5ff40342593632fc4e0c034667aaee77 Loading...

	nsw2u.com/wp-content/themes/posterpro/js/navigation.js?ver=20120206	2.3 kB	2023-03-07	2024-04-17
Pretty URL nsw2u.com/wp-content/themes/posterpro/js/navigation.js?ver=20120206 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39:41 Last Seen2024-04-17 14:52:08 Times Seen310 Hash c3a5b08af3e63049707797efe65eab86 f66ed251ef8c24614ff24376d472f2f394f7b93f d79752e33e156b5cb219ab45103fe0ed7d80f111533dd8eec42c57546b4da500 Loading...

	nsw2u.com/doom-switch-xci-nsp	1.5 kB	2023-03-12	2023-07-21
Pretty URL nsw2u.com/doom-switch-xci-nsp IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 08:01:59 Last Seen2023-07-21 15:29:25 Times Seen9 Hash 8f754477f11c7ef30f09468536668d89 4bcbb751bf7bd6d6457731f5241ce8ebe2a51b02 d385ac8572dfff818305f65ec4d9178f3b554f9599d92ed5ecf7842b211ca630 Loading...

	nsw2u.com/doom-switch-xci-nsp	2.9 kB	2023-06-05	2023-06-05
Pretty URL nsw2u.com/doom-switch-xci-nsp IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-05 20:48:48 Last Seen2023-06-05 20:48:48 Times Seen1 Hash 2322f1a9678b8bf6a2a97c044aa47bae 6545796616f5ce302b15e6a3956cdebe61ca2fda 1198083574347d30ccb6b99dbd9199c0bfb613516ec7eb1ff3b1375e75e65192 Loading...

	nsw2u.com/doom-switch-xci-nsp	80 kB	2023-06-05	2023-06-05
Pretty URL nsw2u.com/doom-switch-xci-nsp IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-05 20:48:48 Last Seen2023-06-05 20:48:48 Times Seen1 Hash cccb08ab6319921f0c12e462b6df4a44 db71d9b5048c22251c69855f15d90e5f02d24248 73557492dcec89126fd834e6ac14a331bc4ebe79392aeeef9e7391e879c1c0dc Loading...

	s0.wp.com/_static/??/wp-content/js/textarea-autosize.min.js,/wp-content/mu-plugins/highlander-comments/script.js?m=1663141412j	42 kB	2023-03-07	2023-09-30
Pretty URL s0.wp.com/_static/??/wp-content/js/textarea-autosize.min.js,/wp-content/mu-plugins/highlander-comments/script.js?m=1663141412j IP 192.0.77.32 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:07:48 Last Seen2023-09-30 12:22:56 Times Seen282 Hash a38c5731b06a34d75d5eded37e05cc60 fbd73b4f1fb9e7137d1ef48e920801818e3afb2a 822183b6912f8ef43349d897aa66f65f840a059a488c1dae834f2e1b4d847c1c Loading...

	nsw2u.com/doom-switch-xci-nsp	53 B	2023-03-12	2024-02-26
Pretty URL nsw2u.com/doom-switch-xci-nsp IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 08:01:59 Last Seen2024-02-26 21:58:59 Times Seen23 Hash d3ead7e34b8fbb76cb63a9a39943859e 63fd3f10bd402ea5cc976e7bb1a45094edc3c9b7 9e66e7b215400aaa09d635b39effef5986bfb2e86a789c6fd4b8b36ffa52ba09 Loading...

	nsw2u.com/doom-switch-xci-nsp	116 B	2023-03-12	2024-02-26
Pretty URL nsw2u.com/doom-switch-xci-nsp IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 08:01:59 Last Seen2024-02-26 21:58:59 Times Seen23 Hash 4733472fadbcf993b031e917e8c1a8bb 25a0a1bbaaefc39004ab2d28cfa0291c2920c8d3 2d901063b6ea17df1dac8e5cdcdecd6359fe0c8613a456bfc1f3b15b03dd5143 Loading...

	nsw2u.com/doom-switch-xci-nsp	1.2 kB	2023-06-05	2023-06-05
Pretty URL nsw2u.com/doom-switch-xci-nsp IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-05 20:48:48 Last Seen2023-06-05 20:48:48 Times Seen1 Hash d52d9ec9e7dc9977ca2cc969cb3622c0 5687636738fd3875a72b72cbd5955bfd724d4a1e 1aa73eb16aa0d92dddf537585f2774c04705f0aa61b812ea73ff842b74b82da7 Loading...

		Size	First Seen	Last Seen
	#1 Eval - bc8b8a7d894aeb6d12fdb927a7ac85f6	2.3 kB	2023-06-05	2023-06-05
Pretty Observations First Seen2023-06-05 20:45:28 Last Seen2023-06-05 21:05:52 Times Seen6 Hash bc8b8a7d894aeb6d12fdb927a7ac85f6 58910ab94fb8a56bca63eb1ef59d5398114fd5e9 66557ac8e87f1dc72a4d595632fa1f7d866286fc858ab55674f0d78076cf0de7 Loading...

	#2 Eval - 5ee46fcb49122368c6327f1831f62d69	542 B	2023-06-05	2023-06-05
Pretty Observations First Seen2023-06-05 20:48:48 Last Seen2023-06-05 20:48:48 Times Seen1 Hash 5ee46fcb49122368c6327f1831f62d69 ffa1a2489f059eccc403bc22179113d6f9482592 5913907f796ab86d260afd9a03d74bc2d28719fdfeff8ea3307f84f91989c2e3 Loading...

	#3 Eval - 9005f5389037d4c78f8ec41e834ef404	6.3 kB	2023-06-05	2023-06-05
Pretty Observations First Seen2023-06-05 20:48:48 Last Seen2023-06-05 20:48:48 Times Seen1 Hash 9005f5389037d4c78f8ec41e834ef404 9a8a9c42aed7c6423bc5fe47c2b9adeda09f9c9f 14c97e8b25944d08cb3e55c60a6ef3d75a2557baa618e06bd4811d95a8df606a Loading...

	#4 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07	2024-04-26
Pretty Observations First Seen2023-03-07 01:03:43 Last Seen2024-04-26 06:27:34 Times Seen349970 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#5 Eval - 0dd93237635fa54ebaf09f94a6604ee8	1.0 kB	2023-06-05	2023-06-05
Pretty Observations First Seen2023-06-05 20:18:20 Last Seen2023-06-05 21:05:02 Times Seen4 Hash 0dd93237635fa54ebaf09f94a6604ee8 5ebfce23db009d9c6f304e4a569eb03f06635999 8f309a97d7667cb812c888132e32a42467894333e6ce0acb62655be20edd0718 Loading...

		Size	First Seen	Last Seen
	#1 Write - a2ac7dfa66b8c48aff22179c50ecd920	120 B	2023-06-05	2023-06-05
Pretty Observations First Seen2023-06-05 20:48:48 Last Seen2023-06-05 20:48:48 Times Seen1 Hash a2ac7dfa66b8c48aff22179c50ecd920 80912a54af05f4d05f47bb53f1776cbf562ed38a c48ee549c67b3737e85e4b5003f0679a4fbc1052d1d03cd1bde08b7bf5f7db0b Loading...

	#2 Write - d91546d31e2bf18730a6ce580305c2fd	120 B	2023-06-05	2023-06-26
Pretty Observations First Seen2023-06-05 20:48:48 Last Seen2023-06-26 20:11:27 Times Seen2 Hash d91546d31e2bf18730a6ce580305c2fd c01f11d0dbecd09d4a10b77faedc7496898c348f 06ce0664b04ce1f6521417d6d88f89a18b9dcd4abdb970da4d5c286b601b2ecf Loading...

	#3 Write - 467d82ac802ebf5b672ecdb8e02505e6	3.6 kB	2023-03-07	2023-07-11
Pretty Observations First Seen2023-03-07 01:02:24 Last Seen2023-07-11 15:29:01 Times Seen16478 Hash 467d82ac802ebf5b672ecdb8e02505e6 b3df725dd3285fd4618d65c08e83b8f08c8e4798 36d48aeb87174dbf8b0ea333d2042d9e198797bd33c3f849597981eacd619515 Loading...

	#4 Write - a65105382a9a614878875ba1f34cc004	120 B	2023-06-05	2023-06-05
Pretty Observations First Seen2023-06-05 20:48:48 Last Seen2023-06-05 20:48:48 Times Seen1 Hash a65105382a9a614878875ba1f34cc004 82c6645b7f766fa3ed3c1b9863de0fb6a663cf6f 904630be80c4736c1ae68b37e7e5eb9522ea65fdbd35de2410f04703fa131f84 Loading...

HTTP Transactions (148)

URL IP Response Size

nsw2u.com/doom-switch-xci-nsp

188.114.96.1

403 Forbidden

4.5 kB

URL User Request GET HTTP/3
nsw2u.com/doom-switch-xci-nsp
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3311)
Size
4.5 kB (4470 bytes)
Hash
052918e4206bb9aff518e10bfb4c2644
2059a7d3a13407f7cc55922922156774e48543b2
9eb461569c21eeb8427a01efb2decd9ea330c79480212b1c52325ae2ccc19c46

HTTP Headers

GET /doom-switch-xci-nsp HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Mon, 05 Jun 2023 18:48:22 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ySWHDrPjHARPiEHyqUFsUo8AbKoHc3TcbBherYTGnb78sIvKCyCTZNmw4fEPgeu1GrC3HuY88Vdt9B7AQoFLzq2rcp5e3Vt38xsLikZoz3nZmbzJRB62JcWAmoQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d2a96e349bcb4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

nsw2u.com/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7d2a96e498b5fab8

188.114.96.1

42 B

URL
nsw2u.com/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7d2a96e498b5fab8
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=7d2a96e498b5fab8 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nsw2u.com/doom-switch-xci-nsp
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:22 GMT
content-type: image/gif
content-length: 42
last-modified: Tue, 30 May 2023 15:20:42 GMT
etag: "6476144a-2a"
server: cloudflare
cf-ray: 7d2a96e64a38fab8-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Mon, 05 Jun 2023 20:48:22 GMT
cache-control: max-age=7200, public
accept-ranges: bytes

c0.wp.com/c/6.2.2/wp-includes/css/classic-themes.min.css

192.0.77.37

200 OK

291 B

URL GET HTTP/2
c0.wp.com/c/6.2.2/wp-includes/css/classic-themes.min.css
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text
Size
291 B (291 bytes)
Hash
1a0804b1a9d09705657f91fe7cad4c5a
feeece6f0b3e0bcf090547c475329a2772f6b26b
dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48

HTTP Headers

GET /c/6.2.2/wp-includes/css/classic-themes.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: text/css
content-length: 291
last-modified: Mon, 13 Feb 2023 20:50:19 GMT
expires: Tue, 04 Jun 2024 18:48:27 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

nsw2u.com/wp-content/plugins/chp-ads-block-detector/assets/img/icon.png

188.114.96.1

200 OK

16 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/chp-ads-block-detector/assets/img/icon.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
PNG image data, 350 x 350, 8-bit colormap, non-interlaced\012- data
Size
16 kB (15671 bytes)
Hash
134fce13c189ed0e483a1bddb6406204
eed559ac52e9731c56a1fb03eb94fc82e551bb66
723597ec6e9461e79c420faf0454170cf6f9243246a4fac3cef5f05a4b5be791

HTTP Headers

GET /wp-content/plugins/chp-ads-block-detector/assets/img/icon.png HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/doom-switch-xci-nsp
Cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: image/png
content-length: 15671
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Mon, 15 May 2023 23:42:50 GMT
vary: User-Agent, Accept-Encoding
cf-cache-status: HIT
age: 34025
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fP5l8QT5Lp%2FnuoqmPw6vXeOJzQ5v%2BVSsK%2FP5DaLIgQ7pWtfCIdvZn%2B6psaNDLhvuzz8zGmsWSeEr5VW%2BOs5YLGVJjwmx0TiFr8HH63xnX5%2Fd%2Bz3UsQWkDZOXkFM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a97026e9dfab8-OSL
alt-svc: h3=":443"; ma=86400

i0.wp.com/images.vfl.ru/ii/1667485067/b3f90ee8/38633676.jpg?resize=200%2C200&ssl=1

192.0.77.2

200 OK

11 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1667485067/b3f90ee8/38633676.jpg?resize=200%2C200&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
11 kB (10874 bytes)
Hash
55473ced46ee7b2c3ebfe99006c8fcbc
c4fcc42638388d595c03927b0661ecbf7ad69678
53981062ac0743bf339898075ec08151de47c5b0fa9039b708bd80e679f668b5

HTTP Headers

GET /images.vfl.ru/ii/1667485067/b3f90ee8/38633676.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: image/webp
content-length: 10874
last-modified: Wed, 17 May 2023 13:16:59 GMT
expires: Sat, 17 May 2025 01:16:59 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1667485067/b3f90ee8/38633676.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "60e070fa86c100a6"
vary: Accept
x-nc: HIT arn 1
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.28

188.114.96.1

200 OK

21 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.28
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
21 B (21 bytes)
Hash
7b5568740085d86e99a5b2b3e3451cf7
0e46d43f176a16789e65b3a786fd418fec4d1c38
c1673ed04d0735a2c9fcfcb9c77d9f19e5fc6937feb503e99090bdc24ea0eea2

HTTP Headers

GET /wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.28 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/doom-switch-xci-nsp
Cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: application/javascript
content-length: 21
cache-control: public, max-age=16070400
cf-bgj: minify
alt-svc: h3=":443"; ma=86400
expires: max-age=A10368000, public
last-modified: Fri, 14 Apr 2023 19:16:18 GMT
vary: User-Agent, Accept-Encoding
cf-cache-status: HIT
age: 34025
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0toqFIGlYbtbZ4PHkPZ%2BXbbXP5O5QHNDzftqPQpGc3Xrdin%2BqBWW8PsBxxtL%2F7G0ikwNXeupsrYdmhLpvO7b3zlDn1sDjk7JqETNX7tLuSI%2FMZhNxq3ZuAogk04%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a9702df09fab8-OSL

nsw2u.com/wp-content/plugins/ad-inserter/images/ads.png

188.114.96.1

200 OK

95 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/ad-inserter/images/ads.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Size
95 B (95 bytes)
Hash
71a50dbba44c78128b221b7df7bb51f1
0ec63b140374ba704a58fa0c743cb357683313dd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

HTTP Headers

GET /wp-content/plugins/ad-inserter/images/ads.png HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/doom-switch-xci-nsp
Cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: image/png
content-length: 95
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Fri, 14 Apr 2023 19:16:17 GMT
vary: User-Agent, Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 34025
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ypF6Yzg8Uzxu9rZv0ItxeIzdTb4KsmsixA1AKo2z8noCAZboFrLLGRZIwNTrO3CrNLcjmJNCspSea9ukETqqIyPtq1PRIC28aSvRzJ2OsNKAoLe9yGqUW8VPCMQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a9702df0afab8-OSL

nsw2u.com/wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.28

188.114.96.1

200 OK

22 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.28
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
22 B (22 bytes)
Hash
41bd53fe0ee631d5cfd895e18a53291d
9d9d3c42c53ad7f906cb083a0d2d37afb4537764
dfb2e16986e257b608b45d14396378a8f2ac6a7321c0dc2f13c66a33ec8e4a40

HTTP Headers

GET /wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.28 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/doom-switch-xci-nsp
Cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: application/javascript
content-length: 22
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=24
expires: max-age=A10368000, public
last-modified: Fri, 14 Apr 2023 19:16:17 GMT
vary: User-Agent, Accept-Encoding
cf-cache-status: HIT
age: 34025
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FdM%2FFnVstSlOTpwEXvXkI0Jn3Q2gHUzEtcspfpb9i5opSvce9uwSghYiFZtlz1j13m%2Fm%2BrnnV7Jq7PcwT7tKVqWM5ts4gX5IAkI1qD0p1Ka1NIz8Nqjqes6GgNc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a9702df0cfab8-OSL
alt-svc: h3=":443"; ma=86400

i0.wp.com/images.vfl.ru/ii/1669375359/243cfd1a/38654662.jpg?resize=200%2C200&ssl=1

192.0.77.2

200 OK

14 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1669375359/243cfd1a/38654662.jpg?resize=200%2C200&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
14 kB (14008 bytes)
Hash
2d0de84889daf001d4fe25311de7c748
438167bbd8a4da998c94107a9da9a885e60c9b35
5e05c163fb80b4076fa2986037c539ddc56d2011e5fc44f60bd0a0910f2de20e

HTTP Headers

GET /images.vfl.ru/ii/1669375359/243cfd1a/38654662.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: image/webp
content-length: 14008
last-modified: Wed, 17 May 2023 13:16:59 GMT
expires: Sat, 17 May 2025 01:16:59 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1669375359/243cfd1a/38654662.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "eb9b1bb61c41d633"
vary: Accept
x-nc: HIT arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1679750390/4e99e8e1/38826367.jpg?ssl=1

192.0.77.2

200 OK

32 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1679750390/4e99e8e1/38826367.jpg?ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 549x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
32 kB (31608 bytes)
Hash
3dde27351094fd110611b7099df7612d
1f8633afc647ab96114d9cd7b87b2e1bd9d73fae
f7118208621987432e4309b2429b3ca26191166ec2b5b4dfab15204958f9de33

HTTP Headers

GET /images.vfl.ru/ii/1679750390/4e99e8e1/38826367.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: image/webp
content-length: 31608
last-modified: Sat, 25 Mar 2023 13:28:37 GMT
expires: Tue, 25 Mar 2025 01:28:37 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1679750390/4e99e8e1/38826367.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "5948b74d64865dea"
vary: Accept
x-nc: HIT arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1679738619/4429b61e/38826218.jpg?ssl=1

192.0.77.2

200 OK

24 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1679738619/4429b61e/38826218.jpg?ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 549x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
24 kB (23824 bytes)
Hash
0d5d00d2bddc5fc46b487ee7526be1b1
70f1125a9b148ca9ca45b8150bb0d9e64446d405
d2846967d75c27d3e1693d3f91532d1bfbb6750bcc1c544d3d9e200c34b5b3ad

HTTP Headers

GET /images.vfl.ru/ii/1679738619/4429b61e/38826218.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: image/webp
content-length: 23824
last-modified: Sat, 25 Mar 2023 10:05:58 GMT
expires: Mon, 24 Mar 2025 22:05:58 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1679738619/4429b61e/38826218.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "ffe38a63a8792d3c"
vary: Accept
x-nc: HIT arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/game-2u.com/wp-content/uploads/2023/03/The-Last-Spell-GoldBerg-PC.jpg?ssl=1

192.0.77.2

200 OK

22 kB

URL GET HTTP/2
i0.wp.com/game-2u.com/wp-content/uploads/2023/03/The-Last-Spell-GoldBerg-PC.jpg?ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 241x339, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
22 kB (21598 bytes)
Hash
92cbf9f8ad7b96112ce683c394cfdc91
a529da1890b74e024926b93070329875c2269e3d
9a7588c1f43249cfda1bc2d0903f2072f9237208c427ede323b4d2738323f8e6

HTTP Headers

GET /game-2u.com/wp-content/uploads/2023/03/The-Last-Spell-GoldBerg-PC.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: image/webp
content-length: 21598
last-modified: Wed, 24 May 2023 00:17:23 GMT
expires: Fri, 23 May 2025 12:17:23 GMT
cache-control: public, max-age=63115200
link: <https://game-2u.com/wp-content/uploads/2023/03/The-Last-Spell-GoldBerg-PC.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "7308288dd0a397e9"
vary: Accept
x-nc: HIT arn 6
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1679707845/154521c0/38824712.jpg?ssl=1

192.0.77.2

200 OK

12 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1679707845/154521c0/38824712.jpg?ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 549x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
12 kB (12042 bytes)
Hash
10a8a711c6faa0d08703483686e5b8f7
fa2a6bbfa09a005d6c900c354301c42856e11d96
c010cae4bd876aded1ddef373f4b06fb6501f4258766ea2a1d225a18580ecb0c

HTTP Headers

GET /images.vfl.ru/ii/1679707845/154521c0/38824712.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: image/webp
content-length: 12042
last-modified: Sat, 25 Mar 2023 01:33:02 GMT
expires: Mon, 24 Mar 2025 13:33:02 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1679707845/154521c0/38824712.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "c4584129a86ae2c1"
vary: Accept
x-nc: HIT arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1667922247/a3e9c55a/38637769.jpg?resize=200%2C200&ssl=1

192.0.77.2

200 OK

10 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1667922247/a3e9c55a/38637769.jpg?resize=200%2C200&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
10 kB (10442 bytes)
Hash
79b891d5bcb9e78dd5305869191dcd3d
dde0f92b92e027e9c606728ece6576923cbc52e3
d6edc51ee1a374d31a5e8b8d0520e0760b8338aab27ccdf2aa30a6a8337679fd

