firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 15 Sep 2022 18:10:29 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: lKqSLandQMG2tfW06y0BQT99bOx8VaEcUYrCnItLXyGymucLjz98bQ==
Age: 82
r3.o.lencr.org/
23.36.76.225200 OK 503 B IP 23.36.76.225:0
ASN #20940 Akamai International B.V.
Hash be88d3e043e3b95b52e41812e50fb634
0318ba1ce487817ea7cba61dd9413bed29213800
b5f178d23e633283f226cca7a9ae79b01e6cab2299ff7065c980d3a9953212fd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B5F178D23E633283F226CCA7A9AE79B01E6CAB2299FF7065C980D3A9953212FD"
Last-Modified: Tue, 13 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13631
Expires: Thu, 15 Sep 2022 21:59:02 GMT
Date: Thu, 15 Sep 2022 18:11:51 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 15 Sep 2022 04:35:16 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 9dfQgI9lno8-Uv9cFXUTn7DSCJd2VIZr8LI_Gmqfet9US2WPse_9wg==
age: 48996
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 15 Sep 2022 18:11:51 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Thu, 15 Sep 2022 18:03:22 GMT
Expires: Thu, 15 Sep 2022 18:03:22 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: h9TxMaCXvDVEwZkwIXYT4EYpOdcGByE9jjfQ5HkXTUS4IsLNWOuJ2w==
Age: 509
store.thinkedu.com/redirect.aspx?Target=account.aspx
104.255.215.12302 Found 159 B URL HTTP/1.1 store.thinkedu.com/redirect.aspx?Target=account.aspx
IP 104.255.215.12:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 9b9f39c61ca6ca49483339f1ca932e01
e0daf3c752f1f1630d5fd165e9fc03875203a126
6bbea5ae5b1f045b314e1f576a8c0c3990b98947fd48edf1a8e60710cc24f5bc
GET /redirect.aspx?Target=account.aspx HTTP/1.1
Host: store.thinkedu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: https://store.thinkEDU.com/denyaccess.aspx
Set-Cookie: ASP.NET_SessionIdHttps=897d794f-8fe1-4cbc-b35e-44c223e01e4d; path=/; SameSite=None; secure; HttpOnly
Layout+tedu=False; path=/; SameSite=None; secure; HttpOnly
TS01c4c7c8=019d1b6b84bb94e09f06249188e0448a504c7bf2f6e4d96e319f5e46cdd54d663e547dc0cce5044b65e5ea3791138b5b20df555f14; Path=/
Date: Thu, 15 Sep 2022 18:11:51 GMT
Content-Length: 159
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d597af1ab2f21a983bf0f0d105b94209
9d5dd938777abde094c89066b539141a02106b88
a614eb7f969544c8040642be7c852625341e2441e757d063d2af1ff465c8c3f4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5884
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:11:52 GMT
Last-Modified: Thu, 15 Sep 2022 16:33:48 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
34.215.91.121101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.215.91.121:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: O7Wdprt14YreLK30bfa/cg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: kfCEJ42HM9mMsSfCD+X7ZAM5DZE=
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 3485f2fbd2ec252863278b5f210067e1
637f0cd6ef20db7f950a09461b9b31be55a00952
1016a268076f77a4a07e22b3f8eda13071404a10dd9675962c41a12813b530d6
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 18:11:52 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 13 Sep 2022 02:52:11 GMT
Expires: Tue, 20 Sep 2022 02:52:10 GMT
Etag: "637f0cd6ef20db7f950a09461b9b31be55a00952"
Cache-Control: max-age=376217,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74b353cb98b61c0a-OSL
store.thinkedu.com/denyaccess.aspx
104.255.215.12302 Found 159 B URL HTTP/1.1 store.thinkedu.com/denyaccess.aspx
IP 104.255.215.12:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 9b9f39c61ca6ca49483339f1ca932e01
e0daf3c752f1f1630d5fd165e9fc03875203a126
6bbea5ae5b1f045b314e1f576a8c0c3990b98947fd48edf1a8e60710cc24f5bc
Analyzer Verdict Alert fortinet Phishing
GET /denyaccess.aspx HTTP/1.1
Host: store.thinkedu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: https://store.thinkEDU.com/denyaccess.aspx
Set-Cookie: ASP.NET_SessionIdHttps=9d6c5bb9-58a6-48df-9217-95b255c367c1; path=/; SameSite=None; secure; HttpOnly
Layout+tedu=False; path=/; SameSite=None; secure; HttpOnly
TS01c4c7c8=019d1b6b844cf226b19288e5964f9f60a7bf72b0381f1df85d846d4aea3d3fd468ebd7dfde7cc73af72622f7d2aef7bb7b56f5347d; Path=/; Secure
Date: Thu, 15 Sep 2022 18:11:52 GMT
Content-Length: 159
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
store.thinkedu.com/denyaccess.aspx
104.255.215.12200 OK 13 kB URL HTTP/1.1 store.thinkedu.com/denyaccess.aspx
IP 104.255.215.12:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5120), with CRLF line terminators
Hash 26deb83e6de5a5e785e2fcb9f9ebe1a1
41e5aafe34c86bc56405fac9ab3640c2aa5af223
467a4cdd25a99ff47617ca1cdfb7858afd763fa279e6209c98d80d4fcf1aaa67
Analyzer Verdict Alert fortinet Phishing
GET /denyaccess.aspx HTTP/1.1
Host: store.thinkedu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: TS01c4c7c8=019d1b6b844cf226b19288e5964f9f60a7bf72b0381f1df85d846d4aea3d3fd468ebd7dfde7cc73af72622f7d2aef7bb7b56f5347d; ASP.NET_SessionIdHttps=9d6c5bb9-58a6-48df-9217-95b255c367c1; Layout+tedu=False
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Strict-Transport-Security: max-age=15552000
Date: Thu, 15 Sep 2022 18:11:52 GMT
X-Frame-Options: SAMEORIGIN
Set-Cookie: __AntiXsrfHttps=cc979dc61f1748c7a1751c9fd739afb5; path=/; SameSite=None; secure; HttpOnly
TS01c4c7c8=019d1b6b844cf226b19288e5964f9f60a7bf72b0381f1df85d846d4aea3d3fd468ebd7dfde7cc73af72622f7d2aef7bb7b56f5347d; Path=/; Secure
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 13226
Connection: Keep-Alive
r3.o.lencr.org/
23.36.76.225200 OK 503 B IP 23.36.76.225:0
ASN #20940 Akamai International B.V.
