wc.school.kiwi Open in urlscan Pro
2001:df5:5e80::201  Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response wc.school.kiwi/	4 KB 2 KB	506ms 119ms	Document text/html	2001:df5:5e80::201 KAMARLIMITED-AS-A...
General Check archive.org Show headers Download Go to Full URL https://wc.school.kiwi/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2001:df5:5e80::201 , New Zealand, ASN141413 (KAMARLIMITED-AS-AP KAMAR Limited, NZ), Reverse DNS Software nginx / Resource Hash f1ec36b27ce77b620c6b2ebd5c17e13a37cdf0978da5228cbcd8c3325567b2ff Security Headers Name Value Strict-Transport-Security max-age=63072000 X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 accept-language en-NZ,en;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate content-encoding gzip content-type text/html; charset=utf-8 date Sun, 04 Jun 2023 22:09:38 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server nginx strict-transport-security max-age=63072000 x-frame-options SAMEORIGIN x-xss-protection 1; mode=block
GET H2	200	master.css wc.school.kiwi/index.php/assets/	167 KB 167 KB	234ms 234ms	Stylesheet text/css	2001:df5:5e80::201 KAMARLIMITED-AS-A...
General Check archive.org Show headers Download Go to Full URL https://wc.school.kiwi/index.php/assets/master.css?v2023.03.004 Requested by Host: wc.school.kiwi URL: https://wc.school.kiwi/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2001:df5:5e80::201 , New Zealand, ASN141413 (KAMARLIMITED-AS-AP KAMAR Limited, NZ), Reverse DNS Software nginx / Resource Hash 2d28516d67b295bedb90c76a35fc7cf65712028c23c53f30ae3a8797a10c8bb5 Security Headers Name Value Strict-Transport-Security max-age=63072000 X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-NZ,en;q=0.9 Referer https://wc.school.kiwi/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers pragma no-cache date Sun, 04 Jun 2023 22:09:38 GMT strict-transport-security max-age=63072000 server nginx x-frame-options SAMEORIGIN content-type text/css;charset=UTF-8 cache-control no-store, no-cache, must-revalidate x-xss-protection 1; mode=block expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	api.js Show response www.google.com/recaptcha/	850 B 875 B	697ms 233ms	Script text/javascript	2404:6800:4003:c0f::67 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api.js Requested by Host: wc.school.kiwi URL: https://wc.school.kiwi/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4003:c0f::67 , Singapore, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash 8d407cd28e2db7a40917117ec99a996194878d452f589860cb45083e6d7208f1 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-NZ,en;q=0.9 Referer https://wc.school.kiwi/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Sun, 04 Jun 2023 22:09:38 GMT content-encoding gzip x-content-type-options nosniff content-security-policy frame-ancestors 'self' server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=UTF-8 cache-control private, max-age=300 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 555 x-xss-protection 1; mode=block expires Sun, 04 Jun 2023 22:09:38 GMT
GET H2	200	crest.jpg wc.school.kiwi/index.php/assets/	42 KB 42 KB	215ms 214ms	Image image/jpeg	2001:df5:5e80::201 KAMARLIMITED-AS-A...
General Check archive.org Show headers Download Go to Show image Full URL https://wc.school.kiwi/index.php/assets/crest.jpg Requested by Host: wc.school.kiwi URL: https://wc.school.kiwi/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2001:df5:5e80::201 , New Zealand, ASN141413 (KAMARLIMITED-AS-AP KAMAR Limited, NZ), Reverse DNS Software nginx / Resource Hash 7556cdc925f26edcae0f2b8921a9e6f534581a49f68fc4b5d1b617d113006d60 Security Headers Name Value Strict-Transport-Security max-age=63072000 X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-NZ,en;q=0.9 Referer https://wc.school.kiwi/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers pragma no-cache date Sun, 04 Jun 2023 22:09:38 GMT strict-transport-security max-age=63072000 server nginx x-frame-options SAMEORIGIN content-type image/jpeg cache-control no-store, no-cache, must-revalidate x-xss-protection 1; mode=block expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	loader.js Show response www.gstatic.com/charts/	61 KB 19 KB	694ms 231ms	Script text/javascript	2404:6800:4003:c1a::5e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/charts/loader.js Requested by Host: wc.school.kiwi URL: https://wc.school.kiwi/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4003:c1a::5e , Singapore, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 369ae154eab37b7ada7776b934833183bb053ebd1d0255f70ef8944f65cabb0c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-NZ,en;q=0.9 Referer https://wc.school.kiwi/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Sun, 04 Jun 2023 21:17:18 GMT content-encoding gzip x-content-type-options nosniff age 3141 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gviz cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 18534 x-xss-protection 0 last-modified Tue, 04 Apr 2023 17:52:30 GMT server sffe cross-origin-opener-policy same-origin; report-to="gviz" vary Accept-Encoding, Origin report-to {"group":"gviz","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gviz"}]} content-type text/javascript cache-control public, max-age=3600 access-control-allow-credentials true accept-ranges bytes expires Sun, 04 Jun 2023 22:17:18 GMT
GET H2	200	javascript.js Show response wc.school.kiwi/index.php/assets/	495 KB 496 KB	120ms 120ms	Script application/javascript	2001:df5:5e80::201 KAMARLIMITED-AS-A...
General Check archive.org Show headers Download Go to Full URL https://wc.school.kiwi/index.php/assets/javascript.js?v2023.03.004 Requested by Host: wc.school.kiwi URL: https://wc.school.kiwi/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2001:df5:5e80::201 , New Zealand, ASN141413 (KAMARLIMITED-AS-AP KAMAR Limited, NZ), Reverse DNS Software nginx / Resource Hash 6115b0c97ab6231e34b038d4356f309d97e0c80a5f1c7e321bf83d8f1b5c7033 Security Headers Name Value Strict-Transport-Security max-age=63072000 X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-NZ,en;q=0.9 Referer https://wc.school.kiwi/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers pragma no-cache date Sun, 04 Jun 2023 22:09:38 GMT strict-transport-security max-age=63072000 server nginx x-frame-options SAMEORIGIN content-type application/javascript cache-control no-store, no-cache, must-revalidate x-xss-protection 1; mode=block expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	recaptcha__en.js Show response www.gstatic.com/recaptcha/releases/sNQO7xVld1CuA2hfFHvkpVL-/	407 KB 163 KB	695ms 232ms	Script text/javascript	2404:6800:4003:c1a::5e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/sNQO7xVld1CuA2hfFHvkpVL-/recaptcha__en.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4003:c1a::5e , Singapore, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash d946e8f3fb4fe90a5ae3027b91a76703106e2c5c1d762fc3fc230895db7b6048 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://wc.school.kiwi/ Origin https://wc.school.kiwi accept-language en-NZ,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Sat, 03 Jun 2023 01:49:37 GMT content-encoding gzip x-content-type-options nosniff age 159602 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 166186 x-xss-protection 0 last-modified Tue, 30 May 2023 00:01:16 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Sun, 02 Jun 2024 01:49:37 GMT

