Overview

URL c1.applicationgrabb.com/?step_id=1&installer_id=2855205737230047377&publisher_id=2606&source_id=0&page_id=0&affiliate_id=0&country_code=RU&locale=EN&browser_id=1&download_id=8335587448226971034&external_id=0&session_id=9615859151959696159&hardware_id=14515253311944759031&product_name=converted+file&amp=&amp=&amp=&amp=&amp=&filesize=2.3&product_title=ListenToYouTube.com&installer_file_name=converted+file&product_file_name=converted+file.mp3&product_download_url=srv51.li&igno=&ignore_downloader=1&reffer=http://www.listentoyoutube.com/
IP173.239.5.6
ASNWEBAIR-INTERNET
Location United States
Report completed2022-09-19 19:52:07 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-19 2 applicationgrabb.com/ Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (47)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS dressmykidno-i05.mycdn.no (4) 0 2021-10-21 11:10:08 UTC 2022-09-19 09:00:10 UTC 143.204.55.13 Unknown ranking
mnemonic passive DNS wapi.lipscore.com (11) 318267 2018-02-11 13:12:58 UTC 2022-09-19 19:52:02 UTC 151.101.86.217
mnemonic passive DNS r3.o.lencr.org (8) 344 2020-12-02 08:52:13 UTC 2022-09-19 04:28:44 UTC 23.36.77.32
mnemonic passive DNS c1.applicationgrabb.com (2) 0 2014-05-22 11:18:43 UTC 2022-09-19 13:02:58 UTC 173.239.5.6 Unknown ranking
mnemonic passive DNS ocsp.digicert.com (4) 86 2012-05-21 07:02:23 UTC 2022-09-19 19:46:33 UTC 93.184.220.29
mnemonic passive DNS clever-redirect.com (1) 0 2021-02-09 06:24:33 UTC 2022-09-19 16:24:39 UTC 78.46.197.88 Unknown ranking
mnemonic passive DNS balor-ghn.com (3) 0 2022-08-26 15:31:19 UTC 2022-09-19 04:26:37 UTC 34.194.66.161 Unknown ranking
mnemonic passive DNS dressmykidno-i04.mycdn.no (7) 0 2021-10-21 11:10:08 UTC 2022-09-19 09:00:10 UTC 143.204.55.13 Unknown ranking
mnemonic passive DNS www.google.com (1) 7 2016-08-04 12:36:31 UTC 2022-09-19 11:41:45 UTC 142.250.74.164
mnemonic passive DNS applicationgrabb.com (2) 0 2014-05-22 11:18:43 UTC 2022-09-18 15:58:54 UTC 173.239.5.6 Unknown ranking
mnemonic passive DNS img-getpocket.cdn.mozilla.net (7) 1631 2017-09-01 03:40:57 UTC 2022-09-19 14:09:37 UTC 34.120.237.76
mnemonic passive DNS api.kelkoogroup.net (1) 468795 2020-06-09 04:00:09 UTC 2022-09-19 16:24:05 UTC 143.204.55.95
mnemonic passive DNS s.kk-resources.com (1) 38577 2018-08-25 06:32:23 UTC 2022-09-19 16:24:06 UTC 143.204.55.7
mnemonic passive DNS s.kelkoogroup.net (1) 316265 2017-09-04 13:00:28 UTC 2022-09-19 12:25:42 UTC 185.60.164.26
mnemonic passive DNS stats.g.doubleclick.net (1) 96 2013-06-02 22:47:44 UTC 2022-09-19 04:28:17 UTC 142.251.1.154
mnemonic passive DNS fonts.googleapis.com (1) 8877 2014-07-21 13:19:55 UTC 2022-09-19 15:19:04 UTC 142.250.74.10
mnemonic passive DNS events.crall.io (1) 0 2017-03-27 06:07:57 UTC 2022-09-19 19:52:02 UTC 54.247.142.14 Unknown ranking
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-19 04:39:15 UTC 52.41.253.170
mnemonic passive DNS api.yadore.com (1) 591567 2019-01-11 04:50:54 UTC 2022-09-19 16:24:04 UTC 88.99.112.6
mnemonic passive DNS status.thawte.com (2) 5123 2017-11-27 12:33:51 UTC 2022-09-19 05:06:21 UTC 93.184.220.29