Hash b9bfbb189fcbbdc76ff274e424f39053
de008d728f2274f08019c97bc969ddd6fe64a65d
a4f07d30f29e785e2ee605aee590ab928c3e1412f4dc61ff163cf32445cc3af4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A4F07D30F29E785E2EE605AEE590AB928C3E1412F4DC61FF163CF32445CC3AF4"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14086
Expires: Thu, 15 Sep 2022 22:06:39 GMT
Date: Thu, 15 Sep 2022 18:11:53 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1266c973-1bdd-4969-82ca-1106689fe929.jpeg
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1266c973-1bdd-4969-82ca-1106689fe929.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f50c34bc30a732593e8fe465055a44ff
af100925cba1be716fd2200715d6136bd7f0c5bc
703049736ccc8815945d69634059c4cd39533417e0969107d460c36a6787c761
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1266c973-1bdd-4969-82ca-1106689fe929.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5078
x-amzn-requestid: b6177371-a8ba-4541-a48d-21bd806e866e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X0erUHT-IAMFWKg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6311ab15-157ed5b700e0aad5481f5c0f;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 07:04:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Vlo8vCUrKDtvhAGHSYKMmPk-wVNgx9OlU3ZVrpgG0tgk8ZBllAtXNQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 20:21:58 GMT
age: 78595
etag: "af100925cba1be716fd2200715d6136bd7f0c5bc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 4fa15cde274a0b24617d112bfd07bed4
6d98814c4383236d9c172f776fc6eb3cf43fc73d
a7b867af72b03b4f2be3dad2e99aa51842f373922a6a1ebbbed03a5634f04e57
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 15 Sep 2022 18:11:53 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 14 Sep 2022 23:19:52 GMT
Expires: Thu, 15 Sep 2022 23:19:52 GMT
ETag: "6d98814c4383236d9c172f776fc6eb3cf43fc73d"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 4fa15cde274a0b24617d112bfd07bed4
6d98814c4383236d9c172f776fc6eb3cf43fc73d
a7b867af72b03b4f2be3dad2e99aa51842f373922a6a1ebbbed03a5634f04e57
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 15 Sep 2022 18:11:53 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 14 Sep 2022 23:19:52 GMT
Expires: Thu, 15 Sep 2022 23:19:52 GMT
ETag: "6d98814c4383236d9c172f776fc6eb3cf43fc73d"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4d822c-5153-4c55-bcb3-aa6ee72e3b62.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4d822c-5153-4c55-bcb3-aa6ee72e3b62.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f2157f7cfbdeb607f28ae51eb090f2c3
33d0dcadaa42179b2eae914c8ad16c9c088afbc9
135cd89c2c82f0f5e53d2612d5eac868c175b28a567a07e63a2073942e36a066
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4d822c-5153-4c55-bcb3-aa6ee72e3b62.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6078
x-amzn-requestid: e09c099f-5a2d-49d7-b6ab-e16f09c28bd0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YavJEEM5IAMFreQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f8a0-0fbb7b3d0cd6fbfa04f5a5d2;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:39:44 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Rx8KX_QI5I2x7q0gcvxcJX7QzZUe2KkfqAUVR64lEujF4xDEWWDhZQ==
via: 1.1 9b21fd56256eda6d1379e32829c4c446.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 20:21:10 GMT
age: 78643
etag: "33d0dcadaa42179b2eae914c8ad16c9c088afbc9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 4fa15cde274a0b24617d112bfd07bed4
6d98814c4383236d9c172f776fc6eb3cf43fc73d
a7b867af72b03b4f2be3dad2e99aa51842f373922a6a1ebbbed03a5634f04e57
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 15 Sep 2022 18:11:53 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 14 Sep 2022 23:19:52 GMT
Expires: Thu, 15 Sep 2022 23:19:52 GMT
ETag: "6d98814c4383236d9c172f776fc6eb3cf43fc73d"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F706eea65-3ba8-43f4-85c3-967026936660.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F706eea65-3ba8-43f4-85c3-967026936660.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3ef9865421a37eae9a4df04083d27485
c7cf1f6a259cece60a34261ec83ee00736e1d72b
723b65ba660f22281f85d6caceea23e9cd932ee9084dc905a08a585746c4c4cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F706eea65-3ba8-43f4-85c3-967026936660.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9922
x-amzn-requestid: de1e3e45-74ff-41b2-986f-e78473cb6d98
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YVc1SGM7IAMFw0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631edb54-2099524d6f2c338b41eea101;Sampled=0
x-amzn-remapped-date: Mon, 12 Sep 2022 07:10:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: g4LYoK2-sx5QTvWPxwsh8yhHjOswmtzMB6d4N9YAvQOvspuvSFbJOA==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 22:17:07 GMT
age: 71686
etag: "c7cf1f6a259cece60a34261ec83ee00736e1d72b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F86bf6a5e-a3e5-479d-a052-fa843c45a3d9.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F86bf6a5e-a3e5-479d-a052-fa843c45a3d9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4833535b1650b0ac875704023b650e66
96ab8cd8e14350f730d26731f3445710324e24e2
d2b5a51e39a4890ba56e819d4d5d1d57d4d3cfc50dde42efdf23b8e9be17d1c7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F86bf6a5e-a3e5-479d-a052-fa843c45a3d9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9400
x-amzn-requestid: 8cf35176-18a1-427b-870c-bdae465060c8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYM18E-iIAMFcmg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631ff4f2-427bc0ff6593e71e25b91589;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 03:11:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0nTpbTo79RT78Sin1pTWaq4pRKWZyqnBkZCT2p66wWoW-A1OScJmIg==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 20:21:09 GMT