HTTP Headers

GET /images.vfl.ru/ii/1667922247/a3e9c55a/38637769.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: image/webp
content-length: 10442
last-modified: Mon, 15 May 2023 22:03:02 GMT
expires: Thu, 15 May 2025 10:03:02 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1667922247/a3e9c55a/38637769.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "7156d99e3892042c"
vary: Accept
x-nc: HIT arn 2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1667922429/c6e5e3fa/38637770.jpg?resize=200%2C200&ssl=1

192.0.77.2

200 OK

12 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1667922429/c6e5e3fa/38637770.jpg?resize=200%2C200&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
12 kB (11726 bytes)
Hash
aa6aea40861f4e4163b87b450cde9c7e
a88ede460723f410745c4b2451a2031550545b2e
eb9b54ea9bf370a939ae445f9a413474174f65ecff82f1dae7e09cb40687bb5b

HTTP Headers

GET /images.vfl.ru/ii/1667922429/c6e5e3fa/38637770.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: image/webp
content-length: 11726
last-modified: Tue, 16 May 2023 17:52:37 GMT
expires: Fri, 16 May 2025 05:52:37 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1667922429/c6e5e3fa/38637770.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "0f945ea115012a60"
vary: Accept
x-nc: HIT arn 5
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=200%2C200&ssl=1

192.0.77.2

200 OK

2.7 kB

URL GET HTTP/2
i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=200%2C200&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.7 kB (2734 bytes)
Hash
ae58f5f8d93958f30ee4edffe1e3c6bb
7957b10b6f0faabd5ffc655a9698ca0bbc6bd708
dd21bb2f24c912107f1df2b4f6adc9ac747047e1c911a4f5319aa8966e532f1c

HTTP Headers

GET /nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: image/webp
content-length: 2734
last-modified: Fri, 28 Oct 2022 09:04:59 GMT
expires: Sun, 27 Oct 2024 21:04:59 GMT
cache-control: public, max-age=63115200
link: <https://nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png>; rel="canonical"
x-content-type-options: nosniff
etag: "ab7fb3ec3d012ba6"
vary: Accept
x-nc: HIT arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1669801198/18d9647c/38657837.jpg?resize=200%2C200&ssl=1

192.0.77.2

200 OK

7.8 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1669801198/18d9647c/38657837.jpg?resize=200%2C200&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
7.8 kB (7818 bytes)
Hash
be07a3f2db2eace56f7df3f78894fca8
8e65dbde4ea2283e2bcbb7d0d911ef861142d403
6845300d33cae612d9492b78ead6b905dc8a767f85a31676a4edceb40127845c

HTTP Headers

GET /images.vfl.ru/ii/1669801198/18d9647c/38657837.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: image/webp
content-length: 7818
last-modified: Wed, 17 May 2023 13:16:59 GMT
expires: Sat, 17 May 2025 01:16:59 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1669801198/18d9647c/38657837.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "cfc6705945ce67d3"
vary: Accept
x-nc: HIT arn 5
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1669564070/c5cf1365/38655710.jpg?resize=200%2C200&ssl=1

192.0.77.2

200 OK

7.8 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1669564070/c5cf1365/38655710.jpg?resize=200%2C200&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
7.8 kB (7762 bytes)
Hash
e7baefad47d6e5eba8c00e698ec40a9b
2ae1da7acfe323e61bb8591bf4e21718eec0a07f
dcc5fbc1a06a25afada7603483c9bd22dbb18912e9f04b84bf58ba049ec27b88

HTTP Headers

GET /images.vfl.ru/ii/1669564070/c5cf1365/38655710.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: image/webp
content-length: 7762
last-modified: Wed, 17 May 2023 13:16:59 GMT
expires: Sat, 17 May 2025 01:16:59 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1669564070/c5cf1365/38655710.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "35c83120a522250c"
vary: Accept
x-nc: HIT arn 1
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1642250333/fb2e40a2/37551870.jpg?resize=200%2C200&ssl=1

192.0.77.2

200 OK

6.6 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1642250333/fb2e40a2/37551870.jpg?resize=200%2C200&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
6.6 kB (6586 bytes)
Hash
a8b7bd9d71982a5d6ccdba5d85599d82
5f016a731c8a7acb86f11f65d1d1ac39684bccde
1b4ab922121786f4c16ddb863b08b91d3c4fb9caba7ad5e7339c823d362cb1ff

HTTP Headers

GET /images.vfl.ru/ii/1642250333/fb2e40a2/37551870.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: image/webp
content-length: 6586
last-modified: Wed, 17 May 2023 09:09:41 GMT
expires: Fri, 16 May 2025 21:09:41 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1642250333/fb2e40a2/37551870.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "62f6acd8ad9d53ed"
vary: Accept
x-nc: HIT arn 5
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/game-2u.com/wp-content/uploads/2023/04/Card-Survival-Tropical-Island-v104k-PC.jpg?ssl=1

192.0.77.2

200 OK

14 kB

URL GET HTTP/2
i0.wp.com/game-2u.com/wp-content/uploads/2023/04/Card-Survival-Tropical-Island-v104k-PC.jpg?ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 241x339, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
14 kB (13678 bytes)
Hash
410f75c51e485a92a4098f7445c4475b
548fcc333f432bd29c3c97cee7da741edc3ba799
90897b670aaf6e92a9996bc5b7c790b6ba8297f1ed722f2f179521d3847811c7

HTTP Headers

GET /game-2u.com/wp-content/uploads/2023/04/Card-Survival-Tropical-Island-v104k-PC.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: image/webp
content-length: 13678
last-modified: Mon, 29 May 2023 12:07:38 GMT
expires: Thu, 29 May 2025 00:07:38 GMT
cache-control: public, max-age=63115200
link: <https://game-2u.com/wp-content/uploads/2023/04/Card-Survival-Tropical-Island-v104k-PC.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "839b70c5a6b17157"
vary: Accept
x-nc: HIT arn 2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/game-2u.com/wp-content/uploads/2023/05/Absolute-Drift-v253b773-PC.jpg?ssl=1

192.0.77.2

200 OK

6.0 kB

URL GET HTTP/2
i0.wp.com/game-2u.com/wp-content/uploads/2023/05/Absolute-Drift-v253b773-PC.jpg?ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 241x339, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
6.0 kB (6024 bytes)
Hash
7f3069a9095359a32d3eff2f9e5339df
9e40b86f9c5773256f33c0f4d5fd72a91bce2156
351fb05724f4df4fe8472b3e8f8e9141cb217f6bfc1e1ca0b64a53ffa5385ca1

HTTP Headers

GET /game-2u.com/wp-content/uploads/2023/05/Absolute-Drift-v253b773-PC.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: image/webp
content-length: 6024
last-modified: Mon, 29 May 2023 12:15:09 GMT
expires: Thu, 29 May 2025 00:15:09 GMT
cache-control: public, max-age=63115200
link: <https://game-2u.com/wp-content/uploads/2023/05/Absolute-Drift-v253b773-PC.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "f7f279af8bc4a343"
vary: Accept
x-nc: HIT arn 4
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1659626961/946b2a41/38516846.jpg?resize=200%2C200&ssl=1

192.0.77.2

200 OK

9.7 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1659626961/946b2a41/38516846.jpg?resize=200%2C200&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
9.7 kB (9702 bytes)
Hash
1bb636cbc4bf45105ea09f678ec75095
95ab741b213cdf879782c361d4b305eaa169627d
bab239986bea594efd10c82ca1bb36dab2fd45a75c18448c6ba963cc59ab41a6

HTTP Headers

GET /images.vfl.ru/ii/1659626961/946b2a41/38516846.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: image/webp
content-length: 9702
last-modified: Tue, 18 Oct 2022 22:29:18 GMT
expires: Fri, 18 Oct 2024 10:29:18 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1659626961/946b2a41/38516846.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "3fe814ac9b579a80"
vary: Accept
x-nc: HIT arn 3
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.28

188.114.96.1

200 OK

23 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.28
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
23 B (23 bytes)
Hash
e509c98a0bcad0ce8e6248ac8eb31de1
ec5fe203df631088270b5f2b0b7a85498a2aeb8b
352ea4dd2d545563bef7eb0ba6d6ebfe4bc9d9e51ab00d9c925cb9e103edee63

HTTP Headers

GET /wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.28 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/doom-switch-xci-nsp
Cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: application/javascript
content-length: 23
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=25
expires: max-age=A10368000, public
last-modified: Fri, 14 Apr 2023 19:16:17 GMT
vary: User-Agent, Accept-Encoding
cf-cache-status: HIT
age: 34025
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B0Gy6dI3w7STwK6l%2BvTmlOWrJKfCSx7X6TD9KxJCYZhr0XPC%2BSbLY7VsnGSclPr4NHu6LtRmpsvUxQv4sZoMk%2FW4%2FZJ%2B8FAX7v0hiPEVtcP4NGqGxRZd3YS0ZwU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a97031f4ffab8-OSL
alt-svc: h3=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.2.2

104.17.25.14

200 OK

1.1 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.2.2
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F
ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT

File type
ASCII text, with very long lines (3036)
Size
1.1 kB (1101 bytes)
Hash
94279a9a0c4060a96efcf1da47716f86
ea88b3fd8b01a8b86edfd0f4120cc9a834893018
d41c6733a8c4a3a7f08204de8e3d60e1d2baf17dd7f675a26830fb1047fac40a

HTTP Headers

GET /ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.2.2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: application/javascript; charset=utf-8
content-length: 1101
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "60641588-bf7"
last-modified: Wed, 31 Mar 2021 06:24:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 512522
expires: Sat, 25 May 2024 18:48:27 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=utPkviu0IDMOVPBTNbKrbDGg5hWQgR87of3ORtVMg%2BDWZwbZNjHJ1rNLW0x3LTB5ix9gAyP%2FbeAVOIuDzTgw4hC1u0bDNT3gqD1H%2FP41nSI0x1oorpvDAaNBl%2FGtA%2BviD8rptXmD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7d2a97036f310b65-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.2.2

104.17.25.14

200 OK

677 B

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.2.2
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F
ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT

File type
ASCII text, with very long lines (1845)
Size
677 B (677 bytes)
Hash
f6a3dd4ecbf227acbafcff33d68dc71d
7421115ddcd5d436b89a1fd27e0cdce5a01978e6
30b2271be76ee2dd43122d0611f8aa498b9781f4cd03904ca12e12d2e91e9421

HTTP Headers

GET /ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.2.2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: application/javascript; charset=utf-8
content-length: 677
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "60641588-750"
last-modified: Wed, 31 Mar 2021 06:24:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1478003
expires: Sat, 25 May 2024 18:48:27 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qjgyg9ZzUHrXkTlX7iy84jAjG%2BQqNOewmToYScroDCzch4y%2FsOCAkhp7fA%2Bp2oMrZhrXgNbuDb55pnzuJNXE2S9yfNsUH0mNVDa0CpylAMVjLnWMw1lEhQlW6FHdMLTTDyCCUxqR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7d2a97037f3a0b65-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.2.2

104.17.25.14

200 OK

3.2 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.2.2
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F
ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT

File type
ASCII text, with very long lines (7862)
Size
3.2 kB (3150 bytes)
Hash
45bacd312d5098b4b59f563d8756c15d
fa55e2cff078381e5365d95782a95a787d0b7192
3d9120fa621da6d613c1698b7014ec6bdf4620366e8f2b7b547059f4b6f6272b

HTTP Headers

GET /ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.2.2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: application/javascript; charset=utf-8
content-length: 3150
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "60641588-1ed1"
last-modified: Wed, 31 Mar 2021 06:24:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 6982864
expires: Sat, 25 May 2024 18:48:27 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SljZxi50O3X1RTmywqHsA31N9tfyxlJfcTIi8GUILB8EiwPMnnYVd2vsULyjcOpKowZvBJiYxDDAU4Yq9YJQoJNx90%2BEKh5%2FiwPsD329JJ%2BcGWLn%2FTW66XHstay2xFbDdO8v52TK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7d2a97036f360b65-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f6e0fad54cb828605d258b3a3fc3494d
1998f119ae42787f25cac22435e05b7d8a7ecbcc
fdde19b20684979988b4db7567fdb883ef8cd0438f4c4ef053bdd058011f1dbc

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Jun 2023 18:48:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
793e96f16cfbafdfdfd065788089310e
d306bdb5e8a019aa638d23cd45513e1310e5b53e
ff417cdcfab1cb1e2a6d3793ed1a81ad9823c3d91d919cbec3a8d333832a275f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Jun 2023 18:48:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=UA-262573192-2

142.250.74.168

200 OK

47 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-262573192-2
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint73:BF:B0:D4:62:48:8E:EF:09:5F:00:57:95:98:82:16:BB:07:35:0C
ValidityFri, 19 May 2023 12:53:06 GMT - Fri, 11 Aug 2023 12:53:05 GMT

File type
ASCII text, with very long lines (2271)
Size
47 kB (47367 bytes)
Hash
af458cb325013ac8ffb5ba72eff2c257
ed411ee94f6535007b1fe7c33ee174d0a2064c07
6efaee0a208f530d16a2040d6c83fccae723ef753b0d6669f5c441cf0a948f83

HTTP Headers

GET /gtag/js?id=UA-262573192-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 05 Jun 2023 18:48:28 GMT
expires: Mon, 05 Jun 2023 18:48:28 GMT
cache-control: private, max-age=900
last-modified: Mon, 05 Jun 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 47367
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f6e0fad54cb828605d258b3a3fc3494d
1998f119ae42787f25cac22435e05b7d8a7ecbcc
fdde19b20684979988b4db7567fdb883ef8cd0438f4c4ef053bdd058011f1dbc

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Jun 2023 18:48:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

nsw2u.com/wp-content/uploads/2023/01/5053309-scaled.jpg

188.114.96.1

200 OK

165 kB

URL GET HTTP/3
nsw2u.com/wp-content/uploads/2023/01/5053309-scaled.jpg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, copyright=Freepik Company S.L. - www.freepik.com], baseline, precision 8, 2560x1707, components 3\012- data
Size
165 kB (165425 bytes)
Hash
6852b036e1ca6706dfd08adb9c453a3a
a6ad87ebc00f7a3b1b7bc7b973fbb9d2d63f6cc4
f604e7f73dba65231360db90d84583e729f20d58f4b03b8e17c799e0a575c09b

HTTP Headers

GET /wp-content/uploads/2023/01/5053309-scaled.jpg HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/doom-switch-xci-nsp
Cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:28 GMT
content-type: image/jpeg
content-length: 165425
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Tue, 03 Jan 2023 15:01:38 GMT
vary: User-Agent, Accept-Encoding
cf-cache-status: HIT
age: 34026
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ERTdAqwUERGjgRedOk5qLedWSCNsKfzXHw3%2FJuorZwx22UymkQhZ9wV%2FPHrvP1dCrLyukgpi3zUTMlqGNu%2BleeIdPNg9jJ9f%2F8ndxLEKj0ZCGCLu6j4Aa4kNFLo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a970a0e44fab8-OSL
alt-svc: h3=":443"; ma=86400

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
793e96f16cfbafdfdfd065788089310e
d306bdb5e8a019aa638d23cd45513e1310e5b53e
ff417cdcfab1cb1e2a6d3793ed1a81ad9823c3d91d919cbec3a8d333832a275f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Jun 2023 18:48:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

nsw2u.com/wp-content/themes/posterpro/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0

188.114.96.1

200 OK

77 kB

URL GET HTTP/3
nsw2u.com/wp-content/themes/posterpro/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

HTTP Headers

GET /wp-content/themes/posterpro/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/wp-content/cache/wpfc-minified/fhg2umku/6x2u.css
Cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:28 GMT
content-type: application/font-woff2
content-length: 77160
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Wed, 16 Nov 2022 18:49:08 GMT
vary: User-Agent, Accept-Encoding
cf-cache-status: HIT
age: 32870
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XjcGfQsY9HxU%2B0KnX8aprIk9dqTcDpXo5X49yybq1CZZWfwMP9QmrMRmYGnorp0ux5XKcuA9HAn0S8WDOIvcSAYyG%2Fl6b1gFK%2BQzcWCUy4j%2BXuEnYrgJ%2BR9RILo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a970a5ea5fab8-OSL
alt-svc: h3=":443"; ma=86400

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e7e560a1588ea25ad25242200936b149
946009b90527a122f590495540ca0d02f29945ec
cc56fa95fb4433116e1625385459b3dbab6ee45fd47a0c51789d9e50dc4e01e6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Jun 2023 18:48:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.35

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48412, version 1.0\012- data
Size
48 kB (48412 bytes)
Hash
31a8297826cdcea344698ff952694a7f
4fa1ee4c471d1c05e9141855eec5ee09b898d594
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5

HTTP Headers

GET /s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48412
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Jun 2023 11:49:35 GMT
expires: Fri, 31 May 2024 11:49:35 GMT
cache-control: public, max-age=31536000
age: 370733
last-modified: Tue, 02 May 2023 15:08:53 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.14.101

281 B

URL
ocsp.sectigo.com/
IP
104.18.14.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
281 B (281 bytes)
Hash
c63c6f88cdb62edd111c712a547955dd
ae8f5a62272f21843d673259a8029260740a85d5
b5f1028dd6a066a4ab42e756d4e143d151f06df0fde36b8f5515ea6d1aee79bf

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 18:48:28 GMT
Content-Type: application/ocsp-response
Content-Length: 281
Connection: keep-alive
Last-Modified: Sun, 04 Jun 2023 16:43:17 GMT
Expires: Sun, 11 Jun 2023 16:43:16 GMT
Etag: "ae8f5a62272f21843d673259a8029260740a85d5"
Cache-Control: max-age=512058,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7d2a970af9a6b521-OSL

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e7e560a1588ea25ad25242200936b149
946009b90527a122f590495540ca0d02f29945ec
cc56fa95fb4433116e1625385459b3dbab6ee45fd47a0c51789d9e50dc4e01e6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Jun 2023 18:48:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stats.wp.com/e-202322.js

192.0.76.3

200 OK

78 kB

URL GET HTTP/2
stats.wp.com/e-202322.js
IP
192.0.76.3:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text
Size
78 kB (77817 bytes)
Hash
36a5287b66e9d145da53194a97a6245a
8569750e9f82d96f556d6f549cba940b2f316d2c
ab8517f3d5171dd42a8b9c22af6a2f944b41d00e7ea54ba02b4ed71a6c59e543

HTTP Headers

GET /e-202322.js HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: application/javascript
last-modified: Fri, 19 May 2023 02:56:42 GMT
vary: Accept-Encoding
etag: W/"6466e56a-3508"
content-encoding: br
expires: Sun, 26 May 2024 21:54:49 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2

c0.wp.com/p/jetpack/12.1.1/_inc/build/sharedaddy/sharing.min.js

192.0.77.37

200 OK

37 kB

URL GET HTTP/2
c0.wp.com/p/jetpack/12.1.1/_inc/build/sharedaddy/sharing.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (8793), with no line terminators
Size
37 kB (36759 bytes)
Hash
fdf202abd4476fbb38a872c322fe32b3
d728b2a9cc4a0875c901aa602a3920b198922b54
9e1dae23d3ad3212f67d09ca79a50003c32953c36bab976f634c9b38d8a8c6dc

HTTP Headers

GET /p/jetpack/12.1.1/_inc/build/sharedaddy/sharing.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 07 Mar 2023 19:14:38 GMT
content-encoding: br
expires: Tue, 04 Jun 2024 18:48:27 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

static.a-ads.com/a-ads-banners/452146/728x90?region=eu-central-1

136.243.3.135

200 OK

34 kB

URL GET HTTP/2
static.a-ads.com/a-ads-banners/452146/728x90?region=eu-central-1
IP
136.243.3.135:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://ad.a-ads.com/1535207?size=728x90
Certificate
IssuerSectigo Limited
Subject*.a-ads.com
Fingerprint34:68:C2:05:E5:2A:4E:C3:F9:FC:94:69:D3:A6:BE:F2:21:A2:DE:AE
ValidityWed, 21 Dec 2022 00:00:00 GMT - Sun, 21 Jan 2024 23:59:59 GMT

File type
GIF image data, version 89a, 728 x 90\012- data
Size
34 kB (34060 bytes)
Hash
abee5b951901db7d5808cc14c1803f86
6abd0ca0c0d8ceba10b0105d92f54e3e32e0f9d9
df3f1522e3c1cfad89800cef7a2a5b3287cccf8efaf9b509153f5481a3bc5210