mnemonic passive DNS js.hcaptcha.com (1) 23463 2021-07-30 11:51:37 UTC 2022-09-19 15:42:37 UTC 104.16.168.131
mnemonic passive DNS dressmykidno-i01.mycdn.no (3) 0 2021-10-21 11:10:07 UTC 2022-09-19 09:00:10 UTC 143.204.55.13 Unknown ranking
mnemonic passive DNS dressmykidno-i02.mycdn.no (1) 0 2021-10-21 11:10:07 UTC 2022-09-19 09:00:10 UTC 143.204.55.13 Unknown ranking
mnemonic passive DNS connect.facebook.net (1) 139 2012-05-22 02:51:28 UTC 2022-09-19 04:30:37 UTC 157.240.200.14
mnemonic passive DNS app.crall.io (3) 0 2017-03-27 06:22:17 UTC 2022-09-19 07:05:34 UTC 34.253.80.175 Unknown ranking
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-19 04:30:26 UTC 34.117.237.239
mnemonic passive DNS ocsp.usertrust.com (1) 899 2012-05-21 15:43:18 UTC 2022-09-19 08:48:37 UTC 104.18.32.68
mnemonic passive DNS www.google-analytics.com (2) 40 2012-10-03 01:04:21 UTC 2022-09-19 11:30:25 UTC 142.250.74.174
mnemonic passive DNS www.googletagmanager.com (3) 75 2012-12-25 14:52:06 UTC 2022-09-19 04:27:30 UTC 142.250.74.72
mnemonic passive DNS dressmykidno-i03.mycdn.no (2) 0 2021-10-21 11:10:07 UTC 2022-09-19 19:52:02 UTC 143.204.55.13 Unknown ranking
mnemonic passive DNS x.klarnacdn.net (1) 8025 2018-10-18 16:58:49 UTC 2022-09-19 18:25:14 UTC 54.230.111.46
mnemonic passive DNS region1.google-analytics.com (1) 0 2022-03-17 11:26:33 UTC 2022-09-19 05:10:35 UTC 216.239.32.36 Domain (google-analytics.com) ranked at: 8401
mnemonic passive DNS dressmykid.no (1) 0 2015-10-23 04:58:58 UTC 2022-08-17 14:04:51 UTC 46.30.215.191 Unknown ranking
mnemonic passive DNS ocsp.pki.goog (14) 175 2017-06-14 07:23:31 UTC 2022-09-19 04:27:19 UTC 142.250.74.3
mnemonic passive DNS ocsp.sca1b.amazontrust.com (2) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 54.230.245.118
mnemonic passive DNS api2.crall.io (1) 0 2021-10-23 09:48:45 UTC 2022-09-19 19:52:02 UTC 52.16.6.39 Unknown ranking
mnemonic passive DNS api-js.datadome.co (1) 8155 2017-10-11 14:14:56 UTC 2022-09-19 06:53:05 UTC 13.51.3.189
mnemonic passive DNS www.dressmykid.no (25) 0 2017-01-22 03:54:54 UTC 2022-09-19 09:00:08 UTC 52.17.124.116 Unknown ranking
mnemonic passive DNS cdn.crall.io (9) 0 2020-04-21 09:08:43 UTC 2022-09-19 07:05:34 UTC 54.230.111.87 Unknown ranking
mnemonic passive DNS static.lipscore.com (4) 483894 2015-01-29 15:18:57 UTC 2022-09-19 07:05:34 UTC 54.230.111.53
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-19 17:59:09 UTC 143.204.55.27
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-19 04:39:15 UTC 143.204.55.49
mnemonic passive DNS lookandfind.me (2) 35702 2021-03-08 12:58:51 UTC 2022-09-19 16:24:39 UTC 157.90.169.168
mnemonic passive DNS dd.kelkoogroup.net (1) 0 2022-06-24 10:22:42 UTC 2022-09-19 12:25:40 UTC 54.230.111.104 Domain (kelkoogroup.net) ranked at: 79339
mnemonic passive DNS pagead2.googlesyndication.com (1) 101 2021-02-20 15:52:05 UTC 2022-09-19 18:22:07 UTC 216.58.207.194
mnemonic passive DNS no-go.kelkoogroup.net (5) 0 2017-10-30 14:27:38 UTC 2022-09-19 17:07:42 UTC 95.211.116.27 Domain (kelkoogroup.net) ranked at: 79339
mnemonic passive DNS fonts.gstatic.com (5) 0 2014-08-29 13:43:22 UTC 2022-09-19 04:27:25 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 173.239.5.6