age: 78644
etag: "96ab8cd8e14350f730d26731f3445710324e24e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb035d64b-46a7-4c49-b95b-e454aa90f817.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb035d64b-46a7-4c49-b95b-e454aa90f817.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1633672fad0b564108cf81ad711dc881
d37ad0f40bc1f3f0022467dd0af2478980bd858a
cc7176a297f6009f07074fb9af796132b4452833be675bf378cc950fe81a582a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb035d64b-46a7-4c49-b95b-e454aa90f817.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9071
x-amzn-requestid: b450f7cf-6cc7-4d1f-aef3-4496f0971727
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YeIxuEq6oAMF9jQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632254d7-6912ef8731d81fa43b805e5b;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 22:25:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 6LDUuDX1W8-Q88pDJma0xCAd5QuJ0YV-VpJ_8LVyDHX9YN1k0fQZ8Q==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 22:25:28 GMT
etag: "d37ad0f40bc1f3f0022467dd0af2478980bd858a"
content-type: image/jpeg
age: 71185
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 4fa15cde274a0b24617d112bfd07bed4
6d98814c4383236d9c172f776fc6eb3cf43fc73d
a7b867af72b03b4f2be3dad2e99aa51842f373922a6a1ebbbed03a5634f04e57
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 15 Sep 2022 18:11:53 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 14 Sep 2022 23:19:52 GMT
Expires: Thu, 15 Sep 2022 23:19:52 GMT
ETag: "6d98814c4383236d9c172f776fc6eb3cf43fc73d"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fafb10f81-8409-401c-bd62-3ec01954600c.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fafb10f81-8409-401c-bd62-3ec01954600c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2e5f57ba37fac4e6047a9a321a8ec084
f6b742549ea35a4b1345cffb937a8bbcceee08ef
f8c67c54806e47089b9ba297599e3e4cde1fd2e2e38b76acc9e8de0e99d7b77e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fafb10f81-8409-401c-bd62-3ec01954600c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6770
x-amzn-requestid: b7c9513c-b8ba-41c7-9f9a-0a9d2266172d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X7FlpEVRIAMFygA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63144fbd-7a4408363cdc46c9355a9f47;Sampled=0
x-amzn-remapped-date: Sun, 04 Sep 2022 07:11:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: fqj5PljprRruE1jwYAVwKoHkjys-RakUjzuV67_Ued6T4et99JPxPg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 21:42:04 GMT
age: 73789
etag: "f6b742549ea35a4b1345cffb937a8bbcceee08ef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 4fa15cde274a0b24617d112bfd07bed4
6d98814c4383236d9c172f776fc6eb3cf43fc73d
a7b867af72b03b4f2be3dad2e99aa51842f373922a6a1ebbbed03a5634f04e57
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 15 Sep 2022 18:11:53 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 14 Sep 2022 23:19:52 GMT
Expires: Thu, 15 Sep 2022 23:19:52 GMT
ETag: "6d98814c4383236d9c172f776fc6eb3cf43fc73d"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
store.thinkedu.com/cartcontents.js
104.255.215.12302 Found 159 B URL HTTP/1.1 store.thinkedu.com/cartcontents.js
IP 104.255.215.12:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 9b9f39c61ca6ca49483339f1ca932e01
e0daf3c752f1f1630d5fd165e9fc03875203a126
6bbea5ae5b1f045b314e1f576a8c0c3990b98947fd48edf1a8e60710cc24f5bc
GET /cartcontents.js HTTP/1.1
Host: store.thinkedu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.thinkedu.com/denyaccess.aspx
Cookie: TS01c4c7c8=019d1b6b844cf226b19288e5964f9f60a7bf72b0381f1df85d846d4aea3d3fd468ebd7dfde7cc73af72622f7d2aef7bb7b56f5347d; ASP.NET_SessionIdHttps=9d6c5bb9-58a6-48df-9217-95b255c367c1; Layout+tedu=False; __AntiXsrfHttps=cc979dc61f1748c7a1751c9fd739afb5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Cache-Control: public, must-revalidate, max-age=2592000
Content-Type: application/x-javascript; charset=utf-8
Expires: Sat, 15 Oct 2022 18:11:53 GMT
Last-Modified: Tue, 01 Jan 1980 08:00:00 GMT
Location: https://store.thinkEDU.com/denyaccess.aspx
Date: Thu, 15 Sep 2022 18:11:53 GMT
Content-Length: 159
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash e68883af908046a5ee580588f63bf16a
b305a70b80e854fe3ed49b77381cc7b7f361a070
8b0479841528884f51d12d90fdf3d183afd31fd6776cb373d256c97d0d742290
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 15 Sep 2022 18:11:53 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 14 Sep 2022 22:19:14 GMT
Expires: Thu, 15 Sep 2022 22:19:14 GMT
ETag: "b305a70b80e854fe3ed49b77381cc7b7f361a070"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
store.thinkedu.com/denyaccess.aspx
104.255.215.12200 OK 13 kB URL HTTP/1.1 store.thinkedu.com/denyaccess.aspx
IP 104.255.215.12:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5120), with CRLF line terminators
Hash 26deb83e6de5a5e785e2fcb9f9ebe1a1
41e5aafe34c86bc56405fac9ab3640c2aa5af223
467a4cdd25a99ff47617ca1cdfb7858afd763fa279e6209c98d80d4fcf1aaa67
Analyzer Verdict Alert fortinet Phishing
GET /denyaccess.aspx HTTP/1.1
Host: store.thinkedu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://store.thinkedu.com/denyaccess.aspx
Connection: keep-alive
Cookie: TS01c4c7c8=019d1b6b844cf226b19288e5964f9f60a7bf72b0381f1df85d846d4aea3d3fd468ebd7dfde7cc73af72622f7d2aef7bb7b56f5347d; ASP.NET_SessionIdHttps=9d6c5bb9-58a6-48df-9217-95b255c367c1; Layout+tedu=False; __AntiXsrfHttps=cc979dc61f1748c7a1751c9fd739afb5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Strict-Transport-Security: max-age=15552000