HTTP Headers

GET /a-ads-banners/452146/728x90?region=eu-central-1 HTTP/1.1
Host: static.a-ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad.a-ads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:28 GMT
content-type: image/gif
content-length: 34060
x-amz-id-2: W8d57SyUuhRyWOJS7mXyUCZDXWVyRf9i6jJBU2Xf1jtJM8isbyHutYNFg55AVgR8I5ZRvraZXEI=
x-amz-request-id: ZJAVP4PZ2ECRJPDW
x-amz-replication-status: COMPLETED
last-modified: Sat, 29 Apr 2023 12:10:47 GMT
etag: "abee5b951901db7d5808cc14c1803f86"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: 76whst7qvmX0l_vkmSfQJ7pFURrIqrZI
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2

ad.a-ads.com/1686449?size=728x90

136.243.3.135

200 OK

17 kB

URL GET HTTP/2
ad.a-ads.com/1686449?size=728x90
IP
136.243.3.135:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.a-ads.com
Fingerprint34:68:C2:05:E5:2A:4E:C3:F9:FC:94:69:D3:A6:BE:F2:21:A2:DE:AE
ValidityWed, 21 Dec 2022 00:00:00 GMT - Sun, 21 Jan 2024 23:59:59 GMT

File type
gzip compressed data, from Unix\012- data
Size
17 kB (16804 bytes)
Hash
648eadbf05dae197e9d5a700c1a32e70
1396c72180081f4d4fa145ee1ef6a4f313d8044e
316f6dbc6739736c422ed3113790f0f77cca059f927dc3d5039d3617d10b3a0d

HTTP Headers

GET /1686449?size=728x90 HTTP/1.1
Host: ad.a-ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:28 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding, Accept-Encoding
status: 200 OK
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: Phusion Passenger(R)
x-original-referer: https://nsw2u.com/
x-robots-tag: noindex, nofollow, nosnippet, noarchive
content-encoding: gzip
X-Firefox-Spdy: h2

1.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25&d=monsterid&forcedefault=y&r=G

192.0.73.2

200 OK

1.0 kB

URL GET HTTP/2
1.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25&d=monsterid&forcedefault=y&r=G
IP
192.0.73.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.gravatar.com
Fingerprint40:4E:21:9D:74:27:BC:64:DC:8B:81:06:B1:0E:76:4E:0D:AE:2B:C6
ValidityWed, 23 Nov 2022 00:00:00 GMT - Sun, 24 Dec 2023 23:59:59 GMT

File type
PNG image data, 25 x 25, 8-bit/color RGB, non-interlaced\012- data
Size
1.0 kB (1028 bytes)
Hash
fed546357e9f16dd0ee47c7ee5846ef7
eb4a7277c8e1360d0deb902644838f27a21b42de
3e75955919222f7160538b335b7cdb2b302136521aed489ba5c96e1c2bf3ab5a

HTTP Headers

GET /avatar/ad516503a11cd5ca435acc9bb6523536?s=25&d=monsterid&forcedefault=y&r=G HTTP/1.1
Host: 1.gravatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetpack.wordpress.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:29 GMT
content-type: image/png
content-length: 1028
last-modified: Sat, 01 Mar 2008 02:44:06 GMT
link: <https://www.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25&d=monsterid&forcedefault=y&r=G>; rel="canonical"
access-control-allow-origin: *
expires: Mon, 05 Jun 2023 18:53:29 GMT
cache-control: max-age=300
x-nc: HIT arn 4
accept-ranges: bytes
X-Firefox-Spdy: h2

0.gravatar.com/dist/css/hovercard.min.css?ver=202323a38e82b72ca7b7f7489a6e0d2e13bda8e1ecaa4ef340fc6b01754378626ee67e

192.0.73.2

200 OK

2.5 kB

URL GET HTTP/2
0.gravatar.com/dist/css/hovercard.min.css?ver=202323a38e82b72ca7b7f7489a6e0d2e13bda8e1ecaa4ef340fc6b01754378626ee67e
IP
192.0.73.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.gravatar.com
Fingerprint40:4E:21:9D:74:27:BC:64:DC:8B:81:06:B1:0E:76:4E:0D:AE:2B:C6
ValidityWed, 23 Nov 2022 00:00:00 GMT - Sun, 24 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (8294)
Size
2.5 kB (2547 bytes)
Hash
d0aea95f4f393faab7ce633f634f10a7
0fca663548f134a918865d2d73b729edf1ba5dcf
b6430eb74818a1eda8c688c967c3ccf00b2139dd175e868f6c5658d58f3abd11

HTTP Headers

GET /dist/css/hovercard.min.css?ver=202323a38e82b72ca7b7f7489a6e0d2e13bda8e1ecaa4ef340fc6b01754378626ee67e HTTP/1.1
Host: 0.gravatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetpack.wordpress.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:29 GMT
content-type: text/css
last-modified: Fri, 19 May 2023 08:02:31 GMT
etag: W/"64672d17-2067"
content-encoding: br
expires: Mon, 12 Jun 2023 18:48:29 GMT
cache-control: max-age=604800
X-Firefox-Spdy: h2

definedbootnervous.com/b58778756eec0903d5f657ab91f7f0a8/invoke.js

173.233.139.164

403 Forbidden

0 B

URL GET HTTP/1.1
definedbootnervous.com/b58778756eec0903d5f657ab91f7f0a8/invoke.js
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectdefinedbootnervous.com
Fingerprint0D:1D:94:97:51:12:2A:D9:C1:7A:C8:54:33:B8:0A:23:D9:1E:10:A8
ValidityMon, 22 May 2023 01:08:45 GMT - Sun, 20 Aug 2023 01:08:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /b58778756eec0903d5f657ab91f7f0a8/invoke.js HTTP/1.1
Host: definedbootnervous.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: nginx/1.19.5
Date: Mon, 05 Jun 2023 18:48:29 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA

definedbootnervous.com/0820d72adb12696922227f6272d36ff9/invoke.js

173.233.139.164

403 Forbidden

0 B

URL GET HTTP/1.1
definedbootnervous.com/0820d72adb12696922227f6272d36ff9/invoke.js
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectdefinedbootnervous.com
Fingerprint0D:1D:94:97:51:12:2A:D9:C1:7A:C8:54:33:B8:0A:23:D9:1E:10:A8
ValidityMon, 22 May 2023 01:08:45 GMT - Sun, 20 Aug 2023 01:08:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /0820d72adb12696922227f6272d36ff9/invoke.js HTTP/1.1
Host: definedbootnervous.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: nginx/1.19.5
Date: Mon, 05 Jun 2023 18:48:29 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA

definedbootnervous.com/a45922fa4966955cecdffbdde5347ae5/invoke.js

173.233.139.164

403 Forbidden

0 B

URL GET HTTP/1.1
definedbootnervous.com/a45922fa4966955cecdffbdde5347ae5/invoke.js
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectdefinedbootnervous.com
Fingerprint0D:1D:94:97:51:12:2A:D9:C1:7A:C8:54:33:B8:0A:23:D9:1E:10:A8
ValidityMon, 22 May 2023 01:08:45 GMT - Sun, 20 Aug 2023 01:08:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /a45922fa4966955cecdffbdde5347ae5/invoke.js HTTP/1.1
Host: definedbootnervous.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: nginx/1.19.5
Date: Mon, 05 Jun 2023 18:48:29 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA

static.a-ads.com/a-ads-banners/406678/320x50?region=eu-central-1

136.243.3.135

200 OK

406 kB

URL GET HTTP/2
static.a-ads.com/a-ads-banners/406678/320x50?region=eu-central-1
IP
136.243.3.135:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://ad.a-ads.com/2093561?size=320x50
Certificate
IssuerSectigo Limited
Subject*.a-ads.com
Fingerprint34:68:C2:05:E5:2A:4E:C3:F9:FC:94:69:D3:A6:BE:F2:21:A2:DE:AE
ValidityWed, 21 Dec 2022 00:00:00 GMT - Sun, 21 Jan 2024 23:59:59 GMT

File type
GIF image data, version 89a, 320 x 50\012- data
Size
406 kB (406165 bytes)
Hash
15fb17d0bb9a26b0a194b66c860e9d15
5cb1da4546a36e2e2b0fcd7314eff108835da726
142cecf84e332c087feffa033a2c072b4765b52057d9d895d8d46327b9066898

HTTP Headers

GET /a-ads-banners/406678/320x50?region=eu-central-1 HTTP/1.1
Host: static.a-ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad.a-ads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:29 GMT
content-type: image/gif
content-length: 406165
x-amz-id-2: +o7j9KDoiLRYshymMJDpSvpuhVwlPPYW1vhFt/NUy963FK/Hb1GHtT2dtT3plFlXANGm08gaD7I=
x-amz-request-id: SPZA0R8H7NMAY6TJ
x-amz-replication-status: COMPLETED
last-modified: Thu, 04 Aug 2022 08:12:38 GMT
etag: "15fb17d0bb9a26b0a194b66c860e9d15"
cache-control: max-age=315360000
x-amz-version-id: d8z5luthmT_Tb1UUXyz2HJlU9l9GWDKK
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2

c0.wp.com/p/jetpack/12.1.1/modules/wpgroho.js

192.0.77.37

200 OK

732 B

URL GET HTTP/2
c0.wp.com/p/jetpack/12.1.1/modules/wpgroho.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text
Size
732 B (732 bytes)
Hash
c1fafcf478e9f5d874558524ddade40a
e6aa77fbcc1bc2739f9f3742523b7ae623e9691c
ccd911729403decd6e3b74702fdc4d2c1b1e3ecf35a147f7e5373669932cc708

HTTP Headers

GET /p/jetpack/12.1.1/modules/wpgroho.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 28 Jul 2020 17:06:48 GMT
content-encoding: br
expires: Tue, 04 Jun 2024 18:48:27 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg

212.47.236.38

200 OK

20 kB

URL GET HTTP/1.1
images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg
IP
212.47.236.38:443
ASN
#12876 Online S.a.s.

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerGoogle Trust Services LLC
Subject*.vfl.ru
Fingerprint42:F5:55:E7:1E:EE:A7:BD:73:66:7A:7A:ED:02:3E:54:06:11:A4:71
ValidityWed, 03 May 2023 06:14:33 GMT - Tue, 01 Aug 2023 06:14:32 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 405x155, components 3\012- data
Size
20 kB (20041 bytes)
Hash
f18da1b42e09a935a23ae2c2edb6c248
56d1abe76fce57f741324ccd50d2a77cc959f03a
6c1e24df00b0eed30b44db4563966b05a63a84f8b78615b5d4988998bf5fafb5

HTTP Headers

GET /ii/1588854988/40f4425a/30440747.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 18:48:29 GMT
Content-Type: image/jpeg
Content-Length: 20041
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Thu, 07 May 2020 12:36:28 GMT
ETag: "5eb400cc-4e49"
Expires: Wed, 05 Jul 2023 18:48:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

i0.wp.com/images.vfl.ru/ii/1667922247/a3e9c55a/38637769.jpg?w=1280&resize=1280&ssl=1

192.0.77.2

200 OK

47 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1667922247/a3e9c55a/38637769.jpg?w=1280&resize=1280&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 432x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
47 kB (46786 bytes)
Hash
72c12797df7d41494d8f50e61ef1ed51
39da85e92cc10c51187fa1fbd0193f2e13299371
596ccd6c81bb72f913a05e042c1948f4f091486173394f8c85be00ccfd056fb8

HTTP Headers

GET /images.vfl.ru/ii/1667922247/a3e9c55a/38637769.jpg?w=1280&resize=1280&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 46786
last-modified: Mon, 15 May 2023 14:02:04 GMT
expires: Thu, 15 May 2025 02:02:04 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1667922247/a3e9c55a/38637769.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "962f02714fe54d76"
vary: Accept
x-nc: HIT arn 2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

c0.wp.com/p/jetpack/12.1.1/css/jetpack.css

192.0.77.37

200 OK

66 kB

URL GET HTTP/2
c0.wp.com/p/jetpack/12.1.1/css/jetpack.css
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
66 kB (65909 bytes)
Hash
4cc4e0cba17c8a9c76e0884632f9421f
9bdb840afdd68033ee0a3a8779cddcc7d71580b0
05db96d56969f90368d364da6c464ad073255964267594cb7e2b65b90d385da0

HTTP Headers

GET /p/jetpack/12.1.1/css/jetpack.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Mon, 17 Apr 2023 18:32:50 GMT
content-encoding: br
expires: Tue, 04 Jun 2024 18:48:27 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1669801198/18d9647c/38657837.jpg?w=1280&resize=1280&ssl=1

192.0.77.2

200 OK

39 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1669801198/18d9647c/38657837.jpg?w=1280&resize=1280&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 432x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
39 kB (38646 bytes)
Hash
bbbdd80b56bcb03e9714388f4c95c471
a4693886d67e62d67fcdeb0ec58e75a9fdb1449b
fbffa88f412ac959dd742b148fbed63c29114648fb3b320bdc12572fe1a09182

HTTP Headers

GET /images.vfl.ru/ii/1669801198/18d9647c/38657837.jpg?w=1280&resize=1280&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 38646
last-modified: Wed, 17 May 2023 13:22:01 GMT
expires: Sat, 17 May 2025 01:22:01 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1669801198/18d9647c/38657837.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "fcea96ff6e009adb"
vary: Accept
x-nc: HIT arn 5
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1669564070/c5cf1365/38655710.jpg?w=1280&resize=1280&ssl=1

192.0.77.2

200 OK

28 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1669564070/c5cf1365/38655710.jpg?w=1280&resize=1280&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 432x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
28 kB (27668 bytes)
Hash
048ca27e9a24944c5531fa55bdb3441e
393537e6aaeb5bbe92fddfb89b1378b3aec900c9
d2152def1ec841566f8e13c94a9c15669427f69104e4118eb4f3272973f404b5

HTTP Headers

GET /images.vfl.ru/ii/1669564070/c5cf1365/38655710.jpg?w=1280&resize=1280&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 27668
last-modified: Wed, 17 May 2023 13:22:01 GMT
expires: Sat, 17 May 2025 01:22:01 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1669564070/c5cf1365/38655710.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "37ab1c9b59690ae3"
vary: Accept
x-nc: HIT arn 1
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1642250333/fb2e40a2/37551870.jpg?w=1280&resize=1280&ssl=1

192.0.77.2

200 OK

29 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1642250333/fb2e40a2/37551870.jpg?w=1280&resize=1280&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 432x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
29 kB (29114 bytes)
Hash
3f0903e7801d2c7637954bd4fadc1c12
62918a0a952e2e44aff030874bae048197d722a5
69ae402481c759a2e1fc97b1a5e8a508ef69d695950d53ae273ae34146216b13

HTTP Headers

GET /images.vfl.ru/ii/1642250333/fb2e40a2/37551870.jpg?w=1280&resize=1280&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 29114
last-modified: Sat, 06 May 2023 15:25:19 GMT
expires: Tue, 06 May 2025 03:25:19 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1642250333/fb2e40a2/37551870.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "e4320d5664e43dc6"
vary: Accept
x-nc: HIT arn 5
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/doom-switch-xci-nsp

188.114.96.1

403 Forbidden

131 kB

URL User Request GET HTTP/3
nsw2u.com/doom-switch-xci-nsp
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
gzip compressed data, from Unix\012- data
Size
131 kB (130927 bytes)
Hash
7ff580d9c90810ae38f229b938a500c0
67dafaadf672c8873e45cdd4bb54ce430b00c56d
f9828f52879b1b40a23d1db2674519ecf97483640e31207978642178f660dec3

HTTP Headers

POST /doom-switch-xci-nsp HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nsw2u.com/doom-switch-xci-nsp?__cf_chl_tk=yM5Pi9lQznwrPV3LlgCQr0gT1z74XAsxwQA1RyUiFIg-1685990902-0-gaNycGzNCns
Content-Type: application/x-www-form-urlencoded
Content-Length: 2849
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: text/html
set-cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160; path=/; expires=Tue, 04-Jun-24 18:48:26 GMT; domain=.nsw2u.com; HttpOnly; Secure; SameSite=None
last-modified: Sat, 03 Jun 2023 12:44:58 GMT
vary: Accept-Encoding,User-Agent
cache-control: max-age=0, no-cache, no-store, must-revalidate
pragma: no-cache
expires: Mon, 29 Oct 1923 20:30:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L%2Fuq0NxmFysh3dlDcXusasfmun4XfaIaPhSuj3%2FphAPEYJjt%2FgTeFme%2BkleB36ABDX9IIzxO2OOzjTOMC4X%2FKuL8HJlvcV7vLv9JgkZWQxQNn3%2FTPMaNGrfcuk8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a97000bd5fab8-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400

i0.wp.com/images.vfl.ru/ii/1667485067/b3f90ee8/38633676.jpg?w=1280&resize=1280&ssl=1

192.0.77.2

200 OK

45 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1667485067/b3f90ee8/38633676.jpg?w=1280&resize=1280&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 432x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
45 kB (45436 bytes)
Hash
72978d20622aca4524ce0ca543368087
3ebd22dea1ada7df0bc20d48bc1be9ed6c3761b6
56453928099306b6ff0cf633e1b4024a191c15ea3b9b84e8394f213a5e4fd42b

HTTP Headers

GET /images.vfl.ru/ii/1667485067/b3f90ee8/38633676.jpg?w=1280&resize=1280&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 45436
last-modified: Wed, 17 May 2023 13:22:01 GMT
expires: Sat, 17 May 2025 01:22:01 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1667485067/b3f90ee8/38633676.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "8066d816a3828c8d"
vary: Accept
x-nc: HIT arn 1
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1669375359/243cfd1a/38654662.jpg?w=1280&resize=1280&ssl=1

192.0.77.2

200 OK

72 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1669375359/243cfd1a/38654662.jpg?w=1280&resize=1280&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 432x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
72 kB (72120 bytes)
Hash
d4c28860adab80d6ef3b8494fcd0e8d7
71b65392dfad02ea5ff649f311bd66eab1894c1a
d40c40b81c801617a059bf06efeb21186b278d6cceb865cf75b0592a9a4bd279

HTTP Headers

GET /images.vfl.ru/ii/1669375359/243cfd1a/38654662.jpg?w=1280&resize=1280&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 72120
last-modified: Wed, 17 May 2023 13:22:01 GMT
expires: Sat, 17 May 2025 01:22:01 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1669375359/243cfd1a/38654662.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "b75b321975d16bde"
vary: Accept
x-nc: HIT arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/nsw2u.png?w=216&ssl=1

192.0.77.2

200 OK

2.8 kB

URL GET HTTP/2
i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/nsw2u.png?w=216&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.8 kB (2836 bytes)
Hash
948c6dc3d3c1e2e9d315418f6eabe2bf
ed06ff1f0994f3be033f22d808241d3fcca9d1e8
3a2e29960ba6130c22ce96089a7592ae91b6a0d6a11595a10daaa9662522ad0b

HTTP Headers

GET /nsw2u.com/wp-content/uploads/2022/07/nsw2u.png?w=216&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 2836
last-modified: Sat, 24 Sep 2022 18:25:42 GMT
expires: Tue, 24 Sep 2024 06:25:42 GMT
cache-control: public, max-age=63115200
link: <https://nsw2u.com/wp-content/uploads/2022/07/nsw2u.png>; rel="canonical"
x-content-type-options: nosniff
etag: "0101732b85ce3bdc"
vary: Accept
x-nc: HIT arn 4
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

secure.gravatar.com/dist/css/services.min.css?ver=202322

192.0.73.2

200 OK

1.1 kB

URL GET HTTP/2
secure.gravatar.com/dist/css/services.min.css?ver=202322
IP
192.0.73.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.gravatar.com
Fingerprint40:4E:21:9D:74:27:BC:64:DC:8B:81:06:B1:0E:76:4E:0D:AE:2B:C6
ValidityWed, 23 Nov 2022 00:00:00 GMT - Sun, 24 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (3310)
Size
1.1 kB (1124 bytes)
Hash
bdf804ceb6729fc2dff156585a234665
38fae74e3122859e8f0ee5646706b41053080faf
0aba0adbf0a9273bbe99171a923792dce0ade3404c9815005f5f8293f73be9d6

HTTP Headers

GET /dist/css/services.min.css?ver=202322 HTTP/1.1
Host: secure.gravatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: text/css
last-modified: Wed, 31 May 2023 10:26:31 GMT
etag: W/"647720d7-cef"
content-encoding: br
expires: Mon, 12 Jun 2023 18:48:30 GMT
cache-control: max-age=604800
X-Firefox-Spdy: h2

i0.wp.com/2.bp.blogspot.com/-9yQ5ohWEyCo/WzDkrVwdwmI/AAAAAAAAACw/Ta8S7HsxxrsSA5FLA9Ud0H1uVSQzv1uygCLcBGAs/s320/doom_nintendo_switch_boxart_by_goldmetalsonic-dbnc74v.png?w=1280&resize=1280&ssl=1

192.0.77.2

302 Found

138 B

URL GET HTTP/2
i0.wp.com/2.bp.blogspot.com/-9yQ5ohWEyCo/WzDkrVwdwmI/AAAAAAAAACw/Ta8S7HsxxrsSA5FLA9Ud0H1uVSQzv1uygCLcBGAs/s320/doom_nintendo_switch_boxart_by_goldmetalsonic-dbnc74v.png?w=1280&resize=1280&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
138 B (138 bytes)
Hash
aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0