Date UQ / IDS / BL URL IP
2022-12-06 04:06:39 +0000
0 - 0 - 2 www.cumdose.com/handjob-videos.php&p=100&b=1 173.239.5.6
2022-12-05 01:08:45 +0000
0 - 0 - 4 www.spdoodles.com/ 173.239.5.6
2022-12-02 01:52:59 +0000
0 - 0 - 2 uk.userwww.pcukhgdn8yr.firedmeupppzs.com/557 173.239.5.6
2022-12-02 01:34:33 +0000
0 - 0 - 6 moivepk.a5zhukao.com/jdd 173.239.5.6
2022-12-01 10:55:29 +0000
0 - 0 - 3 ozangurer.net/ 173.239.5.6

Last 5 reports on ASN: WEBAIR-INTERNET

Date UQ / IDS / BL URL IP
2022-12-06 18:42:14 +0000
0 - 0 - 1 discoversams.com/optiext/optiextension.dll?id (...) 74.206.228.78
2022-12-06 16:32:17 +0000
0 - 0 - 2 173.239.8.164/bvgsi.com/?t=16a13d8cbeec55ba3c (...) 173.239.8.164
2022-12-06 04:06:39 +0000
0 - 0 - 2 www.cumdose.com/handjob-videos.php&p=100&b=1 173.239.5.6
2022-12-05 19:51:39 +0000
0 - 0 - 5 www.ozangurer.net/ 74.206.228.78
2022-12-05 16:58:45 +0000
0 - 0 - 3 discoversams.com/optiext/optiextension.dll?id (...) 173.239.8.164

Last 5 reports on domain: applicationgrabb.com

Date UQ / IDS / BL URL IP
2022-11-12 23:10:04 +0000
1 - 0 - 1 c1.applicationgrabb.com/?step_id=1&installer_ (...) 173.239.8.164
2022-11-08 09:56:29 +0000
0 - 0 - 4 c1.applicationgrabb.com/?step_id=1&installer_ (...) 173.239.5.6
2022-11-08 04:37:13 +0000
0 - 0 - 3 c1.applicationgrabb.com/?step_id=1&installer_ (...) 74.206.228.78
2022-11-08 04:07:07 +0000
0 - 0 - 3 c1.applicationgrabb.com/?step_id=1&installer_ (...) 74.206.228.78
2022-11-06 13:29:43 +0000
0 - 0 - 3 c1.applicationgrabb.com/?step_id=1&installer_ (...) 173.239.8.164

No other reports with similar screenshot



JavaScript

Executed Scripts (70)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (154)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5C706B2718B1698995F4FEB91223779AEF4BF6DC967C31F9EF9A93873197D5F9"
Last-Modified: Sun, 18 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10727
Expires: Mon, 19 Sep 2022 22:50:42 GMT
Date: Mon, 19 Sep 2022 19:51:55 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 19 Sep 2022 19:12:48 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Yp-JBgobi-R1WoUBad90vJ6HNOIG5XlzGVTeGeXiTtZQRg-wPfX0kA==
Age: 2347


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    91dd975a7b17b2922dd23c0e49314e40
Sha1:   57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
Sha256: 09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.49
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 19 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: nG2upPa75WFxuInaS-rDkHNV0lsojQzUW_Lyc9QiLbdg3lvxb5X2Jg==
age: 55002
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /?step_id=1&installer_id=2855205737230047377&publisher_id=2606&source_id=0&page_id=0&affiliate_id=0&country_code=RU&locale=EN&browser_id=1&download_id=8335587448226971034&external_id=0&session_id=9615859151959696159&hardware_id=14515253311944759031&product_name=converted+file&amp=&amp=&amp=&amp=&amp=&filesize=2.3&product_title=ListenToYouTube.com&installer_file_name=converted+file&product_file_name=converted+file.mp3&product_download_url=http://srv51.li&igno=&ignore_downloader=1&reffer=http://www.listentoyoutube.com/ HTTP/1.1 
Host: c1.applicationgrabb.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         173.239.5.6
HTTP/1.1 200 OK
Content-Type: text/html;charset=utf-8
                                        
Server: nginx/1.20.1
Date: Mon, 19 Sep 2022 19:51:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Size:   251
Md5:    8af508c68367fa252150433d59391636
Sha1:   ef0db24a657b533ba77ab3f5cf112663b9ce4599
Sha256: b7537f7e96b8d2fbb56a69c57570f5b02e42aeb15e4a77987be33377076d5651
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Mon, 19 Sep 2022 19:51:55 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: c1.applicationgrabb.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1.applicationgrabb.com/?step_id=1&installer_id=2855205737230047377&publisher_id=2606&source_id=0&page_id=0&affiliate_id=0&country_code=RU&locale=EN&browser_id=1&download_id=8335587448226971034&external_id=0&session_id=9615859151959696159&hardware_id=14515253311944759031&product_name=converted+file&amp=&amp=&amp=&amp=&amp=&filesize=2.3&product_title=ListenToYouTube.com&installer_file_name=converted+file&product_file_name=converted+file.mp3&product_download_url=http://srv51.li&igno=&ignore_downloader=1&reffer=http://www.listentoyoutube.com/