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend object| KAMAR object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client function| replaceAll string| MARKER object| chart_col function| $ function| jQuery function| Popper object| bootstrap number| payment_total object| google object| recaptcha

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			wc.school.kiwi/	1970-01-20 12:18:37	Name: csrf_kamar_cn Value: ccc871f7f40a7f096611e4a5668bd487
			wc.school.kiwi/	1969-12-31 23:59:59	Name: kamar_session Value: 7oo5u86caaftm48i154g6c27sdh3dorq

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

wc.school.kiwi
www.google.com
www.gstatic.com
2001:df5:5e80::201
2404:6800:4003:c0f::67
2404:6800:4003:c1a::5e
2d28516d67b295bedb90c76a35fc7cf65712028c23c53f30ae3a8797a10c8bb5
369ae154eab37b7ada7776b934833183bb053ebd1d0255f70ef8944f65cabb0c
6115b0c97ab6231e34b038d4356f309d97e0c80a5f1c7e321bf83d8f1b5c7033
7556cdc925f26edcae0f2b8921a9e6f534581a49f68fc4b5d1b617d113006d60
8d407cd28e2db7a40917117ec99a996194878d452f589860cb45083e6d7208f1
d946e8f3fb4fe90a5ae3027b91a76703106e2c5c1d762fc3fc230895db7b6048
f1ec36b27ce77b620c6b2ebd5c17e13a37cdf0978da5228cbcd8c3325567b2ff