HTTP Headers

GET /2.bp.blogspot.com/-9yQ5ohWEyCo/WzDkrVwdwmI/AAAAAAAAACw/Ta8S7HsxxrsSA5FLA9Ud0H1uVSQzv1uygCLcBGAs/s320/doom_nintendo_switch_boxart_by_goldmetalsonic-dbnc74v.png?w=1280&resize=1280&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: text/html
content-length: 138
location: https://2.bp.blogspot.com/-9yQ5ohWEyCo/WzDkrVwdwmI/AAAAAAAAACw/Ta8S7HsxxrsSA5FLA9Ud0H1uVSQzv1uygCLcBGAs/s320/doom_nintendo_switch_boxart_by_goldmetalsonic-dbnc74v.png
x-nc: MISS arn 1
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

s0.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1610363240i

192.0.77.32

200 OK

24 kB

URL GET HTTP/2
s0.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1610363240i
IP
192.0.77.32:443
ASN
#2635 AUTOMATTIC

Requested by
https://jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (655), with no line terminators
Size
24 kB (24044 bytes)
Hash
5048b7bf6f335c259cae5d653d50726e
96f45044f726eef7c8e7c7f21f6368bf23a2b3f0
b6e4492d3b8358a81b80908b1f84e6bd2f64a7a46d48793af99d27bf29f4c2e8

HTTP Headers

GET /wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1610363240i HTTP/1.1
Host: s0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://jetpack.wordpress.com
DNT: 1
Connection: keep-alive
Referer: https://jetpack.wordpress.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:28 GMT
content-type: application/javascript
vary: Accept-Encoding
x-minify: t
x-minify-cache: hit
etag: W/1125-1684460866104.371
content-encoding: br
expires: Thu, 30 May 2024 20:22:45 GMT
cache-control: max-age=31536000
x-ac: 4.arn _dca BYPASS
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
timing-allow-origin: *
x-nc: HIT arn 2
X-Firefox-Spdy: h2

pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

142.250.74.34

200 OK

47 kB

URL GET HTTP/2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP
142.250.74.34:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint43:CE:FB:9F:15:CF:60:5A:60:72:25:27:C1:45:67:BF:C4:B1:1A:1E
ValidityFri, 19 May 2023 12:53:03 GMT - Fri, 11 Aug 2023 12:53:02 GMT

File type
ASCII text, with very long lines (3548)
Size
47 kB (47322 bytes)
Hash
209d25e02e6d07a9c2bdebeddd16ef26
14951b9abf696e2ed491da684321d9e326844c74
20f0c0edbe3c36e0ee3faed708aa56b8a64b52df128125f8efa30229031d808f

HTTP Headers

GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 05 Jun 2023 18:48:30 GMT
expires: Mon, 05 Jun 2023 18:48:30 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 2635480746104122106
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 47322
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
210516a6d654b88c66b731988e824f9d
108c7399ec2a80025d2a393218a3ce746a7be17d
2d74654b90d8e74650474b1f220e201edc50fa6ecfe87234307728c9709f358b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Jun 2023 18:48:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

nsw2u.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/68662470/invisible.js

188.114.96.1

200 OK

15 kB

URL GET HTTP/3
nsw2u.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/68662470/invisible.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
ASCII text, with very long lines (23920), with no line terminators
Size
15 kB (14631 bytes)
Hash
d5a474b33d9ff5c463fb9f8f53f6dcfe
0fc051a3adf717b4390f20b43bb37141f62a3e78
d71207c8d00d27bd25a0ec0b8afc92491c0bc5445f3b2e129039166cb6674f45

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/68662470/invisible.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160; _ga_HS5Y0K7QPG=GS1.1.1685990908.1.0.1685990908.0.0.0; _ga=GA1.1.83302851.1685990908
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
vary: accept-encoding
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I9v4vR4Iy5GMVp87oXO4YAZY%2F%2FR%2BqP6mYTfwZhY5%2B3CQZN6dRjwWopfd1epqwB8NHvNnPvBcRybjvgWF5QAr1%2FvOF11o1N1FSmi%2B09Q8jtBOwxOUIopFecicI8Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a9714f9defab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
5a65ab604ecb4f6bc4d0b8f18872c757
5cc8c1fdb4fbf2b62c513edeea75b5cb7e8171b7
eebda0199d9f25f3d150aa63a7db585c04908ab1106684274ddaa15ac83dd7bf

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Jun 2023 18:48:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

i0.wp.com/i89.fastpic.ru/thumb/2019/0721/b7/6d3352a91be5ae878ea1ab88798b5cb7.jpeg?w=640&ssl=1

192.0.77.2

200 OK

6.4 kB

URL GET HTTP/2
i0.wp.com/i89.fastpic.ru/thumb/2019/0721/b7/6d3352a91be5ae878ea1ab88798b5cb7.jpeg?w=640&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x168, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
6.4 kB (6366 bytes)
Hash
f5f2d49cff416bab3b345864779f5832
72baaf8cc8adf315ecb2fbf921c38e4d6411e02a
f738988723e79e574258875b5c4fdd62d8dc6290d6c671b21d7b9ef3bc72495b

HTTP Headers

GET /i89.fastpic.ru/thumb/2019/0721/b7/6d3352a91be5ae878ea1ab88798b5cb7.jpeg?w=640&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 6366
last-modified: Thu, 17 Nov 2022 07:46:31 GMT
expires: Sat, 16 Nov 2024 19:46:31 GMT
cache-control: public, max-age=63115200
link: <https://i89.fastpic.ru/thumb/2019/0721/b7/6d3352a91be5ae878ea1ab88798b5cb7.jpeg>; rel="canonical"
x-content-type-options: nosniff
etag: "77d96cf0d8dd91b5"
vary: Accept
x-nc: MISS arn 6
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/i89.fastpic.ru/thumb/2019/0721/cf/427319118f758b3fa1e75cf27c6fb4cf.jpeg?w=640&ssl=1

192.0.77.2

200 OK

5.2 kB

URL GET HTTP/2
i0.wp.com/i89.fastpic.ru/thumb/2019/0721/cf/427319118f758b3fa1e75cf27c6fb4cf.jpeg?w=640&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x168, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
5.2 kB (5164 bytes)
Hash
fbdca622919e2c4b9765c28a5bb40f7b
3a057c1b7361e1919ca3b8b8aa0fd19f2508c4c3
8135ab6c754fef45b3c763f58123c681324dc8e3958f80ef654e50aec918c11d

HTTP Headers

GET /i89.fastpic.ru/thumb/2019/0721/cf/427319118f758b3fa1e75cf27c6fb4cf.jpeg?w=640&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 5164
last-modified: Tue, 30 May 2023 10:33:47 GMT
expires: Thu, 29 May 2025 22:33:47 GMT
cache-control: public, max-age=63115200
link: <https://i89.fastpic.ru/thumb/2019/0721/cf/427319118f758b3fa1e75cf27c6fb4cf.jpeg>; rel="canonical"
x-content-type-options: nosniff
etag: "66626baf07a1aa4b"
vary: Accept
x-nc: MISS arn 1
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/themes/posterpro/js/navigation.js?ver=20120206

188.114.96.1

200 OK

7.3 kB

URL GET HTTP/3
nsw2u.com/wp-content/themes/posterpro/js/navigation.js?ver=20120206
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
data
Size
7.3 kB (7299 bytes)
Hash
a857002d6b9070bbd5b0bf1b02b114ef
9c4a59534825b24ef85cd1f2d9f2790dca5aae86
737793a7811ec8e717147c11355375940c4f0251c8c324a92a0c83f1c4e6508f

HTTP Headers

GET /wp-content/themes/posterpro/js/navigation.js?ver=20120206 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/doom-switch-xci-nsp
Cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:27 GMT
cache-control: public, max-age=16070400
expires: max-age=A10368000, public  content-type: application/javascript
last-modified: Wed, 16 Nov 2022 18:49:09 GMT
vary: Accept-Encoding,User-Agent
cf-cache-status: HIT
age: 34025
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jHGJxm4vuTq3XH8ZdkY%2B4ku5cSazEKB57GMaW%2BRf2tMEtvdO2HbDKCzE5YFnLsgqjinlQqiB6mtUAnYx8lAkMMWsHU9B5h0G5ch2CK%2BDT4MUIRT%2Fhn9Dm4cey00%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a97028eb9fab8-OSL
alt-svc: h3=":443"; ma=86400

i0.wp.com/i89.fastpic.ru/thumb/2019/0721/64/01808a48707e70d4c8aaf9f73f6bc764.jpeg?w=640&ssl=1

192.0.77.2

200 OK

6.5 kB

URL GET HTTP/2
i0.wp.com/i89.fastpic.ru/thumb/2019/0721/64/01808a48707e70d4c8aaf9f73f6bc764.jpeg?w=640&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x168, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
6.5 kB (6460 bytes)
Hash
c0ecb4cd759e352553057c2847c6b814
23f9940909f7c47568cde492f5398a8808e146fd
a74eeda5253563f21df786ddc68664895b22ef05d88feaf75e330c53967288e8

HTTP Headers

GET /i89.fastpic.ru/thumb/2019/0721/64/01808a48707e70d4c8aaf9f73f6bc764.jpeg?w=640&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 6460
last-modified: Sun, 16 Apr 2023 07:50:37 GMT
expires: Tue, 15 Apr 2025 19:50:37 GMT
cache-control: public, max-age=63115200
link: <https://i89.fastpic.ru/thumb/2019/0721/64/01808a48707e70d4c8aaf9f73f6bc764.jpeg>; rel="canonical"
x-content-type-options: nosniff
etag: "d64a4c85784cc292"
vary: Accept
x-nc: MISS arn 1
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/i89.fastpic.ru/thumb/2019/0721/45/632732d6436eb5658bf17404c3e20c45.jpeg?w=640&ssl=1

192.0.77.2

200 OK

5.2 kB

URL GET HTTP/2
i0.wp.com/i89.fastpic.ru/thumb/2019/0721/45/632732d6436eb5658bf17404c3e20c45.jpeg?w=640&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x168, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
5.2 kB (5234 bytes)
Hash
81505d36e251d08c1818051e89d147ad
77342b8af86648475d62bc78bab4b072661af910
ad855c16ff622a1db3505e6afa50645e5df05526e55f6ba8ed5afd5870046fb6

HTTP Headers

GET /i89.fastpic.ru/thumb/2019/0721/45/632732d6436eb5658bf17404c3e20c45.jpeg?w=640&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 5234
last-modified: Tue, 30 May 2023 10:33:47 GMT
expires: Thu, 29 May 2025 22:33:47 GMT
cache-control: public, max-age=63115200
link: <https://i89.fastpic.ru/thumb/2019/0721/45/632732d6436eb5658bf17404c3e20c45.jpeg>; rel="canonical"
x-content-type-options: nosniff
etag: "748a71d82922817d"
vary: Accept
x-nc: MISS arn 2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/i89.fastpic.ru/thumb/2019/0721/f1/1c397d6b134fbbbaf3f13e546914b7f1.jpeg?w=640&ssl=1

192.0.77.2

200 OK

5.0 kB

URL GET HTTP/2
i0.wp.com/i89.fastpic.ru/thumb/2019/0721/f1/1c397d6b134fbbbaf3f13e546914b7f1.jpeg?w=640&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x168, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
5.0 kB (5028 bytes)
Hash
f06c22a841cc4be1a4d6e49d2e9c050a
9e5c26d69102ed9893431cf6de4db6ece2d46d65
37ab67710ac559dcd3f3b05acd6434e3938e097c83c4219acf56670c55f50d89

HTTP Headers

GET /i89.fastpic.ru/thumb/2019/0721/f1/1c397d6b134fbbbaf3f13e546914b7f1.jpeg?w=640&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 5028
last-modified: Sun, 16 Apr 2023 07:50:37 GMT
expires: Tue, 15 Apr 2025 19:50:37 GMT
cache-control: public, max-age=63115200
link: <https://i89.fastpic.ru/thumb/2019/0721/f1/1c397d6b134fbbbaf3f13e546914b7f1.jpeg>; rel="canonical"
x-content-type-options: nosniff
etag: "e45961f977565467"
vary: Accept
x-nc: MISS arn 3
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/375267711:1685988518:cajykKi4jEcTbQ-WgfFNYAA4LSnXZkLTHvA91Giyy0k/7d2a96e84f6b0b41/53562cc6332721c

104.18.7.185

128 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/375267711:1685988518:cajykKi4jEcTbQ-WgfFNYAA4LSnXZkLTHvA91Giyy0k/7d2a96e84f6b0b41/53562cc6332721c
IP
104.18.7.185:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
128 kB (127837 bytes)
Hash
7d033f94a69484b9ba502c64c1f10905
00672f59a145a300fd83a00e4c39a995cdd04ea8
5c5fb1a5376af09cd17c00bc0d268ed38d5ac48cf9b5886c2328725bd3c02ccf

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/375267711:1685988518:cajykKi4jEcTbQ-WgfFNYAA4LSnXZkLTHvA91Giyy0k/7d2a96e84f6b0b41/53562cc6332721c HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hnnpd/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 53562cc6332721c
Content-Length: 2759
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:23 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: CS0+LHGNn/ufafYlF1RI9cEzygomMVB2oKNaW42Q6iIXLSonSVTm7QQDnWRNXBkSNgo6yo3+fap3Gxre/Wb7OpD4mCxFEtuCHKVM31BxId4e0gpfddKCPmPJxZUD/nwHazcJ/jlFwLotlcKP3RRlFVHINTiizu1nqGo2+hZyAtVdcE4xLzdMgGC7PwGZXyPqgPQrhHLXxRU9S9IxyBArXwNXKZ2lKu8bllrAszWWqbO64RIXjMF1404RaKvvi+OMzshQct/Ag9lA/MAjBAOkaMZn/IH508NHoZjUD9iK+WVqtKga8yFpcDFPfUVt/SqhaEOBK/zsg1oRFrfg3MEFXyRBTCUm8+eRsbxsgYPOBC4=$uJjoDsGuX40gsyWo5qMAFg==
server: cloudflare
cf-ray: 7d2a96ea19710b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

i0.wp.com/i89.fastpic.ru/thumb/2019/0721/79/f0b0e60f43fac5205932d78bd5324479.jpeg?w=640&ssl=1

192.0.77.2

200 OK

8.2 kB

URL GET HTTP/2
i0.wp.com/i89.fastpic.ru/thumb/2019/0721/79/f0b0e60f43fac5205932d78bd5324479.jpeg?w=640&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x168, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
8.2 kB (8236 bytes)
Hash
44f027b9e06e2e5b63fb864f4ee827f2
15d3690a3dd877ed11a834e0f9e75de428f71f29
88e2bba0c0cc9aac0f0371b26ab0a10960e7363ef8a5673e12e2e3c49fc268a4

HTTP Headers

GET /i89.fastpic.ru/thumb/2019/0721/79/f0b0e60f43fac5205932d78bd5324479.jpeg?w=640&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 8236
last-modified: Thu, 17 Nov 2022 07:46:32 GMT
expires: Sat, 16 Nov 2024 19:46:32 GMT
cache-control: public, max-age=63115200
link: <https://i89.fastpic.ru/thumb/2019/0721/79/f0b0e60f43fac5205932d78bd5324479.jpeg>; rel="canonical"
x-content-type-options: nosniff
etag: "8667688fcb53f0c6"
vary: Accept
x-nc: MISS arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/cache/wpfc-minified/lxvgsdbc/6x2u.css

188.114.96.1

200 OK

20 kB

URL GET HTTP/3
nsw2u.com/wp-content/cache/wpfc-minified/lxvgsdbc/6x2u.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
data
Size
20 kB (19868 bytes)
Hash
ecb69e4ece700834877019c15bda92d7
98090d819808448208669eb5abdafdc10730f4e9
5cb834ab62f0d37dc909031a50c6298f32e901a60e92f62c700f72f329a7ff90

HTTP Headers

GET /wp-content/cache/wpfc-minified/lxvgsdbc/6x2u.css HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/doom-switch-xci-nsp
Cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:27 GMT
cache-control: public, max-age=16070400
expires: max-age=A10368000, public  content-type: text/css
last-modified: Thu, 25 May 2023 13:18:26 GMT
vary: Accept-Encoding,User-Agent
cf-cache-status: HIT
age: 34025
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kOdql9AFPeVmsgFspT3hOn7%2Fkc8XMq3kAV3NRmSrgtGQ21xyaKREet711l1pXstdCZh3PKwZRu6pB4wCLWTd2XlAkWeiwedWXTshcjdyJrlih20qGlyU4vb11Ao%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a9701bdcefab8-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/turnstile/v0/g/68662470/api.js?onload=_cf_chl_turnstile_l&render=explicit

104.18.7.185

12 kB

URL
challenges.cloudflare.com/turnstile/v0/g/68662470/api.js?onload=_cf_chl_turnstile_l&render=explicit
IP
104.18.7.185:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (19175)
Size
12 kB (11988 bytes)
Hash
21a964474a4841c3e62893476cfec550
af06eb1e31d451fe557b7581e707cd88a3107491
fb479d9c5db685793fd57b4cacb188d2aa9ab40d660d54e1cf35d0f54b390c12

HTTP Headers

GET /turnstile/v0/g/68662470/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 05 Jun 2023 18:48:22 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d2a96e73cfdfab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

nsw2u.com/wp-content/cache/wpfc-minified/q8eepl4d/6x2u.css

188.114.96.1

200 OK

23 kB

URL GET HTTP/3
nsw2u.com/wp-content/cache/wpfc-minified/q8eepl4d/6x2u.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
data
Size
23 kB (23079 bytes)
Hash
480d292cadc86175c95daaa5d7ff25b7
eb153ddbedbfbc71469fe4b272f3a083f3219759
23a036aff33d9730cd602a084c7ef3746fc86195a109bb83fdc3aa90cfebbde9

HTTP Headers

GET /wp-content/cache/wpfc-minified/q8eepl4d/6x2u.css HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/doom-switch-xci-nsp
Cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:27 GMT
cache-control: public, max-age=16070400
expires: max-age=A10368000, public  content-type: text/css
last-modified: Thu, 25 May 2023 13:18:26 GMT
vary: Accept-Encoding,User-Agent
cf-cache-status: HIT
age: 34025
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FpQIM2X2DYlquqevAakKeuGWDGkHKt1jsaLSXrJPCRndPaQw3%2BhSqOk2E7ObQ0rnELfeHyLmRA0qImywMMBtkPlC%2F6bbyOCK3rvntddQc7CXDQopn9RyISQbs%2B0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a97027ea6fab8-OSL
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.28

188.114.96.1

200 OK

4.5 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.28
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
4.5 kB (4522 bytes)
Hash
b7d8aab20ec0137a23e4ff03411bd06c
bd7e901bbf5968d13abb3dee762244715541bdfe
651cbb53c3e67a452582c597784a988f2ad5db132c709c279a23ad74b9917448

HTTP Headers

GET /wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.28 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/doom-switch-xci-nsp
Cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=112
expires: max-age=A10368000, public
last-modified: Fri, 14 Apr 2023 19:16:17 GMT
vary: User-Agent, Accept-Encoding
cf-cache-status: HIT
age: 34025
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y7DpUcrwt%2FpMnoutz53g8PwV82SU1ckv3GaVrdD4Qr2o7BnMQqTbh9DVq1gegc7nv%2FmRXPaITTtadAdM8zWB8I2BewSfvsIJLEEZHjVv0TsvVKE7u9r0N49zO%2B8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a9702df0efab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

i0.wp.com/i106.fastpic.ru/thumb/2019/0721/c6/b2a31cf892be7581dd65c62eee4bcac6.jpeg?w=640&ssl=1

192.0.77.2

200 OK

8.4 kB

URL GET HTTP/2
i0.wp.com/i106.fastpic.ru/thumb/2019/0721/c6/b2a31cf892be7581dd65c62eee4bcac6.jpeg?w=640&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x168, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
8.4 kB (8362 bytes)
Hash
08b7b43363160f132baa879b46c9a253
595d5a57a7e04c65807903db23eaed45ebd7b4eb
87347d37be74347e9f41688f18a62c579bb33ae360b81a34a1f0c34e3437161a

HTTP Headers

GET /i106.fastpic.ru/thumb/2019/0721/c6/b2a31cf892be7581dd65c62eee4bcac6.jpeg?w=640&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 8362
last-modified: Sun, 16 Apr 2023 07:50:38 GMT
expires: Tue, 15 Apr 2025 19:50:38 GMT
cache-control: public, max-age=63115200
link: <https://i106.fastpic.ru/thumb/2019/0721/c6/b2a31cf892be7581dd65c62eee4bcac6.jpeg>; rel="canonical"
x-content-type-options: nosniff
etag: "f0014adb85d70d34"
vary: Accept
x-nc: MISS arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/i106.fastpic.ru/thumb/2019/0721/10/f900ac71af5c6fa39b8d6849597f1110.jpeg?w=640&ssl=1