Date: Thu, 15 Sep 2022 18:11:53 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 13226
Connection: Keep-Alive
api.cartstack.com/js/customer-tracking/www.thinkedu.com_4a821ccc81a556a30386a4ed32f45550.js
44.238.13.135200 OK 1.7 kB URL HTTP/1.1 api.cartstack.com/js/customer-tracking/www.thinkedu.com_4a821ccc81a556a30386a4ed32f45550.js
IP 44.238.13.135:0
File type ASCII text, with very long lines (604), with CRLF line terminators
Hash a46496d22072ea6c330eb100d38564ba
13a34d96f1a6f12ac2f27e3273b884c85e6bff82
4ea06549e976aca47ba4ae6789d3a13ffa49699272ab2bc5de6aadf4cc927c50
GET /js/customer-tracking/www.thinkedu.com_4a821ccc81a556a30386a4ed32f45550.js HTTP/1.1
Host: api.cartstack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.thinkedu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Type: application/javascript
Date: Thu, 15 Sep 2022 18:11:54 GMT
ETag: "1654-5dfedfd0d768c-gzip"
Expires: Sat, 15 Oct 2022 18:11:54 GMT
Last-Modified: Thu, 26 May 2022 18:02:09 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.1e-fips mod_auth_gssapi/1.3.1 mod_auth_kerb/5.4 PHP/5.4.16
Vary: Accept-Encoding
Content-Length: 1655
Connection: keep-alive
s7.addthis.com/js/300/addthis_widget.js
23.38.200.123200 OK 116 kB URL HTTP/2 s7.addthis.com/js/300/addthis_widget.js
IP 23.38.200.123:0
File type ASCII text, with very long lines (54602)
Size 116 kB (116423 bytes)
Hash d5b9b7a3accd3b7b7de639c072ae3ee2
9583b5c046d78af5c6379d844219f828aa2222d0
648dad6716bb917c7d981e7772fca499d9583717fd83ffef47b0534cb9132b60
GET /js/300/addthis_widget.js HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.thinkedu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.15.8
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: "5f971164-5834c"
cache-control: public, max-age=600
strict-transport-security: max-age=15724800; includeSubDomains
content-type: application/javascript
content-encoding: gzip
content-length: 116423
date: Thu, 15 Sep 2022 18:11:54 GMT
vary: Accept-Encoding
x-distribution: 99
x-host: s7.addthis.com
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7dff4bc87dbee6fd33e0d7a3dc5ed3bd
59878d4dd98e60b39dcf7ac288e77bb262afab5d
8c3a027cee1f48144eb0504deff1f2b9aa98c9fc3f4e3057ece6caac9f604315
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4401
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:11:54 GMT
Last-Modified: Thu, 15 Sep 2022 16:58:33 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
platform.twitter.com/widgets.js
93.184.220.66200 OK 29 kB URL HTTP/1.1 platform.twitter.com/widgets.js
IP 93.184.220.66:0
File type Unicode text, UTF-8 text, with very long lines (33915)
Hash 0ccf02d52b75b85c65aa5460aa24aebf
50d1a19cb9ebbd6d42173ce2d963ea4df29e8e5a
d13778acf057777bad23fd020088463d65d2b7baff042cd4529d27faa46daf38
GET /widgets.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.thinkedu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3000
Age: 751
Cache-Control: public, max-age=1800
Content-Type: application/javascript; charset=utf-8
Date: Thu, 15 Sep 2022 18:11:54 GMT
Etag: "f116c7e6b28e2aebeb60ade5bdc8e2b4+gzip"
Last-Modified: Wed, 31 Aug 2022 20:41:50 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F70A)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 29220
connect.facebook.net/en_US/sdk.js
31.13.72.12200 OK 1.7 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (1961)
Hash 38b70cc4a4aff90990410af4c02af171
16df105fd7723d32590f3f90923dc93bb23e9b1d
34d9e3243f47eca150fe7a3d6ee631abcd6a1c78cc0d613132ff2532bddb954b
GET /en_US/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://store.thinkedu.com
Connection: keep-alive
Referer: https://store.thinkedu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: aa066b4e3c0c2abfc152dbbefe4e4588
etag: "2adb59682a2385a80269e8357a607e3c"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Thu, 15 Sep 2022 18:28:51 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: OLcMxKSv+QmQQQr0wCrxcQ==
x-fb-debug: zpi3R+TiJWhuOqHXHMj2ET+J1+ciYOVZwKxzu+gzEMa6IPStBDWcYHM6uCUSRD2TtJCDDfBu7qFrzuqo/qL2RA==
priority: u=3,i
content-length: 1688
x-fb-trip-id: 1904183273
date: Thu, 15 Sep 2022 18:11:54 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ed1a966e9770807ef8b4f57a5113d29a
d843a3d371ee0424004f68ccc32ce06e6bc6e6c7
4932c01d3db39a9ac2f0f7e2693af95e5a334697edfd8d078fd52e421ba43721
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:11:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7dff4bc87dbee6fd33e0d7a3dc5ed3bd
59878d4dd98e60b39dcf7ac288e77bb262afab5d
8c3a027cee1f48144eb0504deff1f2b9aa98c9fc3f4e3057ece6caac9f604315
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4401
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:11:54 GMT
Last-Modified: Thu, 15 Sep 2022 16:58:33 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
ssl.google-analytics.com/ga.js
142.250.74.40200 OK 17 kB URL HTTP/2 ssl.google-analytics.com/ga.js
IP 142.250.74.40:0
File type ASCII text, with very long lines (1305)
Hash 01d5892e6e243b52998310c2925b9f3a
58180151b6a6ee4af73583a214b68efb9e8844d4
7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d
GET /ga.js HTTP/1.1
Host: ssl.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.thinkedu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 17168
date: Thu, 15 Sep 2022 16:29:20 GMT
expires: Thu, 15 Sep 2022 18:29:20 GMT
cache-control: public, max-age=7200
age: 6154
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