192.0.77.2

200 OK

5.6 kB

URL GET HTTP/2
i0.wp.com/i106.fastpic.ru/thumb/2019/0721/10/f900ac71af5c6fa39b8d6849597f1110.jpeg?w=640&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x168, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
5.6 kB (5602 bytes)
Hash
4139415dec61c129d0d019f0bfbf3e80
18d355b40de3f7613cafd24699b0ad78880bcfb2
cdef82fd252075f38478890500647ac5f6641f343f4e0a268ae7c2106b756135

HTTP Headers

GET /i106.fastpic.ru/thumb/2019/0721/10/f900ac71af5c6fa39b8d6849597f1110.jpeg?w=640&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 5602
last-modified: Tue, 30 May 2023 10:33:47 GMT
expires: Thu, 29 May 2025 22:33:47 GMT
cache-control: public, max-age=63115200
link: <https://i106.fastpic.ru/thumb/2019/0721/10/f900ac71af5c6fa39b8d6849597f1110.jpeg>; rel="canonical"
x-content-type-options: nosniff
etag: "5a60e8a87b1be88b"
vary: Accept
x-nc: MISS arn 1
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1724355697:1685988475:tWgTsNoSQDaDapzE3v84OG20dev1IIPmk5XAbotAezM/7d2a96e498b5fab8/82d5b2ab80ed2bb

188.114.96.1

73 kB

URL
nsw2u.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1724355697:1685988475:tWgTsNoSQDaDapzE3v84OG20dev1IIPmk5XAbotAezM/7d2a96e498b5fab8/82d5b2ab80ed2bb
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
ASCII text, with very long lines (7416), with no line terminators
Size
73 kB (73030 bytes)
Hash
45fcff936e877646ee81146b9cc2594f
0bd35bf2d47d65a565e1c199082701b6d2481206
0704b5f7444705a02a058acb70125628a82bc8b2daaaf2f17f9c6efaaee473a7

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1724355697:1685988475:tWgTsNoSQDaDapzE3v84OG20dev1IIPmk5XAbotAezM/7d2a96e498b5fab8/82d5b2ab80ed2bb HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nsw2u.com/doom-switch-xci-nsp
Content-type: application/x-www-form-urlencoded
CF-Challenge: 82d5b2ab80ed2bb
Content-Length: 1654
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:23 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: sbXN/xryCflIiX7v9rtRDYgW+X6l6u/3Mq9809K0s37Yw/3ljSW2RMWVMO4izsIe$Hmpm7uGRaRAPwPlt2hSajg==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BoTNLxzeh9%2F9EDwCa9%2BX6dWil9NS6VYbuhlXem3fjCVknl9Z5IUdJkzdADqLEPkODIbDIiGIPsdSsnTH8V7QgBKYzV5KJqzlmkE0gNL3aDKRVuxV2KTxe26d9eQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a96e7dbe7fab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

2.bp.blogspot.com/-9yQ5ohWEyCo/WzDkrVwdwmI/AAAAAAAAACw/Ta8S7HsxxrsSA5FLA9Ud0H1uVSQzv1uygCLcBGAs/s320/doom_nintendo_switch_boxart_by_goldmetalsonic-dbnc74v.png

142.250.74.129

200 OK

128 kB

URL GET HTTP/3
2.bp.blogspot.com/-9yQ5ohWEyCo/WzDkrVwdwmI/AAAAAAAAACw/Ta8S7HsxxrsSA5FLA9Ud0H1uVSQzv1uygCLcBGAs/s320/doom_nintendo_switch_boxart_by_goldmetalsonic-dbnc74v.png
IP
142.250.74.129:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.blogspot.com
Fingerprint2F:A0:D5:AD:44:A5:5F:5A:3C:2C:02:18:3F:CD:C2:C3:AC:E3:56:53
ValidityFri, 19 May 2023 12:56:47 GMT - Fri, 11 Aug 2023 12:56:46 GMT

File type
PNG image data, 199 x 320, 8-bit/color RGBA, non-interlaced\012- data
Size
128 kB (127733 bytes)
Hash
2f43fd601d5d7dbf30551ea00134b335
04d251682496cc570c4fda1d27f13453b3cfa35f
5f215d5e76702a59db54a93a3a463e7e807d3be0f9ed4e1872c5084baff1372a

HTTP Headers

GET /-9yQ5ohWEyCo/WzDkrVwdwmI/AAAAAAAAACw/Ta8S7HsxxrsSA5FLA9Ud0H1uVSQzv1uygCLcBGAs/s320/doom_nintendo_switch_boxart_by_goldmetalsonic-dbnc74v.png HTTP/1.1
Host: 2.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nsw2u.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="doom_nintendo_switch_boxart_by_goldmetalsonic-dbnc74v.png"
x-content-type-options: nosniff
server: fife
content-length: 127733
x-xss-protection: 0
date: Mon, 05 Jun 2023 18:48:30 GMT
expires: Tue, 06 Jun 2023 18:48:30 GMT
cache-control: public, max-age=86400, no-transform
etag: "v2d"
content-type: image/png
vary: Origin
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

woovoree.net/5/3812660/?oo=1&aab=1

139.45.197.243

200 OK

8.0 kB

URL GET HTTP/2
woovoree.net/5/3812660/?oo=1&aab=1
IP
139.45.197.243:443
ASN
#9002 RETN Limited

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectwoovoree.net
FingerprintD2:A6:50:08:2E:B2:20:86:F3:77:28:9B:6D:15:4A:DA:0A:52:27:88
ValiditySat, 29 Apr 2023 08:40:42 GMT - Fri, 28 Jul 2023 08:40:41 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
8.0 kB (7994 bytes)
Hash
94fbfca30bda5cadf87d66c70fd92c76
f696c04aac037cc03f803f6bf8ace1feeae6c20c
bc4c1e02fb7334772291f8d6db10eafa80bc03d9f8c75edfb2791d61e1c99b96

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /5/3812660/?oo=1&aab=1 HTTP/1.1
Host: woovoree.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: application/json
x-trace-id: c70d741f8bda0b86f2a0f8a722a4a7de
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://xobr219pa.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://nsw2u.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=6e5ef08875ff4c61a695ce8915b82d05; expires=Tue, 04 Jun 2024 18:48:30 GMT; path=/; secure; SameSite=None
oaidts=1685990910; expires=Tue, 04 Jun 2024 18:48:30 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

nsw2u.com/wp-content/cache/wpfc-minified/oxqrju5/6x2u.css

188.114.96.1

200 OK

24 kB

URL GET HTTP/3
nsw2u.com/wp-content/cache/wpfc-minified/oxqrju5/6x2u.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
data
Size
24 kB (23569 bytes)
Hash
d143c4be294f342d009828ac56e3720b
703e0118e60bc9c23c5f31352758246b5b5d36f9
b775d74d755293a3f658f6f7437d7ccc556ba547c090e21386f8484760704b43

HTTP Headers

GET /wp-content/cache/wpfc-minified/oxqrju5/6x2u.css HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/doom-switch-xci-nsp
Cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:27 GMT
cache-control: public, max-age=16070400
expires: max-age=A10368000, public  content-type: text/css
last-modified: Thu, 25 May 2023 13:18:26 GMT
vary: Accept-Encoding,User-Agent
cf-cache-status: HIT
age: 34002
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QMO%2FyLCkrUna0wc2x5vAH5aaK3iijqF6fdBeh0IwWB9CuZ4XrCrELf4HoGK2yUJyRr41Wk6wA44EoFb9vEGXnQe5chZFP4k%2BiMzrhDOrffn5Uf2EG91qGLsnVVg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a9701fe05fab8-OSL
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css?family=Open+Sans%3A100%2C300%2C400%2C700&ver=6.2.2

142.250.74.106

200 OK

8.3 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Open+Sans%3A100%2C300%2C400%2C700&ver=6.2.2
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
gzip compressed data, max compression\012- data
Size
8.3 kB (8343 bytes)
Hash
b6060e6704d2ecdacab94a17f49640db
5d738b5e51acf0fef2c30e564b99c054ae3050f2
b207f72ca683c5ca1205b9217cf26f196ab0f46b68d19290c83d93b811b94aee

HTTP Headers

GET /css?family=Open+Sans%3A100%2C300%2C400%2C700&ver=6.2.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 05 Jun 2023 18:48:28 GMT
date: Mon, 05 Jun 2023 18:48:28 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

nsw2u.com/wp-content/cache/wpfc-minified/fhg2umku/6x2u.css

188.114.96.1

200 OK

152 kB

URL GET HTTP/3
nsw2u.com/wp-content/cache/wpfc-minified/fhg2umku/6x2u.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (34393)
Size
152 kB (151668 bytes)
Hash
f7d217e22523d4a4b2c340f5e40ef861
329eed97bc0d632ad90ab64e42f8c17cf08ad701
da7b65671f509b8057003200d8376b08735f3ae9a2fb9aac828accbf4a558b8f

HTTP Headers

GET /wp-content/cache/wpfc-minified/fhg2umku/6x2u.css HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/doom-switch-xci-nsp
Cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:27 GMT
cache-control: public, max-age=16070400
expires: max-age=A10368000, public  content-type: text/css
last-modified: Thu, 25 May 2023 13:18:26 GMT
vary: Accept-Encoding,User-Agent
cf-cache-status: HIT
age: 34025
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=onPKveMWWF2YtNlKRXThCrbaiMGtXauobdK9ng0PlYbgTyVpxKLhwN9w%2FqNQFsXzoYSgF78zADSsqg5zHjH36Cs%2FVvHhWyysivXGoUpCnVbo4XqMSSppf51VJ%2FI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a97020e1dfab8-OSL
alt-svc: h3=":443"; ma=86400

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
210516a6d654b88c66b731988e824f9d
108c7399ec2a80025d2a393218a3ce746a7be17d
2d74654b90d8e74650474b1f220e201edc50fa6ecfe87234307728c9709f358b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Jun 2023 18:48:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-lazy-images/dist/lazy-images.js?minify=false&ver=2e29137590434abf5fbe

188.114.96.1

200 OK

7.3 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-lazy-images/dist/lazy-images.js?minify=false&ver=2e29137590434abf5fbe
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
data
Size
7.3 kB (7252 bytes)
Hash
3e8eac94613da1f30e4b7308d9660e58
af19387aaee9facea9d8e16232c796f28b8f5b10
b5faea4b2aaf6b3f32fba6492419190fbf6c12eb10045cc94af7ce960e2cb38d

HTTP Headers

GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-lazy-images/dist/lazy-images.js?minify=false&ver=2e29137590434abf5fbe HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/doom-switch-xci-nsp
Cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:27 GMT
cache-control: public, max-age=16070400
expires: max-age=A10368000, public  content-type: application/javascript
last-modified: Tue, 30 May 2023 16:59:22 GMT
vary: Accept-Encoding,User-Agent
cf-cache-status: HIT
age: 34025
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pWd%2BJw1dG6HoHY%2BP86DQbfaPNtjkdbKLb3VCWOtoIr8xhaGL1oLXR10N1b1CHjRxmGz6hp9trWA36rJgdpqqnfcMTxel2RzxVqJbd05haWMZq16nXsG6W3KVZ%2BY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a97029ecdfab8-OSL
alt-svc: h3=":443"; ma=86400

my.rtmark.net/gid.js?userId=6e5ef08875ff4c61a695ce8915b82d05

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=6e5ef08875ff4c61a695ce8915b82d05
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
Fingerprint84:56:36:C3:24:DE:FB:F0:E7:EB:EB:9D:C8:B6:28:31:B5:3C:8B:80
ValiditySat, 06 May 2023 08:48:01 GMT - Fri, 04 Aug 2023 08:48:00 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
50854158eca66e431e8ce1e28e9351ef
92d325677d17225ff62368c5a7a7bcc6872f7285
d47137db44d81ae637c43844149044e19da8a666a644159a46af922fd46b9805

HTTP Headers

GET /gid.js?userId=6e5ef08875ff4c61a695ce8915b82d05 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://nsw2u.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=6e5ef08875ff4c61a695ce8915b82d05; expires=Tue, 04 Jun 2024 18:48:30 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=192%2C192&ssl=1

192.0.77.2

200 OK

2.6 kB

URL GET HTTP/2
i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=192%2C192&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.6 kB (2568 bytes)
Hash
513677192f138c2aba3a3847c320f723
7ce5b67d80a2c2dedf8685b08547bcc8bf012f99
d60495bc835271423ec6445708aceb3a068ed6f2ebfd796a86c9f9e134ca1788

HTTP Headers

GET /nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=192%2C192&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 2568
last-modified: Sat, 24 Sep 2022 18:28:57 GMT
expires: Tue, 24 Sep 2024 06:28:57 GMT
cache-control: public, max-age=63115200
link: <https://nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png>; rel="canonical"
x-content-type-options: nosniff
etag: "deb437b05941c6de"
vary: Accept
x-nc: HIT arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=32%2C32&ssl=1

192.0.77.2

200 OK

374 B

URL GET HTTP/2
i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=32%2C32&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
374 B (374 bytes)
Hash
43df8a9873aa31bb000672a677ac1640
4c1bcd8c3a797217d375df16b4bcab2d6a2763a3
d865b1c06cbff014e7c47cf5afb4332de4c95a537f86074e001b577c50aef07d

HTTP Headers

GET /nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=32%2C32&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 374
last-modified: Sat, 24 Sep 2022 18:25:44 GMT
expires: Tue, 24 Sep 2024 06:25:44 GMT
cache-control: public, max-age=63115200
link: <https://nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png>; rel="canonical"
x-content-type-options: nosniff
etag: "9a9a255d155ea6c0"
vary: Accept
x-nc: HIT arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

www.google-analytics.com/analytics.js

142.250.74.110

200 OK

21 kB

URL GET HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.110:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint73:BF:B0:D4:62:48:8E:EF:09:5F:00:57:95:98:82:16:BB:07:35:0C
ValidityFri, 19 May 2023 12:53:06 GMT - Fri, 11 Aug 2023 12:53:05 GMT

File type
ASCII text, with very long lines (1573)
Size
21 kB (20737 bytes)
Hash
4507839525a19180914799b08fb5fa5b
738d7e47e47a102e67d09efa63408d21aaf02245
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: object
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20737
date: Mon, 05 Jun 2023 18:45:34 GMT
expires: Mon, 05 Jun 2023 20:45:34 GMT
cache-control: public, max-age=7200
age: 176
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

i0.wp.com/2.bp.blogspot.com/-9yQ5ohWEyCo/WzDkrVwdwmI/AAAAAAAAACw/Ta8S7HsxxrsSA5FLA9Ud0H1uVSQzv1uygCLcBGAs/s320/doom_nintendo_switch_boxart_by_goldmetalsonic-dbnc74v.png?w=240&resize=240&ssl=1

192.0.77.2

302 Found

138 B

URL GET HTTP/2
i0.wp.com/2.bp.blogspot.com/-9yQ5ohWEyCo/WzDkrVwdwmI/AAAAAAAAACw/Ta8S7HsxxrsSA5FLA9Ud0H1uVSQzv1uygCLcBGAs/s320/doom_nintendo_switch_boxart_by_goldmetalsonic-dbnc74v.png?w=240&resize=240&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
138 B (138 bytes)
Hash
aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0

HTTP Headers

GET /2.bp.blogspot.com/-9yQ5ohWEyCo/WzDkrVwdwmI/AAAAAAAAACw/Ta8S7HsxxrsSA5FLA9Ud0H1uVSQzv1uygCLcBGAs/s320/doom_nintendo_switch_boxart_by_goldmetalsonic-dbnc74v.png?w=240&resize=240&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx
date: Mon, 05 Jun 2023 18:48:31 GMT
content-type: text/html
content-length: 138
location: https://2.bp.blogspot.com/-9yQ5ohWEyCo/WzDkrVwdwmI/AAAAAAAAACw/Ta8S7HsxxrsSA5FLA9Ud0H1uVSQzv1uygCLcBGAs/s320/doom_nintendo_switch_boxart_by_goldmetalsonic-dbnc74v.png
x-nc: MISS arn 1
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

2.bp.blogspot.com/-9yQ5ohWEyCo/WzDkrVwdwmI/AAAAAAAAACw/Ta8S7HsxxrsSA5FLA9Ud0H1uVSQzv1uygCLcBGAs/s320/doom_nintendo_switch_boxart_by_goldmetalsonic-dbnc74v.png

142.250.74.129

200 OK

128 kB

URL GET HTTP/3
2.bp.blogspot.com/-9yQ5ohWEyCo/WzDkrVwdwmI/AAAAAAAAACw/Ta8S7HsxxrsSA5FLA9Ud0H1uVSQzv1uygCLcBGAs/s320/doom_nintendo_switch_boxart_by_goldmetalsonic-dbnc74v.png
IP
142.250.74.129:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.blogspot.com
Fingerprint2F:A0:D5:AD:44:A5:5F:5A:3C:2C:02:18:3F:CD:C2:C3:AC:E3:56:53
ValidityFri, 19 May 2023 12:56:47 GMT - Fri, 11 Aug 2023 12:56:46 GMT

File type
PNG image data, 199 x 320, 8-bit/color RGBA, non-interlaced\012- data
Size
128 kB (127733 bytes)
Hash
2f43fd601d5d7dbf30551ea00134b335
04d251682496cc570c4fda1d27f13453b3cfa35f
5f215d5e76702a59db54a93a3a463e7e807d3be0f9ed4e1872c5084baff1372a

HTTP Headers

GET /-9yQ5ohWEyCo/WzDkrVwdwmI/AAAAAAAAACw/Ta8S7HsxxrsSA5FLA9Ud0H1uVSQzv1uygCLcBGAs/s320/doom_nintendo_switch_boxart_by_goldmetalsonic-dbnc74v.png HTTP/1.1
Host: 2.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nsw2u.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="doom_nintendo_switch_boxart_by_goldmetalsonic-dbnc74v.png"
x-content-type-options: nosniff
server: fife
content-length: 127733
x-xss-protection: 0
date: Mon, 05 Jun 2023 18:48:30 GMT
expires: Tue, 06 Jun 2023 18:48:30 GMT
cache-control: public, max-age=86400, no-transform
age: 1
etag: "v2d"
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

aus5.mozilla.org/update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-72-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

445 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-72-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#15169 GOOGLE

File type
XML 1.0 document text\012- XML document, ASCII text, with very long lines (332)
Size
445 B (445 bytes)
Hash
d39546249a86d29697ea6b389afd84f2
244ce5f2d9a3e80da843e527f35cae0b9d9e20be
ba339c9812783530a739e05b9bc0ec254d9c22eb13779e8e5be5860a192f8c80

HTTP Headers

GET /update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-72-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: 17805
rule-data-version: 1
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2023-07-20-17-01-41.chain; p384ecdsa=1WDqXC03WFmSoP0E1nuUaj88guAGp2H6vBpzEsxantB5pOqbXTs6LeIw8wG07Xtd9LZV-Yu8tjD3NXKIU7QhIy84SsiHI9WlDdDgZs1eMcStjdh2o92kPGggpsmd2qex
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: MISS
content-encoding: gzip
via: 1.1 google
date: Mon, 05 Jun 2023 18:35:09 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 445
age: 812
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

62.115.252.122

512 kB

URL
ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
IP
62.115.252.122:0
ASN
#1299 Telia Company AB

File type
Zip archive data, at least v2.0 to extract, compression method=deflate\012- data
Size
512 kB (511815 bytes)
Hash
152eda253e242e18443ef3282495bc7c
ff0fa85565f21ec4931baad4573b4c0bd08c4019
8e03090fee16f6e0ee2e436af8e51d0c3deed6d9f0db80dec048e668fc009a48

Detections

Analyzer	Verdict	Alert
VirusTotal	0/60	VirusTotal -

HTTP Headers

GET /openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1
Host: ciscobinary.openh264.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Last-Modified: Wed, 24 May 2023 20:52:50 GMT
ETag: 152eda253e242e18443ef3282495bc7c
Content-Length: 511815
Accept-Ranges: bytes
X-Timestamp: 1684961569.84930
Content-Type: application/zip
X-Trans-Id: txa73051eac09b464dbbbc2-00646fbb00dfw1
Cache-Control: public, max-age=245286
Expires: Thu, 08 Jun 2023 14:56:47 GMT
Date: Mon, 05 Jun 2023 18:48:41 GMT
Connection: keep-alive

c0.wp.com/c/6.2.2/wp-includes/js/jquery/jquery.min.js

192.0.77.37

200 OK

31 kB

URL GET HTTP/2
c0.wp.com/c/6.2.2/wp-includes/js/jquery/jquery.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65447)
Size
31 kB (31100 bytes)
Hash
0e850a69bc7fd0acc2e92ce6eee87959
8be6d9e7f7a61ccf0b8eac8a8144d770b608a19c
afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a