platform.twitter.com/widgets/widget_iframe.c4bdc17e77719578b594d5555bee90db.html?origin=https%3A%2F%2Fstore.thinkedu.com
93.184.220.66200 OK 105 kB URL HTTP/1.1 platform.twitter.com/widgets/widget_iframe.c4bdc17e77719578b594d5555bee90db.html?origin=https%3A%2F%2Fstore.thinkedu.com
IP 93.184.220.66:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (56168)
Size 105 kB (105445 bytes)
Hash aa228863765c3263e12f1d7c71015518
619739a12e0f16eab26a43a913b35779edea57a6
cf9a241903646ee9b88b76da2bb3e11d16f36246f7bbc53bbe2c98466e5ea12a
GET /widgets/widget_iframe.c4bdc17e77719578b594d5555bee90db.html?origin=https%3A%2F%2Fstore.thinkedu.com HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.thinkedu.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 1286921
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Thu, 15 Sep 2022 18:11:54 GMT
Etag: "50d73c0b4a4c7e4697b9c6ac6f1ecd75+gzip"
Last-Modified: Wed, 31 Aug 2022 20:40:57 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F6FE)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105445
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cfd2db57907a02add07cc8f727a30ca6
f9a6f8af7868c0be0a22fee404e0b07cf737bbaa
d8bac3b77cb2732588815a8bcb3ad6a49e518f04f99bf20513d91ffb30eee947
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:11:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
thinkedu.com/wp-content/themes/think_edu/images/logo.png
208.109.200.156200 OK 19 kB URL HTTP/2 thinkedu.com/wp-content/themes/think_edu/images/logo.png
IP 208.109.200.156:0
ASN #398101 GO-DADDY-COM-LLC
File type PNG image data, 291 x 91, 8-bit/color RGBA, non-interlaced\012- data
Hash c45b5c824f7362c8465c9025e8f439f9
75f220dc113c04f8dd53eeabd330f69995e3f7a9
3fc02ca2cadad258865f7c48cdcfbcd8ea109d9d1d636bcddd406f8cad7a48cf
GET /wp-content/themes/think_edu/images/logo.png HTTP/1.1
Host: thinkedu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.thinkedu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
last-modified: Thu, 31 May 2012 13:06:23 GMT
etag: "1000a21-4973-4c154bc0991c0"
accept-ranges: bytes
content-length: 18803
content-type: image/png
date: Thu, 15 Sep 2022 18:11:54 GMT
server: Apache
X-Firefox-Spdy: h2
thinkedu.com/wp-content/themes/think_edu/images/thinkban.png
208.109.200.156200 OK 7.0 kB URL HTTP/2 thinkedu.com/wp-content/themes/think_edu/images/thinkban.png
IP 208.109.200.156:0
ASN #398101 GO-DADDY-COM-LLC
File type PNG image data, 293 x 80, 8-bit/color RGB, non-interlaced\012- data
Hash 2ec05a5ec14813b04dadafd6cd563e9e
8c85d2badae48bd7b4995b93221cc5d56de2f86d
f20cd52c5811a715e096fcd745ebe23619f3af8435ab8aac6da1f8511db1754d
GET /wp-content/themes/think_edu/images/thinkban.png HTTP/1.1
Host: thinkedu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.thinkedu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
last-modified: Fri, 05 Aug 2022 14:53:41 GMT
etag: "1000fb5-1b82-5e57fa1c1e740"
accept-ranges: bytes
content-length: 7042
content-type: image/png
date: Thu, 15 Sep 2022 18:11:54 GMT
server: Apache
X-Firefox-Spdy: h2
thinkedu.com/wp-content/themes/think_edu/images/cart-small.png
208.109.200.156200 OK 4.3 kB URL HTTP/2 thinkedu.com/wp-content/themes/think_edu/images/cart-small.png
IP 208.109.200.156:0
ASN #398101 GO-DADDY-COM-LLC
File type PNG image data, 49 x 45, 8-bit/color RGBA, non-interlaced\012- data
Hash 0db4c5688c77af86e6e1d8e78ea24844
1a4b883c5f875af86d5bac92c3d541b1609cef62
c95c0079115b89fa2f71ca5ef71720d052a7421b725a24bfb80bcf640f623126
GET /wp-content/themes/think_edu/images/cart-small.png HTTP/1.1
Host: thinkedu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.thinkedu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
last-modified: Wed, 05 Aug 2020 11:38:52 GMT
etag: "1000a10-10a5-5ac1fd0e22b00"
accept-ranges: bytes
content-length: 4261
content-type: image/png
date: Thu, 15 Sep 2022 18:11:54 GMT
server: Apache
X-Firefox-Spdy: h2
z.moatads.com/addthismoatframe568911941483/moatframe.js
23.38.201.146200 OK 948 B URL HTTP/2 z.moatads.com/addthismoatframe568911941483/moatframe.js
IP 23.38.201.146:0
File type ASCII text, with very long lines (523)
Hash f14b4e1f799b14f798a195f43cf58376
b6fd3b3d407fb4c0a00fb8a31862235e2a6e0a86
92ed3e9fda5fa4d738ff4d9023846b56633617363dda6a750cacb4fba53241ac
GET /addthismoatframe568911941483/moatframe.js HTTP/1.1
Host: z.moatads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.thinkedu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: e0HboiVQpjIDEK8WTxqU5+8G8wOtu9bNCFY72alTHLP0/Yb+qoiTOxu6fad89ebRofzHxENxOOg=
x-amz-request-id: 61EC92F13BB22DD4
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
etag: "f14b4e1f799b14f798a195f43cf58376"
content-encoding: gzip
accept-ranges: bytes
content-type: application/x-javascript
content-length: 948
server: AmazonS3
vary: Accept-Encoding
cache-control: max-age=59434
date: Thu, 15 Sep 2022 18:11:55 GMT
X-Firefox-Spdy: h2
connect.facebook.net/en_US/sdk.js?hash=00f9fde632e56b7455f0262c9858e734
31.13.72.12200 OK 88 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js?hash=00f9fde632e56b7455f0262c9858e734
IP 31.13.72.12:0
File type ASCII text, with very long lines (18570)
Hash cd86a64a1aa518df7747d343e89ebb8f
3279231a9298069fce103136bb6562845156eb97
107ac7ae8e891403031b7b7b08e38e85d8b8df56ad5b3989fbbc99a21fd6d51e
GET /en_US/sdk.js?hash=00f9fde632e56b7455f0262c9858e734 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://store.thinkedu.com
Connection: keep-alive
Referer: https://store.thinkedu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 62776d3dd06dc588f3a1e3f2d822bd0a