HTTP Headers

GET /c/6.2.2/wp-includes/js/jquery/jquery.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 08 Mar 2023 18:37:33 GMT
content-encoding: br
expires: Tue, 04 Jun 2024 18:48:27 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/i89.fastpic.ru/thumb/2019/0721/cc/e7a48560ef234b9402ba849768bf83cc.jpeg?w=640&ssl=1

192.0.77.2

200 OK

3.6 kB

URL GET HTTP/2
i0.wp.com/i89.fastpic.ru/thumb/2019/0721/cc/e7a48560ef234b9402ba849768bf83cc.jpeg?w=640&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x168, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
3.6 kB (3618 bytes)
Hash
84450e3d2ef47cfa51814d1d6d833b29
b4c28c1c58a8fea6b72c2564498911aff3fd234c
eb2dab89b4a83f348284830d35f29e3fb04b9f97eec11a0ba167b078d83e305e

HTTP Headers

GET /i89.fastpic.ru/thumb/2019/0721/cc/e7a48560ef234b9402ba849768bf83cc.jpeg?w=640&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 3618
last-modified: Tue, 30 May 2023 10:33:47 GMT
expires: Thu, 29 May 2025 22:33:47 GMT
cache-control: public, max-age=63115200
link: <https://i89.fastpic.ru/thumb/2019/0721/cc/e7a48560ef234b9402ba849768bf83cc.jpeg>; rel="canonical"
x-content-type-options: nosniff
etag: "1fab8424f8d07843"
vary: Accept
x-nc: MISS arn 6
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/i89.fastpic.ru/thumb/2019/0721/dc/22f0af7f17cc694efc2e5351ccc397dc.jpeg?w=640&ssl=1

192.0.77.2

200 OK

6.2 kB

URL GET HTTP/2
i0.wp.com/i89.fastpic.ru/thumb/2019/0721/dc/22f0af7f17cc694efc2e5351ccc397dc.jpeg?w=640&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x168, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
6.2 kB (6198 bytes)
Hash
ba9a42158acafaa2bfeb2b8c07c479cc
7b941279e56d576e18ee8420ee07019486b7cfdf
b212b3a38866baa3dd01a3eff732f7ce90c7061e226ccacb0fc0896ab0c1eda3

HTTP Headers

GET /i89.fastpic.ru/thumb/2019/0721/dc/22f0af7f17cc694efc2e5351ccc397dc.jpeg?w=640&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 6198
last-modified: Sun, 16 Apr 2023 07:50:37 GMT
expires: Tue, 15 Apr 2025 19:50:37 GMT
cache-control: public, max-age=63115200
link: <https://i89.fastpic.ru/thumb/2019/0721/dc/22f0af7f17cc694efc2e5351ccc397dc.jpeg>; rel="canonical"
x-content-type-options: nosniff
etag: "ea2939000a353fca"
vary: Accept
x-nc: MISS arn 5
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.core.js

188.114.96.1

200 OK

14 kB

URL GET HTTP/3
nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.core.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
ASCII text
Size
14 kB (13696 bytes)
Hash
0e78b1db7d662e95ae8c3506146b080a
9f1675c87a306e4dd45f84d0b7ac484ae506245e
6e79424f448b401656e2384514c9332a4baa6ab4d458ba048655e01f4b1c60f2

HTTP Headers

GET /wp-content/themes/posterpro/foundation/js/foundation.core.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/doom-switch-xci-nsp
Cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:27 GMT
cache-control: public, max-age=16070400
expires: max-age=A10368000, public  content-type: application/javascript
last-modified: Wed, 16 Nov 2022 18:49:09 GMT
vary: Accept-Encoding,User-Agent
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 34025
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZJrIJdY8a6shn531eutb7o9RrGZ7D5PmOp3K3jxdRk1nspr7ion6Q8qh%2FdS7tpwtgXE0gOxN0Oo8Rq%2F9Abcw5VVPhHM%2FneXkHkNxWCLXstOEW6bvhzITKm37qiU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a97028eb8fab8-OSL

mgnetu.com/js/full-page-script.js

172.67.146.233

403 Forbidden

0 B

URL GET HTTP/3
mgnetu.com/js/full-page-script.js
IP
172.67.146.233:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerGoogle Trust Services LLC
Subjectmgnetu.com
FingerprintA0:1F:F9:62:DB:61:7C:B6:D8:CE:EF:2D:59:66:4B:80:71:46:45:CC
ValidityTue, 09 May 2023 04:33:37 GMT - Mon, 07 Aug 2023 04:33:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /js/full-page-script.js HTTP/1.1
Host: mgnetu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
date: Mon, 05 Jun 2023 18:48:29 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AKxWGexUABCFGnl36Us3p4BfS3rxhLle2IOpifXfwLoV0UEzyiG73WrAwZ0Kjpo09BGsgNgkulWO4xZYLaS6AVivBAbCsSU62eCp72uA8qrn4kgIsL8zHxp%2BDm%2Bt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d2a9711fb40b4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

c0.wp.com/p/jetpack/12.1.1/_inc/build/photon/photon.min.js

192.0.77.37

200 OK

685 B

URL GET HTTP/2
c0.wp.com/p/jetpack/12.1.1/_inc/build/photon/photon.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (711), with no line terminators
Size
685 B (685 bytes)
Hash
0e65038e68e68d01f233c8fd05e48c1d
86375c7a10079a098d50dc82bd606676d09460c7
2b580e6709092e35bead327a2faee75175ca8a3036e3c50d9185062d7ed8673a

HTTP Headers

GET /p/jetpack/12.1.1/_inc/build/photon/photon.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 07 Dec 2021 16:56:47 GMT
content-encoding: br
expires: Tue, 04 Jun 2024 18:48:27 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1679380905

188.114.96.1

200 OK

11 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1679380905
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
ASCII text
Size
11 kB (10733 bytes)
Hash
94bc4228bb5941670e191e40a6bc44bd
ad06418894462185e7eecc1421310f552e1e5e36
5734f1b66dcb622529d435aba20990813d43553f949bc0813719b4e7d1252527

HTTP Headers

GET /wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1679380905 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/doom-switch-xci-nsp
Cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:27 GMT
cache-control: public, max-age=16070400
expires: max-age=A10368000, public  content-type: application/javascript
last-modified: Tue, 21 Mar 2023 06:41:45 GMT
vary: Accept-Encoding,User-Agent
cf-cache-status: HIT
age: 33929
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oz7XCiaQjLklhcosGYeAg8S1f%2BIz8%2BIHeY6uwEJmnPTG3m4ZIh4Iheq4vt4lqLLbs1%2BsO9lTl11FMNHeO%2Bnxf0j9gbn4dFU3EN8LXKKaKzY9uJm5ai%2BBVW2PbtE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a9702beeffab8-OSL
alt-svc: h3=":443"; ma=86400

mgnetu.com/js/full-page-script.js

172.67.146.233

403 Forbidden

0 B

URL GET HTTP/2
mgnetu.com/js/full-page-script.js
IP
172.67.146.233:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerGoogle Trust Services LLC
Subjectmgnetu.com
FingerprintA0:1F:F9:62:DB:61:7C:B6:D8:CE:EF:2D:59:66:4B:80:71:46:45:CC
ValidityTue, 09 May 2023 04:33:37 GMT - Mon, 07 Aug 2023 04:33:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /js/full-page-script.js HTTP/1.1
Host: mgnetu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iMTWMKatsX1MF0CGQ%2B42WfoJKpMlvmBttQnPV2LbZt3s7WaU%2FdR2rblraXvAcJzQcQDzySxeEcjeNxFyaK0X1VHAxDPVm0%2FZ9NVwx%2FPbBvXkA2GoYk3Qh63jxlv%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d2a9703488fb4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

secure.gravatar.com/js/gprofiles.js?ver=202322

192.0.73.2

200 OK

26 kB

URL GET HTTP/2
secure.gravatar.com/js/gprofiles.js?ver=202322
IP
192.0.73.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.gravatar.com
Fingerprint40:4E:21:9D:74:27:BC:64:DC:8B:81:06:B1:0E:76:4E:0D:AE:2B:C6
ValidityWed, 23 Nov 2022 00:00:00 GMT - Sun, 24 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (26062)
Size
26 kB (26129 bytes)
Hash
caf0f706328fcd249a7fbeae23b0a62f
6e2d57c57b1603ffc814a9808a880618a2b36a44
a38e82b72ca7b7f7489a6e0d2e13bda8e1ecaa4ef340fc6b01754378626ee67e

HTTP Headers

GET /js/gprofiles.js?ver=202322 HTTP/1.1
Host: secure.gravatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: application/javascript
last-modified: Thu, 01 Jun 2023 11:07:36 GMT
etag: W/"64787bf8-6611"
content-encoding: br
expires: Mon, 12 Jun 2023 18:48:27 GMT
cache-control: max-age=604800
X-Firefox-Spdy: h2

ad.a-ads.com/1535207?size=728x90

136.243.3.135

200 OK

12 kB

URL GET HTTP/2
ad.a-ads.com/1535207?size=728x90
IP
136.243.3.135:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.a-ads.com
Fingerprint34:68:C2:05:E5:2A:4E:C3:F9:FC:94:69:D3:A6:BE:F2:21:A2:DE:AE
ValidityWed, 21 Dec 2022 00:00:00 GMT - Sun, 21 Jan 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (11122)
Size
12 kB (12385 bytes)
Hash
830f96a60843f82b108d338b33d3e9c6
d3a281010f5c7a02dce6fe803cede0b2f76d036f
e293c9b9b6b3825a6634779bff8bb93ed3cbc7bb0e32ee7b34a256346ab92e2d

HTTP Headers

GET /1535207?size=728x90 HTTP/1.1
Host: ad.a-ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:28 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding, Accept-Encoding
status: 200 OK
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: Phusion Passenger(R)
x-original-referer: https://nsw2u.com/
x-robots-tag: noindex, nofollow, nosnippet, noarchive
content-encoding: gzip
X-Firefox-Spdy: h2

secure.gravatar.com/dist/css/hovercard.min.css?ver=202322

192.0.73.2

200 OK

8.3 kB

URL GET HTTP/2
secure.gravatar.com/dist/css/hovercard.min.css?ver=202322
IP
192.0.73.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.gravatar.com
Fingerprint40:4E:21:9D:74:27:BC:64:DC:8B:81:06:B1:0E:76:4E:0D:AE:2B:C6
ValidityWed, 23 Nov 2022 00:00:00 GMT - Sun, 24 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (8342), with no line terminators
Size
8.3 kB (8295 bytes)
Hash
8958f0c76fe21a28c91293f53d6d3f6f
8c7d3a87692d298bc597bb584acc5027541ef202
0b16953b19c6e07679067254de36478596a81471b44262fffd4dce4a51f7f347

HTTP Headers

GET /dist/css/hovercard.min.css?ver=202322 HTTP/1.1
Host: secure.gravatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: text/css
last-modified: Fri, 19 May 2023 08:02:31 GMT
etag: W/"64672d17-2067"
content-encoding: br
expires: Mon, 12 Jun 2023 18:48:30 GMT
cache-control: max-age=604800
X-Firefox-Spdy: h2

c0.wp.com/c/6.2.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css

192.0.77.37

200 OK

11 kB

URL GET HTTP/2
c0.wp.com/c/6.2.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (11256), with no line terminators
Size
11 kB (11256 bytes)
Hash
2b0dd7eecea03b4bdedb94ba622fdb03
703becba85161118dd6fc66af465428ef43f561c
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

HTTP Headers

GET /c/6.2.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
content-encoding: br
expires: Tue, 04 Jun 2024 18:48:27 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1667922429/c6e5e3fa/38637770.jpg?w=1280&resize=1280&ssl=1

192.0.77.2

200 OK

49 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1667922429/c6e5e3fa/38637770.jpg?w=1280&resize=1280&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 432x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
49 kB (48746 bytes)
Hash
3943799e6866beec74635dd2fdf512e3
f2a7081c65cacb1983cc0392810729c4eacad9b7
49130321a941d18ebfea6a84080d4c3970903aba00b12f293f7e621673f40efa

HTTP Headers

GET /images.vfl.ru/ii/1667922429/c6e5e3fa/38637770.jpg?w=1280&resize=1280&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 48746
last-modified: Wed, 17 May 2023 13:22:01 GMT
expires: Sat, 17 May 2025 01:22:01 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1667922429/c6e5e3fa/38637770.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "694acd0f20d20e8b"
vary: Accept
x-nc: HIT arn 5
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

s0.wp.com/_static/??/wp-content/js/textarea-autosize.min.js,/wp-content/mu-plugins/highlander-comments/script.js?m=1663141412j

192.0.77.32

200 OK

42 kB

URL GET HTTP/2
s0.wp.com/_static/??/wp-content/js/textarea-autosize.min.js,/wp-content/mu-plugins/highlander-comments/script.js?m=1663141412j
IP
192.0.77.32:443
ASN
#2635 AUTOMATTIC

Requested by
https://jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type

Size
42 kB (42229 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /_static/??/wp-content/js/textarea-autosize.min.js,/wp-content/mu-plugins/highlander-comments/script.js?m=1663141412j HTTP/1.1
Host: s0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://jetpack.wordpress.com
DNT: 1
Connection: keep-alive
Referer: https://jetpack.wordpress.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:29 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 14 Sep 2022 07:43:45 GMT
etag: W/"63218631-a4f5"
content-encoding: br
expires: Thu, 14 Sep 2023 07:43:50 GMT
cache-control: max-age=31536000
x-ac: 4.arn _dca
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
timing-allow-origin: *
x-nc: HIT arn 2
X-Firefox-Spdy: h2

ad.a-ads.com/2093561?size=320x50

136.243.3.135

200 OK

12 kB

URL GET HTTP/2
ad.a-ads.com/2093561?size=320x50
IP
136.243.3.135:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.a-ads.com
Fingerprint34:68:C2:05:E5:2A:4E:C3:F9:FC:94:69:D3:A6:BE:F2:21:A2:DE:AE
ValidityWed, 21 Dec 2022 00:00:00 GMT - Sun, 21 Jan 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (11122)
Size
12 kB (12383 bytes)
Hash
3ef6e109b467f87543a145f604a295e0
2c0b9284e577762baab2dec21aca8db3997ef700
36baa459a53d4269bbf12ab0f521d2db3da22445d3c06493a6bd03689c98056e

HTTP Headers

GET /2093561?size=320x50 HTTP/1.1
Host: ad.a-ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:29 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding, Accept-Encoding
status: 200 OK
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: Phusion Passenger(R)
x-original-referer: https://nsw2u.com/
x-robots-tag: noindex, nofollow, nosnippet, noarchive
content-encoding: gzip
X-Firefox-Spdy: h2

nsw2u.com/cdn-cgi/challenge-platform/h/g/scripts/pica.js

188.114.96.1

200 OK

5.7 kB

URL GET HTTP/3
nsw2u.com/cdn-cgi/challenge-platform/h/g/scripts/pica.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
ASCII text, with very long lines (5699), with no line terminators
Size
5.7 kB (5696 bytes)
Hash
60359b464993821b0d1e5e497d373dee
76ea7a77bb94eb6db3b483826ed690a60f461b2f
b5bdf3bc27e93e21f0f95ab35bbdb70cd16cda91848d44be906f0e6af94d0017

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/scripts/pica.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/doom-switch-xci-nsp
Cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160; _ga_HS5Y0K7QPG=GS1.1.1685990908.1.0.1685990908.0.0.0; _ga=GA1.1.83302851.1685990908
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
vary: accept-encoding
cache-control: max-age=14400, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eOYE1DoN0PAGrNAhywWMNWtRW1OQzsnEO1zmZeeDlhj34FDpyw3kPl%2Bi8CiUPAl%2F8ccrrnZp45%2FZsLZ2RW8Gom1RPJQrx6FtfOSeyQVdVKP3TZ4ntPAaS%2F2AKv4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a97168b65fab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

woovoree.net/tag.min.js

139.45.197.243

200 OK

74 kB

URL GET HTTP/2
woovoree.net/tag.min.js
IP
139.45.197.243:443
ASN
#9002 RETN Limited

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectwoovoree.net
FingerprintD2:A6:50:08:2E:B2:20:86:F3:77:28:9B:6D:15:4A:DA:0A:52:27:88
ValiditySat, 29 Apr 2023 08:40:42 GMT - Fri, 28 Jul 2023 08:40:41 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
74 kB (73794 bytes)
Hash
108831d56861ea0ee92dd3bbcb128e7c
35f1b3aae946f0ed3b5c607a30165f4eebfaed2b
ada0b5209a666e8a22bb806893202d4ce19cb37ce808654a9fcdfb3261310e1e

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: woovoree.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: text/javascript; charset=utf-8
content-length: 23674
content-encoding: br
x-trace-id: fec63e0d53f4822dc327b4c50ffeac29
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Fri, 02 Jun 2023 11:24:55 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

i0.wp.com/i89.fastpic.ru/thumb/2019/0721/41/3f3d9c70108912d2bd64868b66209541.jpeg?w=640&ssl=1

192.0.77.2

200 OK

4.6 kB

URL GET HTTP/2
i0.wp.com/i89.fastpic.ru/thumb/2019/0721/41/3f3d9c70108912d2bd64868b66209541.jpeg?w=640&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x168, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
4.6 kB (4562 bytes)
Hash
083e7a71e8d133e7162f157362840fbb
5260730cb661f5fb5199c1ae31dafd6f890a389f
ceaefdcaa13bd15c21093bf02c9912e12b10c9abfff938e6e0134b371dc57bf6

HTTP Headers

GET /i89.fastpic.ru/thumb/2019/0721/41/3f3d9c70108912d2bd64868b66209541.jpeg?w=640&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 4562
last-modified: Sun, 16 Apr 2023 07:50:37 GMT
expires: Tue, 15 Apr 2025 19:50:37 GMT
cache-control: public, max-age=63115200
link: <https://i89.fastpic.ru/thumb/2019/0721/41/3f3d9c70108912d2bd64868b66209541.jpeg>; rel="canonical"
x-content-type-options: nosniff
etag: "20de1faaa90da0e0"
vary: Accept
x-nc: MISS arn 3
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/cdn-cgi/challenge-platform/h/g/cv/result/7d2a97000bd5fab8

188.114.96.1

200 OK

2 B

URL POST HTTP/3
nsw2u.com/cdn-cgi/challenge-platform/h/g/cv/result/7d2a97000bd5fab8
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/cv/result/7d2a97000bd5fab8 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12380
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/doom-switch-xci-nsp
Cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160; _ga_HS5Y0K7QPG=GS1.1.1685990908.1.0.1685990908.0.0.0; _ga=GA1.1.83302851.1685990908
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: text/plain; charset=UTF-8
set-cookie: __cf_bm=8Tev324dO_YLu0snEonxHl4QHPVqvBxX5Owb8.9qF0o-1685990910-0-AQoBlIyp5QCNA7lqNg5t2cvSBWZ0kzYke9YlboNF0rt83NKFJcO6DTfI1KrgQsGVcHVn75x2BWHxp+uwVMzEbYvzIoapnJkCb1aAnN0bbsKV; path=/; expires=Mon, 05-Jun-23 19:18:30 GMT; domain=.nsw2u.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zerZ6jTWOu5MoaHQ2id1F9t4ysT7LIxVmMqo6YHTZp7EanzDAZUVbLEgOzpD9VlvlxxltOTq%2F3IMNytgVDjI1EanOohmIQ7ekZvvyyt7EnLame8d73AezhKgJzQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a97194e44fab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

i0.wp.com/i89.fastpic.ru/thumb/2019/0721/4e/d9614d3621103ec43ae009fa09ef414e.jpeg?w=640&ssl=1

192.0.77.2

200 OK

4.0 kB

URL GET HTTP/2
i0.wp.com/i89.fastpic.ru/thumb/2019/0721/4e/d9614d3621103ec43ae009fa09ef414e.jpeg?w=640&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x168, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
4.0 kB (3954 bytes)
Hash
676743fba411b80dfe6f1ea0627b1e3a
cf13f772a0af6b584992c31ee2c8108578104b5e
da484527bf688ed69d3b2918582b4c39234a6d6c516d17a86c1fda8b4f3aa875

HTTP Headers

GET /i89.fastpic.ru/thumb/2019/0721/4e/d9614d3621103ec43ae009fa09ef414e.jpeg?w=640&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 3954
last-modified: Sun, 16 Apr 2023 07:50:37 GMT
expires: Tue, 15 Apr 2025 19:50:37 GMT
cache-control: public, max-age=63115200
link: <https://i89.fastpic.ru/thumb/2019/0721/4e/d9614d3621103ec43ae009fa09ef414e.jpeg>; rel="canonical"
x-content-type-options: nosniff
etag: "b31676bb256d65c9"
vary: Accept
x-nc: MISS arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/plugins/chp-ads-block-detector/assets/img/d.svg

188.114.96.1

200 OK

73 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/chp-ads-block-detector/assets/img/d.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (20829)
Size
73 kB (72617 bytes)
Hash
496d1ae6bd68127d1c2e7d768de2702d
401094e71de488d2233d229bad8be282130a92b5
51ed1f79aeb5a9c25435cb7b6d5335353448d2eefaac75fa24470d93a0d07fde

HTTP Headers

GET /wp-content/plugins/chp-ads-block-detector/assets/img/d.svg HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/doom-switch-xci-nsp
Cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:27 GMT
cache-control: public, max-age=16070400
expires: max-age=A10368000, public  content-type: image/svg+xml
last-modified: Mon, 15 May 2023 23:42:50 GMT
vary: Accept-Encoding,User-Agent
cf-cache-status: HIT
age: 34025
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v5zXwzLJTGRqCOZqYtlNTPqP0cJGEmEsu9vLRM5tRlS%2FFuitEDWy4C7MabbEyphIMxk4omN5FTbxeRLAh8tvBfVyZIhSLu5jnhMQtDrBs8WSZZmcY6t0ykSgtx4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a97026e9bfab8-OSL
alt-svc: h3=":443"; ma=86400

s0.wp.com/wp-content/mu-plugins/highlander-comments/images/button-back.gif

192.0.77.32

200 OK

1.2 kB

URL GET HTTP/2
s0.wp.com/wp-content/mu-plugins/highlander-comments/images/button-back.gif
IP
192.0.77.32:443
ASN
#2635 AUTOMATTIC

Requested by
https://jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
GIF image data, version 89a, 2 x 26\012- data
Size
1.2 kB (1232 bytes)
Hash
41570c42d47e846f51422b154ebe8cc8
eed821bb5bf98caf32c563a56a1ebf145f7aca74
0dab369eac5fd3a06420395d02d292bc3e3ab0bf62add857c72804fd9f4edd35

HTTP Headers

GET /wp-content/mu-plugins/highlander-comments/images/button-back.gif HTTP/1.1
Host: s0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1663315160i&cssminify=yes
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:29 GMT
content-type: image/gif
content-length: 1232
last-modified: Thu, 29 Nov 2018 13:53:31 GMT
etag: "5bffef5b-4d0"
expires: Fri, 10 Nov 2023 15:10:58 GMT
cache-control: max-age=31536000
x-ac: 4.arn _dca BYPASS
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
timing-allow-origin: *
x-nc: HIT arn 2
accept-ranges: bytes
X-Firefox-Spdy: h2

c0.wp.com/c/6.2.2/wp-includes/js/mediaelement/wp-mediaelement.min.css

192.0.77.37

200 OK

4.2 kB

URL GET HTTP/2
c0.wp.com/c/6.2.2/wp-includes/js/mediaelement/wp-mediaelement.min.css
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (4186), with no line terminators
Size
4.2 kB (4186 bytes)
Hash
ea958276b7de454bd3c2873f0dc47e5f
b143f6e8e8f79d8f104c26b0057ef5514d763219
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

HTTP Headers

GET /c/6.2.2/wp-includes/js/mediaelement/wp-mediaelement.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
content-encoding: br
expires: Tue, 04 Jun 2024 18:48:27 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/css/lazyload.css?ver=4.3.6

188.114.96.1

200 OK

399 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/css/lazyload.css?ver=4.3.6
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
ASCII text, with very long lines (423), with no line terminators
Size
399 B (399 bytes)
Hash
ed94fa94e236140899a07d0bb24f233d
8e7f16eda1a41233d4d0f19264382b6222959b6c
2fb43730229e7993c5976889479bdd4488ce1cab9f939f11d7bba6e327c9a5df

HTTP Headers

GET /wp-content/plugins/featured-image-from-url/includes/html/css/lazyload.css?ver=4.3.6 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/doom-switch-xci-nsp
Cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:27 GMT
cache-control: public, max-age=16070400
expires: max-age=A10368000, public  content-type: text/css
last-modified: Tue, 23 May 2023 18:46:33 GMT
vary: Accept-Encoding,User-Agent
cf-cache-status: HIT
age: 34025
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6v2Fd9MELWnZtMR87dqlMkHvq1GLQCN9VMyMaulDTRq6mwu0cYs%2BwKxrBx3Mk64%2F8AJ4etVCEgOGnrieQr3dC%2BRmpJPUwS1lGrEJTPp%2F9cGlGqnWfzdDCx5L7Ec%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a97026e9afab8-OSL
alt-svc: h3=":443"; ma=86400

i0.wp.com/i89.fastpic.ru/thumb/2019/0721/1f/6a3a406af7716e40dfd581aff842be1f.jpeg?w=640&ssl=1

192.0.77.2

200 OK

5.0 kB

URL GET HTTP/2
i0.wp.com/i89.fastpic.ru/thumb/2019/0721/1f/6a3a406af7716e40dfd581aff842be1f.jpeg?w=640&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x168, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
5.0 kB (5020 bytes)
Hash
899a60bb1290b63d52dd8c4da0b81bba
b8db418da62e14918106656162067cacb4bc7dfe
1f80dc445c0be1c95921c9eee5aad9d7c6a5e6c7dff7e5ce90d2ac8f29e7fb1a

HTTP Headers

GET /i89.fastpic.ru/thumb/2019/0721/1f/6a3a406af7716e40dfd581aff842be1f.jpeg?w=640&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 5020
last-modified: Tue, 30 May 2023 10:33:48 GMT
expires: Thu, 29 May 2025 22:33:48 GMT
cache-control: public, max-age=63115200
link: <https://i89.fastpic.ru/thumb/2019/0721/1f/6a3a406af7716e40dfd581aff842be1f.jpeg>; rel="canonical"
x-content-type-options: nosniff
etag: "025bdfe8c0f612ab"
vary: Accept
x-nc: MISS arn 5
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/i106.fastpic.ru/thumb/2019/0721/fd/134915b5b5993fb05060aba81ea9b2fd.jpeg?w=640&ssl=1

192.0.77.2

200 OK

3.9 kB

URL GET HTTP/2
i0.wp.com/i106.fastpic.ru/thumb/2019/0721/fd/134915b5b5993fb05060aba81ea9b2fd.jpeg?w=640&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x168, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
3.9 kB (3884 bytes)
Hash
ac8ccb3ea7e27dcb95afd8533d55ebf2
f17ac2a420e4afb49d6bcebd598d483d97035471
c728c43e890bde486dc9fc1e3650492bb509b81ab8fca757fd0cce03a1413d9c

HTTP Headers

GET /i106.fastpic.ru/thumb/2019/0721/fd/134915b5b5993fb05060aba81ea9b2fd.jpeg?w=640&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 3884
last-modified: Tue, 30 May 2023 10:33:47 GMT
expires: Thu, 29 May 2025 22:33:47 GMT
cache-control: public, max-age=63115200
link: <https://i106.fastpic.ru/thumb/2019/0721/fd/134915b5b5993fb05060aba81ea9b2fd.jpeg>; rel="canonical"
x-content-type-options: nosniff
etag: "13265750036ad54e"
vary: Accept
x-nc: MISS arn 2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

c0.wp.com/c/6.2.2/wp-includes/js/comment-reply.min.js

192.0.77.37

200 OK

3.0 kB

URL GET HTTP/2
c0.wp.com/c/6.2.2/wp-includes/js/comment-reply.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (3056), with no line terminators
Size
3.0 kB (2981 bytes)
Hash
dc7f90d513295c29acc441fe114a2cab
ca9e5069d9afc4aa13ab2e152313dfb476e842ef
f87915c58d8c25473c726646b58d2fe0ba9a136987571e6c810aba3c67b4f74c

HTTP Headers

GET /c/6.2.2/wp-includes/js/comment-reply.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 08 Apr 2022 20:07:18 GMT
content-encoding: br
expires: Tue, 04 Jun 2024 18:48:27 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.3.6

188.114.96.1

200 OK

3.9 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.3.6
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
ASCII text, with very long lines (4076), with no line terminators
Size
3.9 kB (3949 bytes)
Hash
2541a2baf045e01159ee696c0811648d
b2263916a7fde84879fc3bda16095767ddf000f4
0548af9bb27732d955c46677c38cbffd67f7bcbdcf2d95797d395eefe44a6464

HTTP Headers

GET /wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.3.6 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/doom-switch-xci-nsp
Cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:27 GMT
cache-control: public, max-age=16070400
expires: max-age=A10368000, public  content-type: application/javascript
last-modified: Tue, 23 May 2023 18:46:33 GMT
vary: Accept-Encoding,User-Agent
cf-cache-status: HIT
age: 34025
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FlVJqORnWKGY0rGmENXTRLrrEGHaZRqoptwpx4FV9oo0CxIomSmjoCVHCnyhkjJWytwZxMzfl219T7VFQ5uCeIgwB4Gz4YHWqC7W9GgqZf34LGaLgEmXGIKQYAY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a9702beeefab8-OSL
alt-svc: h3=":443"; ma=86400

i0.wp.com/i106.fastpic.ru/thumb/2019/0721/84/f5a2fa2952ce23f8c8b58ddecb7db684.jpeg?w=640&ssl=1

192.0.77.2

200 OK

4.5 kB

URL GET HTTP/2
i0.wp.com/i106.fastpic.ru/thumb/2019/0721/84/f5a2fa2952ce23f8c8b58ddecb7db684.jpeg?w=640&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x168, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
4.5 kB (4456 bytes)
Hash
f10ba213e57e0245b712155003d6482e
f664134845b001c59b053536c6b682b15dfb421a
2a8705245aea5666f0fde7836c7a1e1141b887eeae51c5cc75148e9751223f90

HTTP Headers

GET /i106.fastpic.ru/thumb/2019/0721/84/f5a2fa2952ce23f8c8b58ddecb7db684.jpeg?w=640&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 4456
last-modified: Sun, 16 Apr 2023 07:50:38 GMT
expires: Tue, 15 Apr 2025 19:50:38 GMT
cache-control: public, max-age=63115200
link: <https://i106.fastpic.ru/thumb/2019/0721/84/f5a2fa2952ce23f8c8b58ddecb7db684.jpeg>; rel="canonical"
x-content-type-options: nosniff
etag: "e621cf61d0b0dc9e"
vary: Accept
x-nc: MISS arn 1
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.1

188.114.96.1

200 OK

4.6 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.1
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
ASCII text, with very long lines (4857), with no line terminators
Size
4.6 kB (4591 bytes)
Hash
3c05b4818fda400788cc5c2f60d87ea4
01e544e8461be8bb14a13fb8be13cc1e8259858e
db8170cdde3c954a075a4c1cfe836be73fc450ee8a298978470ca6a110284a08

HTTP Headers

GET /wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.1 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/doom-switch-xci-nsp
Cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:27 GMT
cache-control: public, max-age=16070400
expires: max-age=A10368000, public  content-type: application/javascript
last-modified: Thu, 30 Mar 2023 10:21:39 GMT
vary: Accept-Encoding,User-Agent
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 34025
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t6xJItCJucymPjLT53NPmNso3kowmT9Or%2FfKXygDViU4MZsP0Vb7LN34pT1FSzd%2FCSkZtNT8FkssGgXAAVpH8pxpJc7A5YUh9Vuwf%2B4Rio8770ultS9QKJ7oojU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a9702bee6fab8-OSL

c0.wp.com/c/6.2.2/wp-includes/js/jquery/jquery-migrate.min.js

192.0.77.37

200 OK

13 kB

URL GET HTTP/2
c0.wp.com/c/6.2.2/wp-includes/js/jquery/jquery-migrate.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (13326)
Size
13 kB (13424 bytes)
Hash
5cfa2b481de6e87c2190a0e3538515d8
0fccf3c8ab2c10b4dcc7970e64ce997ab1622f68
9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3

HTTP Headers

GET /c/6.2.2/wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Mon, 06 Feb 2023 20:59:15 GMT
content-encoding: br
expires: Tue, 04 Jun 2024 18:48:27 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/cache/wpfc-minified/1difh1hx/6x2u.js

188.114.96.1

200 OK

3.9 kB

URL GET HTTP/3
nsw2u.com/wp-content/cache/wpfc-minified/1difh1hx/6x2u.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
HTML document text\012- HTML document, ASCII text, with very long lines (4160), with no line terminators
Size
3.9 kB (3928 bytes)
Hash
e2330273b72c1a250a8ae09ae04d0bfa
49a08f84119421590a83a5079bac9803abef148c
3165960f809382d0080ad8f42e09782968a882fa4e65669f2c8deaa7bd4ee1c1

HTTP Headers

GET /wp-content/cache/wpfc-minified/1difh1hx/6x2u.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/doom-switch-xci-nsp
Cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:27 GMT
cache-control: public, max-age=16070400
expires: max-age=A10368000, public  content-type: application/javascript
last-modified: Thu, 25 May 2023 13:18:26 GMT
vary: Accept-Encoding,User-Agent
cf-cache-status: HIT
age: 34002
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wqqGz0Fa1JgZklbjBx8G5KgBuHsi61amWCX4nqv8IwfXorDoQsQ8obcryF9Lp5DvtUABTYZRUvTzgubqWKJQ1ChAmPrtapzaarRzMt3RBPAwIVO4nunjvg4dVpg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a97020e25fab8-OSL
alt-svc: h3=":443"; ma=86400

i0.wp.com/i106.fastpic.ru/thumb/2019/0721/9a/b3f8c9e0020c5131cbbe85f9c2dfb09a.jpeg?w=640&ssl=1

192.0.77.2

200 OK

7.6 kB

URL GET HTTP/2
i0.wp.com/i106.fastpic.ru/thumb/2019/0721/9a/b3f8c9e0020c5131cbbe85f9c2dfb09a.jpeg?w=640&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x168, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
7.6 kB (7626 bytes)
Hash
f79cfa4df27cbc08770c8d8d733143e1
d8683fdadcf39531805cddfcf30d4a56bb1ef43f
cdb41dfa3eed17b92cdcfa4036f418de9df14416bed11bf7b36ce350ae8f2016

HTTP Headers

GET /i106.fastpic.ru/thumb/2019/0721/9a/b3f8c9e0020c5131cbbe85f9c2dfb09a.jpeg?w=640&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 7626
last-modified: Fri, 03 Feb 2023 14:53:28 GMT
expires: Mon, 03 Feb 2025 02:53:28 GMT
cache-control: public, max-age=63115200
link: <https://i106.fastpic.ru/thumb/2019/0721/9a/b3f8c9e0020c5131cbbe85f9c2dfb09a.jpeg>; rel="canonical"
x-content-type-options: nosniff
etag: "ce9ada7f5eaf48b7"
vary: Accept
x-nc: MISS arn 5
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/i106.fastpic.ru/thumb/2019/0721/39/e82d7fd2b4aa1b7b4e4581fd15ef4039.jpeg?w=640&ssl=1

192.0.77.2

200 OK

6.7 kB

URL GET HTTP/2
i0.wp.com/i106.fastpic.ru/thumb/2019/0721/39/e82d7fd2b4aa1b7b4e4581fd15ef4039.jpeg?w=640&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x168, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
6.7 kB (6674 bytes)
Hash
162cedad7c7af2614dcfe0d58b06d6bc
0601129b03acf4f5db74ae45de9bee3176267a62
02ffaf3f845130e98b5031551ce492f0de873f63261b71cdee2713fb7aa4c4ae

HTTP Headers

GET /i106.fastpic.ru/thumb/2019/0721/39/e82d7fd2b4aa1b7b4e4581fd15ef4039.jpeg?w=640&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 6674
last-modified: Tue, 30 May 2023 10:33:47 GMT
expires: Thu, 29 May 2025 22:33:47 GMT
cache-control: public, max-age=63115200
link: <https://i106.fastpic.ru/thumb/2019/0721/39/e82d7fd2b4aa1b7b4e4581fd15ef4039.jpeg>; rel="canonical"
x-content-type-options: nosniff
etag: "aff365f960adf7a0"
vary: Accept
x-nc: MISS arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115

188.114.96.1

200 OK

880 B

URL GET HTTP/3
nsw2u.com/wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
ASCII text, with very long lines (965), with no line terminators
Size
880 B (880 bytes)
Hash
fa7fe6b99dd294598a44154cb2f424b7
78a909d97e5dfeffa1e1311e2c7ad8633d768960
9600c505b5d0d438a661c90d7b6ef5c6098024ff4e16e58a3577d5d0c837237f

HTTP Headers

GET /wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/doom-switch-xci-nsp
Cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:27 GMT
cache-control: public, max-age=16070400
expires: max-age=A10368000, public  content-type: application/javascript
last-modified: Wed, 16 Nov 2022 18:49:09 GMT
vary: Accept-Encoding,User-Agent
cf-cache-status: HIT
age: 34025
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BruVZ3x%2Fx1xotg4fOFVkD%2BWd4X0cNoIn5arA8K7inuLmDGre8J8TgIlqgjEDE0zO24a8UE5tTjqOA9dvsMF9%2B8BaiqPun%2BRrkY9YjBWbonqC7ey7d3BIXdin%2B8c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a97028ebbfab8-OSL
alt-svc: h3=":443"; ma=86400

s0.wp.com/_static/??/wp-content/mu-plugins/likes/queuehandler.js,/wp-content/mu-plugins/akismet-3.0/_inc/akismet-frontend.js?m=1683897436j

192.0.77.32

200 OK

24 kB

URL GET HTTP/2
s0.wp.com/_static/??/wp-content/mu-plugins/likes/queuehandler.js,/wp-content/mu-plugins/akismet-3.0/_inc/akismet-frontend.js?m=1683897436j
IP
192.0.77.32:443
ASN
#2635 AUTOMATTIC

Requested by
https://jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text
Size
24 kB (24182 bytes)
Hash
4704c1eb35424d96800d3c41a2442a39
bb2e6c029d5aa36ecebce1276f088dc30cd3ff65
780b61f483cfb44ee9881cbd362d41cf89609d401d12e9726e1471530ab14738

HTTP Headers

GET /_static/??/wp-content/mu-plugins/likes/queuehandler.js,/wp-content/mu-plugins/akismet-3.0/_inc/akismet-frontend.js?m=1683897436j HTTP/1.1
Host: s0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://jetpack.wordpress.com
DNT: 1
Connection: keep-alive
Referer: https://jetpack.wordpress.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:29 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 12 May 2023 13:17:23 GMT
etag: W/"645e3c63-5e76"
content-encoding: br
expires: Sat, 11 May 2024 13:17:31 GMT
cache-control: max-age=31536000
x-ac: 4.arn _dca BYPASS
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
timing-allow-origin: *
x-nc: HIT arn 2
X-Firefox-Spdy: h2

c0.wp.com/c/6.2.2/wp-includes/css/dist/block-library/style.min.css

192.0.77.37

200 OK

98 kB

URL GET HTTP/2
c0.wp.com/c/6.2.2/wp-includes/css/dist/block-library/style.min.css
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type

Size
98 kB (97517 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c/6.2.2/wp-includes/css/dist/block-library/style.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Fri, 10 Mar 2023 00:22:37 GMT
content-encoding: br
expires: Tue, 04 Jun 2024 18:48:27 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

0.gravatar.com/dist/css/services.min.css?ver=202323a38e82b72ca7b7f7489a6e0d2e13bda8e1ecaa4ef340fc6b01754378626ee67e

192.0.73.2

200 OK

3.3 kB

URL GET HTTP/2
0.gravatar.com/dist/css/services.min.css?ver=202323a38e82b72ca7b7f7489a6e0d2e13bda8e1ecaa4ef340fc6b01754378626ee67e
IP
192.0.73.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.gravatar.com
Fingerprint40:4E:21:9D:74:27:BC:64:DC:8B:81:06:B1:0E:76:4E:0D:AE:2B:C6
ValidityWed, 23 Nov 2022 00:00:00 GMT - Sun, 24 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (3348), with no line terminators
Size
3.3 kB (3311 bytes)
Hash
0c00e0c1ebbbc297c425a50bbbd0ad35
09ae84155d9120b8788c97a514c763f4382fe19e
a4198608989ddcd07a26a1981da7e93794a54742a2e60134aa848184504d92f4

HTTP Headers

GET /dist/css/services.min.css?ver=202323a38e82b72ca7b7f7489a6e0d2e13bda8e1ecaa4ef340fc6b01754378626ee67e HTTP/1.1
Host: 0.gravatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetpack.wordpress.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:29 GMT
content-type: text/css
last-modified: Wed, 31 May 2023 10:26:31 GMT
etag: W/"647720d7-cef"
content-encoding: br
expires: Mon, 12 Jun 2023 18:48:29 GMT
cache-control: max-age=604800
X-Firefox-Spdy: h2

i0.wp.com/i106.fastpic.ru/thumb/2019/0721/ee/6ae1238cf7823d61a3f434262939e7ee.jpeg?w=640&ssl=1