etag: "ca4a5417a9918de2c21723cbaaa059ec"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Fri, 15 Sep 2023 14:04:09 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: zYamShqlGN93R9ND6J67jw==
x-fb-debug: np41NQQ+XEJHlGvSw5oa964YNoujsJxtBwGX+/bsi/kRicOWVpqMng3Ge8CtHTLYI2OvMkr+iUxmCJkaPWp4xQ==
content-length: 88473
x-fb-trip-id: 1904183273
date: Thu, 15 Sep 2022 18:11:55 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 0d6d880bbb3a13bfcd24eeceddf4a8bc
05fc95f19b944ad8323db106b6538232a8f77cc2
84a5f406cd91c0bd0533748fae6f90ec88692f3d13260008a923e602d2bd96bc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5302
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:11:55 GMT
Last-Modified: Thu, 15 Sep 2022 16:43:34 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 312
s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
23.38.200.123200 OK 26 kB URL HTTP/2 s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
IP 23.38.200.123:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (63757)
Hash 707317ccaabe08d32d1bd781754e6871
bb82dcd3e044c960e0861c2ce878f5504e628f78
d0a164ece41c61aec26517fb645646f5ba91f72ea5448eff1ee6c393b7c53051
GET /static/sh.f48a1a04fe8dbf021b4cda1d.html HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.thinkedu.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: text/html
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-11adc"
timing-allow-origin: *
cache-control: public, max-age=86313600
p3p: CP="NON ADM OUR DEV IND COM STA"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 26421
date: Thu, 15 Sep 2022 18:11:55 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=197912659724&ev=fb_page_view&dl=https%3A%2F%2Fstore.thinkedu.com%2Fdenyaccess.aspx&rl=&if=false&ts=1663265499891&sw=1280&sh=1024&at=
31.13.72.36200 OK 44 B URL HTTP/2 www.facebook.com/tr/?id=197912659724&ev=fb_page_view&dl=https%3A%2F%2Fstore.thinkedu.com%2Fdenyaccess.aspx&rl=&if=false&ts=1663265499891&sw=1280&sh=1024&at=
IP 31.13.72.36:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b798f4ce7359fd815df4bdf76503b295
f8cc6addf1707ad236ad9970b0a48f9733d07da5
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
GET /tr/?id=197912659724&ev=fb_page_view&dl=https%3A%2F%2Fstore.thinkedu.com%2Fdenyaccess.aspx&rl=&if=false&ts=1663265499891&sw=1280&sh=1024&at= HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.thinkedu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
date: Thu, 15 Sep 2022 18:11:55 GMT
expires: Thu, 15 Sep 2022 18:11:55 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
cache-control: no-cache, must-revalidate, max-age=0
set-cookie:
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 44
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
syndication.twitter.com/settings?session_id=1c79fdb51866ede7815bf0dd3f455dfab23b99fa
104.244.42.8200 OK 315 B URL HTTP/2 syndication.twitter.com/settings?session_id=1c79fdb51866ede7815bf0dd3f455dfab23b99fa
IP 104.244.42.8:0
File type JSON data\012- , ASCII text, with very long lines (724), with no line terminators
Hash 337895171bedda99072b721c70846968
b4d7f3bd6ecef71c0733dc21723344cb94e6a45f
798f4be409e38ca283cc33755def17dfabcaeae8b90b252bda96b5eea19e4eaa
GET /settings?session_id=1c79fdb51866ede7815bf0dd3f455dfab23b99fa HTTP/1.1
Host: syndication.twitter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://platform.twitter.com/
Origin: https://platform.twitter.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Thu, 15 Sep 2022 18:11:54 GMT
vary: Origin
server: tsa_o
content-type: application/json; charset=utf-8
cache-control: must-revalidate, max-age=600
last-modified: Thu, 15 Sep 2022 18:11:55 GMT
content-length: 315
content-encoding: gzip
strict-transport-security: max-age=631138519
access-control-allow-origin: https://platform.twitter.com
access-control-allow-credentials: true
x-response-time: 113
x-connection-hash: c63f34a62d85d5a57dd771f024ed997538e5f07077e037d3aa0e5195540ff3b9
X-Firefox-Spdy: h2
m.addthis.com/live/red_lojson/300lo.json?si=63236adb3ed607ca&bkl=0&bl=1&pdt=2429&sid=63236adb3ed607ca&pub=nexternal&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=store.thinkedu.com&fp=denyaccess.aspx&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1663265499874&jsl=8353&uvs=63236adbebd04775000&skipb=1&callback=addthis.cbs.jsonp__55847429757851970
23.38.200.123200 OK 89 B URL HTTP/2 m.addthis.com/live/red_lojson/300lo.json?si=63236adb3ed607ca&bkl=0&bl=1&pdt=2429&sid=63236adb3ed607ca&pub=nexternal&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=store.thinkedu.com&fp=denyaccess.aspx&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1663265499874&jsl=8353&uvs=63236adbebd04775000&skipb=1&callback=addthis.cbs.jsonp__55847429757851970
IP 23.38.200.123:0
File type ASCII text, with no line terminators
Hash 5a2b85444573ac0b2470c3e3fdd6dc9b
8f84dbb47fcb22333a3c9e512c59dbec64f2bbbb
8055e34e6cbc5112bbde1fed3dd3532e045eb3481f3ad273924c45a3da277296
GET /live/red_lojson/300lo.json?si=63236adb3ed607ca&bkl=0&bl=1&pdt=2429&sid=63236adb3ed607ca&pub=nexternal&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=store.thinkedu.com&fp=denyaccess.aspx&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1663265499874&jsl=8353&uvs=63236adbebd04775000&skipb=1&callback=addthis.cbs.jsonp__55847429757851970 HTTP/1.1
Host: m.addthis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.thinkedu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
content-length: 89
cache-control: max-age=0, no-cache, no-store, no-transform
pragma: no-cache
content-disposition: attachment; filename=1.txt
date: Thu, 15 Sep 2022 18:11:55 GMT
X-Firefox-Spdy: h2
v1.addthisedge.com/live/boost/nexternal/_ate.track.config_resp
23.38.200.123200 OK 47 B URL HTTP/2 v1.addthisedge.com/live/boost/nexternal/_ate.track.config_resp
IP 23.38.200.123:0
File type ASCII text, with no line terminators
Hash 24c668b115f75423506f2ea21d1b49c2
14f956ddb2d9e8b072cd5f605c3f39526490b391
b542daef470a9730029174f975ce3ce236b3e58bf9183b11956acce994b13a16
GET /live/boost/nexternal/_ate.track.config_resp HTTP/1.1
Host: v1.addthisedge.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.thinkedu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
content-disposition: attachment; filename=1.txt
content-encoding: gzip
content-length: 47
cache-control: public, max-age=55, s-maxage=86400
date: Thu, 15 Sep 2022 18:11:55 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
cdn.nexternal.com/net/scripts/act/MicrosoftAjaxWebForms.js
23.111.11.175200 OK 0 B URL HTTP/2 cdn.nexternal.com/net/scripts/act/MicrosoftAjaxWebForms.js
IP 23.111.11.175:0
GET /net/scripts/act/MicrosoftAjaxWebForms.js HTTP/1.1
Host: cdn.nexternal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.thinkedu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 15 Sep 2022 18:11:53 GMT
content-type: application/x-javascript
cache-control: public, must-revalidate, max-age=2592000
expires: Fri, 14 Oct 2022 21:43:23 GMT
last-modified: Thu, 10 Oct 2013 17:57:34 GMT
x-frame-options: SAMEORIGIN
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.nexternal.com/net/CommonPresentation/JavaScript/jQuery/jquery-ui-1.12.1.min.js
23.111.11.175200 OK 0 B URL HTTP/2 cdn.nexternal.com/net/CommonPresentation/JavaScript/jQuery/jquery-ui-1.12.1.min.js
IP 23.111.11.175:0
GET /net/CommonPresentation/JavaScript/jQuery/jquery-ui-1.12.1.min.js HTTP/1.1
Host: cdn.nexternal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.thinkedu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 15 Sep 2022 18:11:53 GMT
content-type: application/x-javascript
cache-control: public, must-revalidate, max-age=2592000
expires: Fri, 14 Oct 2022 21:50:26 GMT
last-modified: Thu, 17 Mar 2022 20:47:22 GMT
x-frame-options: SAMEORIGIN
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.nexternal.com/net/StoreFront/StyleSheet/CSSHandler/Elastislide-i8480-l38916-a38916-u110315413-bFirefox.css
23.111.11.175200 OK 0 B URL HTTP/2 cdn.nexternal.com/net/StoreFront/StyleSheet/CSSHandler/Elastislide-i8480-l38916-a38916-u110315413-bFirefox.css
IP 23.111.11.175:0
GET /net/StoreFront/StyleSheet/CSSHandler/Elastislide-i8480-l38916-a38916-u110315413-bFirefox.css HTTP/1.1
Host: cdn.nexternal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.thinkedu.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 15 Sep 2022 18:11:54 GMT
content-type: text/css; charset=utf-8
cache-control: public, must-revalidate, max-age=2592000
expires: Sat, 15 Oct 2022 18:11:54 GMT
last-modified: Tue, 01 Jan 1980 08:00:00 GMT
x-frame-options: SAMEORIGIN
server: NetDNA-cache/2.2
x-cache: MISS
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.nexternal.com/net/scripts/act/MicrosoftAjax.js
23.111.11.175200 OK 0 B URL HTTP/2 cdn.nexternal.com/net/scripts/act/MicrosoftAjax.js
IP 23.111.11.175:0
GET /net/scripts/act/MicrosoftAjax.js HTTP/1.1
Host: cdn.nexternal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.thinkedu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 15 Sep 2022 18:11:53 GMT
content-type: application/x-javascript
cache-control: public, must-revalidate, max-age=2592000
expires: Fri, 14 Oct 2022 21:45:20 GMT
last-modified: Fri, 15 May 2020 18:51:56 GMT
x-frame-options: SAMEORIGIN
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.nexternal.com/styles/ssa_close_X_081.css
23.111.11.175200 OK 0 B URL HTTP/2 cdn.nexternal.com/styles/ssa_close_X_081.css
IP 23.111.11.175:0
GET /styles/ssa_close_X_081.css HTTP/1.1
Host: cdn.nexternal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.thinkedu.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 15 Sep 2022 18:11:53 GMT
content-type: text/css
cache-control: public,must-revalidate,max-age=2592000
last-modified: Fri, 09 Sep 2016 22:47:23 GMT
etag: W/"8783421ecad21:0"
x-frame-options: SAMEORIGIN
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.nexternal.com/net/StoreFront/Common/WebServicesCommon.asmx/js.js
23.111.11.175200 OK 0 B URL HTTP/2 cdn.nexternal.com/net/StoreFront/Common/WebServicesCommon.asmx/js.js
IP 23.111.11.175:0
GET /net/StoreFront/Common/WebServicesCommon.asmx/js.js HTTP/1.1
Host: cdn.nexternal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.thinkedu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 15 Sep 2022 18:11:53 GMT
content-type: application/x-javascript; charset=utf-8
cache-control: public, must-revalidate, max-age=2592000
expires: Wed, 01 Sep 2021 17:38:14 GMT
last-modified: Thu, 01 Sep 2022 17:38:14 GMT
x-frame-options: SAMEORIGIN
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.nexternal.com/net/CommonPresentation/JavaScript/jQuery/jquery-3.6.0.min.js
23.111.11.175200 OK 0 B URL HTTP/2 cdn.nexternal.com/net/CommonPresentation/JavaScript/jQuery/jquery-3.6.0.min.js
IP 23.111.11.175:0
GET /net/CommonPresentation/JavaScript/jQuery/jquery-3.6.0.min.js HTTP/1.1
Host: cdn.nexternal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.thinkedu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 15 Sep 2022 18:11:53 GMT
content-type: application/x-javascript
cache-control: public, must-revalidate, max-age=2592000
expires: Fri, 14 Oct 2022 21:45:20 GMT
last-modified: Thu, 17 Mar 2022 20:47:21 GMT
x-frame-options: SAMEORIGIN