192.0.77.2

200 OK

5.6 kB

URL GET HTTP/2
i0.wp.com/i106.fastpic.ru/thumb/2019/0721/ee/6ae1238cf7823d61a3f434262939e7ee.jpeg?w=640&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x168, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
5.6 kB (5646 bytes)
Hash
dee3bc126033284510ba35935bfcd353
5b9d9bf35e391014f4260747ae88606e54b93571
0efc254ae5793edcf8db81b32eac06a88ee4ba052b5b0878506db53ac9b85c8f

HTTP Headers

GET /i106.fastpic.ru/thumb/2019/0721/ee/6ae1238cf7823d61a3f434262939e7ee.jpeg?w=640&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 5646
last-modified: Sun, 16 Apr 2023 07:50:38 GMT
expires: Tue, 15 Apr 2025 19:50:38 GMT
cache-control: public, max-age=63115200
link: <https://i106.fastpic.ru/thumb/2019/0721/ee/6ae1238cf7823d61a3f434262939e7ee.jpeg>; rel="canonical"
x-content-type-options: nosniff
etag: "b7a529290d6cb334"
vary: Accept
x-nc: MISS arn 5
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-lazy-images/dist/intersection-observer.js?minify=false&ver=83ec8aa758f883d6da14

188.114.96.1

200 OK

9.0 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-lazy-images/dist/intersection-observer.js?minify=false&ver=83ec8aa758f883d6da14
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
ASCII text, with very long lines (9051), with no line terminators
Size
9.0 kB (8983 bytes)
Hash
aee5233a88e59cf85afd5849a59da09c
a63fb67599f130b81880e3e9730462bff4ee5cc6
3a798d6addbffdfee5bcd2f5398f08585cc5f2c3bd6c511e45871e4ed72cbf7b

HTTP Headers

GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-lazy-images/dist/intersection-observer.js?minify=false&ver=83ec8aa758f883d6da14 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/doom-switch-xci-nsp
Cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:27 GMT
cache-control: public, max-age=16070400
expires: max-age=A10368000, public  content-type: application/javascript
last-modified: Tue, 30 May 2023 16:59:22 GMT
vary: Accept-Encoding,User-Agent
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 34025
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1PbUn2709l2vB5ynXaFPC%2B%2BlHEB5IcBPjVJtVGALEGSY3zWh9DcEWroq1prNXhI059%2BhZtNxDKX3gUd8aFloNP5kstgd5lJ18p3fkivPdFyf%2BxO3jqiuiNIpt1I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a97028ebcfab8-OSL

s0.wp.com/_static/??/wp-content/js/mobile-useragent-info.js,/wp-content/js/rlt-proxy.js?m=1637704497j

192.0.77.32

200 OK

19 kB

URL GET HTTP/2
s0.wp.com/_static/??/wp-content/js/mobile-useragent-info.js,/wp-content/js/rlt-proxy.js?m=1637704497j
IP
192.0.77.32:443
ASN
#2635 AUTOMATTIC

Requested by
https://jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text
Size
19 kB (19307 bytes)
Hash
4ba6be1612fb7d972e306b40ca81c69e
f438812921a7e44f4649a8cc1e0680f3b16350b6
7551cbecbf078a66df8f9d246d8b11c773247921f5ff0bbe601f0cf67e1e287b

HTTP Headers

GET /_static/??/wp-content/js/mobile-useragent-info.js,/wp-content/js/rlt-proxy.js?m=1637704497j HTTP/1.1
Host: s0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://jetpack.wordpress.com
DNT: 1
Connection: keep-alive
Referer: https://jetpack.wordpress.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:28 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 23 Nov 2021 21:55:38 GMT
etag: W/"619d635a-4b6b"
content-encoding: br
expires: Wed, 09 Aug 2023 21:35:02 GMT
cache-control: max-age=31536000
x-ac: 4.arn _dca
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
timing-allow-origin: *
x-nc: HIT arn 2
X-Firefox-Spdy: h2

s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1663315160i&cssminify=yes

192.0.77.32

200 OK

15 kB

URL GET HTTP/2
s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1663315160i&cssminify=yes
IP
192.0.77.32:443
ASN
#2635 AUTOMATTIC

Requested by
https://jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (14896), with no line terminators
Size
15 kB (14896 bytes)
Hash
6351b8d2b4c744f53ad04c649576118b
367ed42ea3dfb3eeb0adc1c192756c316a263872
ae2e2ce4e754233246589f8d6986deb99cec57327ae7294cf2a323a9af92b3c2

HTTP Headers

GET /wp-content/mu-plugins/highlander-comments/style.css?m=1663315160i&cssminify=yes HTTP/1.1
Host: s0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://jetpack.wordpress.com
DNT: 1
Connection: keep-alive
Referer: https://jetpack.wordpress.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:29 GMT
content-type: text/css
vary: Accept-Encoding
x-minify: t
x-minify-cache: hit
etag: W/17833-1684465005241.1526
content-encoding: br
expires: Thu, 30 May 2024 20:22:44 GMT
cache-control: max-age=31536000
x-ac: 4.arn _dca BYPASS
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
timing-allow-origin: *
x-nc: HIT arn 2
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1659626961/946b2a41/38516846.jpg?w=1280&resize=1280&ssl=1

192.0.77.2

200 OK

43 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1659626961/946b2a41/38516846.jpg?w=1280&resize=1280&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 432x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
43 kB (42946 bytes)
Hash
8eecd8735e9e9aeaf1983aba0e7f3b6d
8f8e31633b28a78a7a8a964bdb002c8ea32da38c
e731f1c1e067138cf40fe4df0d8968451df8f6bcfbfeaa1ed5bf35d8ef1c0000

HTTP Headers

GET /images.vfl.ru/ii/1659626961/946b2a41/38516846.jpg?w=1280&resize=1280&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 42946
last-modified: Fri, 18 Nov 2022 23:15:09 GMT
expires: Mon, 18 Nov 2024 11:15:09 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1659626961/946b2a41/38516846.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "8c3403d21496b34b"
vary: Accept
x-nc: HIT arn 3
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/cdn-cgi/challenge-platform/scripts/invisible.js

188.114.96.1

302 Found

24 kB

URL GET HTTP/3
nsw2u.com/cdn-cgi/challenge-platform/scripts/invisible.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type

Size
24 kB (23920 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/invisible.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160; _ga_HS5Y0K7QPG=GS1.1.1685990908.1.0.1685990908.0.0.0; _ga=GA1.1.83302851.1685990908
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Mon, 05 Jun 2023 18:48:30 GMT
vary: accept-encoding
access-control-allow-origin: *
cache-control: max-age=300, public
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/68662470/invisible.js
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Am3aJEV3nwdSihoH8e6uZxNjYAZU%2F66N0ktEfbfv87IRS00fhaTdEXtpozlBnwyNHISG8qnkjml3xoF8vr4Vw1wwPZV1k2nThSvqNYSvnjR%2FQhs4QiFhPiD0BlE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a9714b989fab8-OSL
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.3.6

188.114.96.1

200 OK

8.0 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.3.6
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
ASCII text, with very long lines (8246), with no line terminators
Size
8.0 kB (8005 bytes)
Hash
95e8541b1c7d8d1c6d971b8a1254f05e
a0a315f535cefee969c8f938ae9133beb051b51d
94d90d0cae68aae94246413284189ad0fd41bca226dcfc1d3394f25087df2ede

HTTP Headers

GET /wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.3.6 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/doom-switch-xci-nsp
Cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:27 GMT
cache-control: public, max-age=16070400
expires: max-age=A10368000, public  content-type: application/javascript
last-modified: Tue, 23 May 2023 18:46:33 GMT
vary: Accept-Encoding,User-Agent
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 34025
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TZmPJAMNwgfGNgVv1Y922xLGFPjDXkAtFzpxPnsoKe9eTRJE%2FwLj1m8MMyaUhX%2B2zY8nqx8zhCIC2y3%2B40QIaMpYQjBjoRpOtW4O17QDPFdqoZr%2F%2FT8VU4OlSao%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a9702bee8fab8-OSL

jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f

192.0.78.33

200 OK

23 kB

URL GET HTTP/2
jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f
IP
192.0.78.33:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wordpress.com
FingerprintA3:A5:D8:C8:1D:A5:FD:3E:95:A9:0C:25:E8:5A:C2:26:BD:14:73:44
ValidityWed, 23 Nov 2022 00:00:00 GMT - Sun, 24 Dec 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1831)
Size
23 kB (23196 bytes)
Hash
fc675cd7789a3415c38d2dfd0d583d85
15fdc6838a51938de33436a067e23d11c2451191
c3e032c37f4b02327aeec55f3aab07ca8b690cf3b5a9bcac2551f9f90ce42956

HTTP Headers

GET /jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f HTTP/1.1
Host: jetpack.wordpress.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:28 GMT
content-type: text/html; charset=UTF-8
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
host-header: WordPress.com
vary: Accept-Encoding, accept, content-type
content-encoding: br
x-ac: 4.arn _dca MISS
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

c0.wp.com/p/jetpack/12.1.1/_inc/social-logos/social-logos.min.css

192.0.77.37

200 OK

12 kB

URL GET HTTP/2
c0.wp.com/p/jetpack/12.1.1/_inc/social-logos/social-logos.min.css
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (11580)
Size
12 kB (11581 bytes)
Hash
6fe4fbe2d529a23a0c2c15640fbe15b1
35748eb5f288ebf9849080411e51be68e0f3af70
5af9881e63eb82017b7f84922fa8ba9928bcfb4416eb3579f1b3528263003a18

HTTP Headers

GET /p/jetpack/12.1.1/_inc/social-logos/social-logos.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:27 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 21 Mar 2023 13:24:16 GMT
content-encoding: br
expires: Tue, 04 Jun 2024 18:48:27 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-HS5Y0K7QPG&l=dataLayer&cx=c

142.250.74.168

200 OK

203 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-HS5Y0K7QPG&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint73:BF:B0:D4:62:48:8E:EF:09:5F:00:57:95:98:82:16:BB:07:35:0C
ValidityFri, 19 May 2023 12:53:06 GMT - Fri, 11 Aug 2023 12:53:05 GMT

File type
ASCII text, with very long lines (4372)
Size
203 kB (203238 bytes)
Hash
c9741d8b0f42f70088841fcc09994ffd
83d4de7a21429fd6c6c768ab250d3b8b147ab952
e0864ca29fd42e0e6dfe87a69f626eafbd12b7e5317d23eb7be57e90f42691dc

HTTP Headers

GET /gtag/js?id=G-HS5Y0K7QPG&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 05 Jun 2023 18:48:28 GMT
expires: Mon, 05 Jun 2023 18:48:28 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 73502
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

i0.wp.com/i89.fastpic.ru/thumb/2019/0721/a7/1610a8db3b7f3e9f82ee391aae02c4a7.jpeg?w=640&ssl=1

192.0.77.2

200 OK

5.3 kB

URL GET HTTP/2
i0.wp.com/i89.fastpic.ru/thumb/2019/0721/a7/1610a8db3b7f3e9f82ee391aae02c4a7.jpeg?w=640&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x168, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
5.3 kB (5326 bytes)
Hash
730e52b897276fb134a3572af1b8ec80
28b8f28de14cbdc6755861362d7448dbe4c0c07d
74baab46a413705b9d6c4f9db6c012524fecea3934fc2a86f9c56d53cb22512b

HTTP Headers

GET /i89.fastpic.ru/thumb/2019/0721/a7/1610a8db3b7f3e9f82ee391aae02c4a7.jpeg?w=640&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 5326
last-modified: Thu, 17 Nov 2022 07:46:32 GMT
expires: Sat, 16 Nov 2024 19:46:32 GMT
cache-control: public, max-age=63115200
link: <https://i89.fastpic.ru/thumb/2019/0721/a7/1610a8db3b7f3e9f82ee391aae02c4a7.jpeg>; rel="canonical"
x-content-type-options: nosniff
etag: "870a7ebdf1740331"
vary: Accept
x-nc: MISS arn 2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

0.gravatar.com/js/gprofiles.js?ver=202323a38e82b72ca7b7f7489a6e0d2e13bda8e1ecaa4ef340fc6b01754378626ee67e

192.0.73.2

200 OK

26 kB

URL GET HTTP/2
0.gravatar.com/js/gprofiles.js?ver=202323a38e82b72ca7b7f7489a6e0d2e13bda8e1ecaa4ef340fc6b01754378626ee67e
IP
192.0.73.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://jetpack.wordpress.com/jetpack-comment/?blogid=210416615&postid=2046&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=monsterid&greeting=Leave+a+Reply&jetpack_comments_nonce=942bd713f0&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.1.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=59c4df3c2d8eb01365ce0e9c605e6b6d54f0758f#parent=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.gravatar.com
Fingerprint40:4E:21:9D:74:27:BC:64:DC:8B:81:06:B1:0E:76:4E:0D:AE:2B:C6
ValidityWed, 23 Nov 2022 00:00:00 GMT - Sun, 24 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (26062)
Size
26 kB (26129 bytes)
Hash
caf0f706328fcd249a7fbeae23b0a62f
6e2d57c57b1603ffc814a9808a880618a2b36a44
a38e82b72ca7b7f7489a6e0d2e13bda8e1ecaa4ef340fc6b01754378626ee67e

HTTP Headers

GET /js/gprofiles.js?ver=202323a38e82b72ca7b7f7489a6e0d2e13bda8e1ecaa4ef340fc6b01754378626ee67e HTTP/1.1
Host: 0.gravatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetpack.wordpress.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:28 GMT
content-type: application/javascript
last-modified: Thu, 01 Jun 2023 11:07:36 GMT
etag: W/"64787bf8-6611"
content-encoding: br
expires: Mon, 12 Jun 2023 18:48:28 GMT
cache-control: max-age=604800
X-Firefox-Spdy: h2

woovoree.net/?rb=BvoAE1Y4Sh3R7CfuOT5BSOJhgTLeDaxtl6s73_qeCsjHhy3OerZ1idV63jq1mTGfxJlF-VSrDYpYsuJ02toHKpYiso1zHuuXMNiPepeR9qS8iJq3NJT0IMndqVUXaw4Eu4Q9NEiPvqn9ZxWRhCpQBktX40pmm0amfE_WRaeHm8knf5Ma_o4mzo26VUXgnBtfKskqxStUIvTwI7QHWr5nbA%3D%3D&request_ab2=0&zoneid=3812660&js_build=iclick-v1.553.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=6&pl=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp&drf=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp%3F__cf_chl_tk%3DyM5Pi9lQznwrPV3LlgCQr0gT1z74XAsxwQA1RyUiFIg-1685990902-0-gaNycGzNCns&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.553.0&bs=d1fae2b6-8ef5-40cb-87d2-8487610d8c61&userId=6e5ef08875ff4c61a695ce8915b82d05&m=link

139.45.197.243

200 OK

1.9 kB

URL GET HTTP/2
woovoree.net/?rb=BvoAE1Y4Sh3R7CfuOT5BSOJhgTLeDaxtl6s73_qeCsjHhy3OerZ1idV63jq1mTGfxJlF-VSrDYpYsuJ02toHKpYiso1zHuuXMNiPepeR9qS8iJq3NJT0IMndqVUXaw4Eu4Q9NEiPvqn9ZxWRhCpQBktX40pmm0amfE_WRaeHm8knf5Ma_o4mzo26VUXgnBtfKskqxStUIvTwI7QHWr5nbA%3D%3D&request_ab2=0&zoneid=3812660&js_build=iclick-v1.553.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=6&pl=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp&drf=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp%3F__cf_chl_tk%3DyM5Pi9lQznwrPV3LlgCQr0gT1z74XAsxwQA1RyUiFIg-1685990902-0-gaNycGzNCns&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.553.0&bs=d1fae2b6-8ef5-40cb-87d2-8487610d8c61&userId=6e5ef08875ff4c61a695ce8915b82d05&m=link
IP
139.45.197.243:443
ASN
#9002 RETN Limited

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectwoovoree.net
FingerprintD2:A6:50:08:2E:B2:20:86:F3:77:28:9B:6D:15:4A:DA:0A:52:27:88
ValiditySat, 29 Apr 2023 08:40:42 GMT - Fri, 28 Jul 2023 08:40:41 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1870), with no line terminators
Size
1.9 kB (1850 bytes)
Hash
c13d925c5b5ab590699ba546f266fff8
fdc7d95e265bccb8a0ef618db2fda5e886fa7ea0
52e315fa125c095c8ae42e19f2b55f4afbba90b8cae763e239eb5d3e36135fb3

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /?rb=BvoAE1Y4Sh3R7CfuOT5BSOJhgTLeDaxtl6s73_qeCsjHhy3OerZ1idV63jq1mTGfxJlF-VSrDYpYsuJ02toHKpYiso1zHuuXMNiPepeR9qS8iJq3NJT0IMndqVUXaw4Eu4Q9NEiPvqn9ZxWRhCpQBktX40pmm0amfE_WRaeHm8knf5Ma_o4mzo26VUXgnBtfKskqxStUIvTwI7QHWr5nbA%3D%3D&request_ab2=0&zoneid=3812660&js_build=iclick-v1.553.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=6&pl=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp&drf=https%3A%2F%2Fnsw2u.com%2Fdoom-switch-xci-nsp%3F__cf_chl_tk%3DyM5Pi9lQznwrPV3LlgCQr0gT1z74XAsxwQA1RyUiFIg-1685990902-0-gaNycGzNCns&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.553.0&bs=d1fae2b6-8ef5-40cb-87d2-8487610d8c61&userId=6e5ef08875ff4c61a695ce8915b82d05&m=link HTTP/1.1
Host: woovoree.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nsw2u.com/
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Cookie: OAID=6e5ef08875ff4c61a695ce8915b82d05; oaidts=1685990910
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:31 GMT
content-type: application/json
x-trace-id: 41f38d6e84ba12a2b7305863801ab933
access-control-allow-origin: https://nsw2u.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=6e5ef08875ff4c61a695ce8915b82d05; expires=Tue, 04 Jun 2024 18:48:31 GMT; path=/; secure; SameSite=None
oaidts=1685990911; expires=Tue, 04 Jun 2024 18:48:31 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Mon, 12 Jun 2023 18:48:31 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.min.js

188.114.96.1

200 OK

124 kB

URL GET HTTP/3
nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:E1:F1:94:E2:4D:02:FF:E7:22:0C:84:DB:E0:04:E6:FA:70:3B:41
ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
ASCII text, with very long lines (32024)
Size
124 kB (123510 bytes)
Hash
7ed39eb42c8c450b59a24bab9cfa7fae
7fdd3fee90709f703fac533b6061864fcd7ec206
35ddb1ce73a4ac4f4792b00c8b8c56cbf857910ada5e2a0183d898b01adc16bb

HTTP Headers

GET /wp-content/themes/posterpro/foundation/js/foundation.min.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/doom-switch-xci-nsp
Cookie: cf_clearance=8NtV7LxXnMmKah26IYPww0KY_LVcM_RhHjdzWk._u9k-1685990902-0-160
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 18:48:27 GMT
cache-control: public, max-age=16070400
expires: max-age=A10368000, public  content-type: application/javascript
last-modified: Wed, 16 Nov 2022 18:49:09 GMT
vary: Accept-Encoding,User-Agent
cf-cache-status: HIT
age: 34025
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bNieBOlSShueJjwjaAuVayj5wrqjUM3AFAbc2vdLQuSW%2FyLQycEgYj28%2FCcxIioRJfmXOyPeNmDp0vnP4JJnUe%2BkUUfe8WS0zYxAkxo%2BHt7pE3S72FTqXMBl7WM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2a97028ebafab8-OSL
alt-svc: h3=":443"; ma=86400

i0.wp.com/i106.fastpic.ru/thumb/2019/0721/2d/0795a07f0fe8a32ebf04bbec027e092d.jpeg?w=640&ssl=1

192.0.77.2

200 OK

5.6 kB

URL GET HTTP/2
i0.wp.com/i106.fastpic.ru/thumb/2019/0721/2d/0795a07f0fe8a32ebf04bbec027e092d.jpeg?w=640&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/doom-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x168, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
5.6 kB (5578 bytes)
Hash
6547bdedd3ce6f39a98fc1697f5e679f
ec7875f45415cb3f0343dbe55f8b055a60238b13
032bc0322f2bd5e3fd1eddc3f3977d7ef75f36ed301991c6a596b9b7a374166e

HTTP Headers

GET /i106.fastpic.ru/thumb/2019/0721/2d/0795a07f0fe8a32ebf04bbec027e092d.jpeg?w=640&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 18:48:30 GMT
content-type: image/webp
content-length: 5578
last-modified: Fri, 03 Feb 2023 14:53:28 GMT
expires: Mon, 03 Feb 2025 02:53:28 GMT
cache-control: public, max-age=63115200
link: <https://i106.fastpic.ru/thumb/2019/0721/2d/0795a07f0fe8a32ebf04bbec027e092d.jpeg>; rel="canonical"
x-content-type-options: nosniff
etag: "63c57dfc74359733"
vary: Accept
x-nc: MISS arn 3
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (85)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by