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.nexternal.com/net/StoreFront/StyleSheet/CSSHandler/StyleCommon-i8480-l38916-a38916-u110315413-bFirefox-r.css
23.111.11.175200 OK 0 B URL HTTP/2 cdn.nexternal.com/net/StoreFront/StyleSheet/CSSHandler/StyleCommon-i8480-l38916-a38916-u110315413-bFirefox-r.css
IP 23.111.11.175:0
GET /net/StoreFront/StyleSheet/CSSHandler/StyleCommon-i8480-l38916-a38916-u110315413-bFirefox-r.css HTTP/1.1
Host: cdn.nexternal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.thinkedu.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 15 Sep 2022 18:11:54 GMT
content-type: text/css; charset=utf-8
cache-control: public, must-revalidate, max-age=2592000
expires: Sat, 15 Oct 2022 18:11:54 GMT
last-modified: Tue, 01 Jan 1980 08:00:00 GMT
x-frame-options: SAMEORIGIN
server: NetDNA-cache/2.2
x-cache: MISS
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.nexternal.com/net/CommonPresentation/StyleSheet/jQuery/jquery-ui-1.12.1.min.css
23.111.11.175200 OK 0 B URL HTTP/2 cdn.nexternal.com/net/CommonPresentation/StyleSheet/jQuery/jquery-ui-1.12.1.min.css
IP 23.111.11.175:0
GET /net/CommonPresentation/StyleSheet/jQuery/jquery-ui-1.12.1.min.css HTTP/1.1
Host: cdn.nexternal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.thinkedu.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 15 Sep 2022 18:11:53 GMT
content-type: text/css
cache-control: public, must-revalidate, max-age=2592000
expires: Fri, 14 Oct 2022 21:50:26 GMT
last-modified: Thu, 17 Mar 2022 20:47:22 GMT
x-frame-options: SAMEORIGIN
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.nexternal.com/tedu/images/populateHiddenFields_01.js?v=4
23.111.11.175200 OK 0 B URL HTTP/2 cdn.nexternal.com/tedu/images/populateHiddenFields_01.js?v=4
IP 23.111.11.175:0
GET /tedu/images/populateHiddenFields_01.js?v=4 HTTP/1.1
Host: cdn.nexternal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.thinkedu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 15 Sep 2022 18:11:53 GMT
content-type: application/javascript
cache-control: public,must-revalidate,max-age=2592000
last-modified: Tue, 27 Jul 2021 14:10:13 GMT
etag: W/"9955f71df182d71:0"
x-frame-options: SAMEORIGIN
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.nexternal.com/net/scripts/combined/F62C4374010538.js
23.111.11.175200 OK 0 B URL HTTP/2 cdn.nexternal.com/net/scripts/combined/F62C4374010538.js
IP 23.111.11.175:0
GET /net/scripts/combined/F62C4374010538.js HTTP/1.1
Host: cdn.nexternal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.thinkedu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 15 Sep 2022 18:11:53 GMT
content-type: application/x-javascript
cache-control: public, must-revalidate, max-age=2592000
expires: Thu, 06 Oct 2022 12:39:50 GMT
last-modified: Sun, 04 Sep 2022 08:35:24 GMT
x-frame-options: SAMEORIGIN
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.nexternal.com/net/StoreFront/JavaScript/jquery.elevateZoom-2.5.5.min.js
23.111.11.175200 OK 0 B URL HTTP/2 cdn.nexternal.com/net/StoreFront/JavaScript/jquery.elevateZoom-2.5.5.min.js
IP 23.111.11.175:0
GET /net/StoreFront/JavaScript/jquery.elevateZoom-2.5.5.min.js HTTP/1.1
Host: cdn.nexternal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.thinkedu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 15 Sep 2022 18:11:53 GMT
content-type: application/x-javascript
cache-control: public, must-revalidate, max-age=2592000
expires: Fri, 14 Oct 2022 21:50:26 GMT
last-modified: Fri, 01 Jun 2018 17:08:29 GMT
x-frame-options: SAMEORIGIN
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.nexternal.com/net/StoreFront/JavaScript/modernizr.custom.17475.js
23.111.11.175200 OK 0 B URL HTTP/2 cdn.nexternal.com/net/StoreFront/JavaScript/modernizr.custom.17475.js
IP 23.111.11.175:0
GET /net/StoreFront/JavaScript/modernizr.custom.17475.js HTTP/1.1
Host: cdn.nexternal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.thinkedu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 15 Sep 2022 18:11:53 GMT
content-type: application/x-javascript
cache-control: public, must-revalidate, max-age=2592000
expires: Fri, 14 Oct 2022 21:50:26 GMT
last-modified: Thu, 27 Aug 2020 14:27:33 GMT
x-frame-options: SAMEORIGIN
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.nexternal.com/net/CombineScriptsHandler!vx3Qm7cYs98pGbiptVYAYXh0wCbfr79v24C4MJ3dVnFU1!b.js
23.111.11.175200 OK 0 B URL HTTP/2 cdn.nexternal.com/net/CombineScriptsHandler!vx3Qm7cYs98pGbiptVYAYXh0wCbfr79v24C4MJ3dVnFU1!b.js
IP 23.111.11.175:0
GET /net/CombineScriptsHandler!vx3Qm7cYs98pGbiptVYAYXh0wCbfr79v24C4MJ3dVnFU1!b.js HTTP/1.1
Host: cdn.nexternal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.thinkedu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 15 Sep 2022 18:11:53 GMT
content-type: application/x-javascript
cache-control: public, must-revalidate, max-age=2592000
expires: Fri, 14 Oct 2022 21:40:40 GMT
last-modified: Tue, 01 Jan 1980 08:00:00 GMT
x-frame-options: SAMEORIGIN
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.nexternal.com/net/scripts/act/WebForms.js
23.111.11.175200 OK 0 B URL HTTP/2 cdn.nexternal.com/net/scripts/act/WebForms.js
IP 23.111.11.175:0
GET /net/scripts/act/WebForms.js HTTP/1.1
Host: cdn.nexternal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.thinkedu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 15 Sep 2022 18:11:53 GMT
content-type: application/x-javascript
cache-control: public, must-revalidate, max-age=2592000
expires: Fri, 14 Oct 2022 21:45:18 GMT
last-modified: Thu, 10 Oct 2013 17:57:34 GMT
x-frame-options: SAMEORIGIN
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2