                                         
                                         173.239.5.6
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: nginx/1.20.1
Date: Mon, 19 Sep 2022 19:51:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   114
Md5:    4dda89292ffda632595d8e4040ef07c8
Sha1:   55c26cf87340555b3c09ba932bbabfc066a8d0ea
Sha256: 2615795f2aaccceaee3a5a92bcb488c122aed8a152f042633e41657fff9f7278
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Mon, 19 Sep 2022 19:03:22 GMT
Cache-Control: max-age=3600
Expires: Mon, 19 Sep 2022 19:28:18 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: nvt6-RmaOKyK6ujDAOwpHhrDxk5pOiulBhFIbOy2DCN5jOuovyQdZg==
Age: 2914


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2674
Cache-Control: 'max-age=158059'
Date: Mon, 19 Sep 2022 19:51:56 GMT
Last-Modified: Mon, 19 Sep 2022 19:07:22 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: HJWxBiW1S6d5xFcfbIWxhw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         52.41.253.170
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: DTm2lqw/3ZrUN4sA98IxRPeWLXA=

                                        
                                            POST / HTTP/1.1 
Host: applicationgrabb.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 12
Origin: http://c1.applicationgrabb.com
Connection: keep-alive
Referer: http://c1.applicationgrabb.com/
Upgrade-Insecure-Requests: 1

                                         
                                         173.239.5.6
HTTP/1.1 200 OK
Content-Type: text/html;charset=utf-8
                                        
Server: nginx/1.20.1
Date: Mon, 19 Sep 2022 19:51:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: ipc=eyJ2ZXJzaW9uIjoxLCJzdWJJZCI6MywiZm9sZGVySWQiOjEsImZlZWRJZCI6NjQsInRzIjoxNjYzNjE3MTE3LCJoYXNoIjoiYWY0YjE2YjIifQ==;Expires=Mon, 19-Sep-2022 20:51:57 GMT;Max-Age=3600
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Size:   246
Md5:    a87e9316e932bb72a5df6170800fc422
Sha1:   4dd8d95771ba6dbf1cf54eff5e2bc6b2633bdc3a
Sha256: 262fd4b244b9a18a0eb77f3ffd0ee50eb610016e4ee6e764a364e6d3ff71a8a3

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /zcvisitor/84130245-3854-11ed-8de3-0a46f6c5025b/13946a70-a5da-11ec-9226-0a76dcc61f13?campaignid=4fb4e190-e7f9-11ec-be3c-128084d1ce51 HTTP/1.1 
Host: balor-ghn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://applicationgrabb.com/
Upgrade-Insecure-Requests: 1

                                         
                                         34.194.66.161
HTTP/1.1 200
Content-Type: text/html;charset=UTF-8
                                        
Date: Mon, 19 Sep 2022 19:51:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: wvnCNKeV


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   996
Md5:    7e718afe6e9727870e7fa9e11608fa5e
Sha1:   30a57860feaf9a16028a3634d969901c8414f301
Sha256: de579c1b4d3b12d44270625414ccaa1aec6eba06c33c683cef05c13b2243fedd
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: applicationgrabb.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://applicationgrabb.com/
Connection: keep-alive
Cookie: ipc=eyJ2ZXJzaW9uIjoxLCJzdWJJZCI6MywiZm9sZGVySWQiOjEsImZlZWRJZCI6NjQsInRzIjoxNjYzNjE3MTE3LCJoYXNoIjoiYWY0YjE2YjIifQ==

                                         
                                         173.239.5.6
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: nginx/1.20.1
Date: Mon, 19 Sep 2022 19:51:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   114
Md5:    4dda89292ffda632595d8e4040ef07c8
Sha1:   55c26cf87340555b3c09ba932bbabfc066a8d0ea
Sha256: 2615795f2aaccceaee3a5a92bcb488c122aed8a152f042633e41657fff9f7278
                                        
                                            GET /zcredirect?visitid=84130245-3854-11ed-8de3-0a46f6c5025b&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false HTTP/1.1 
Host: balor-ghn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balor-ghn.com/zcvisitor/84130245-3854-11ed-8de3-0a46f6c5025b/13946a70-a5da-11ec-9226-0a76dcc61f13?campaignid=4fb4e190-e7f9-11ec-be3c-128084d1ce51
Upgrade-Insecure-Requests: 1

                                         
                                         34.194.66.161
HTTP/1.1 200
Content-Type: text/html;charset=UTF-8
                                        
Date: Mon, 19 Sep 2022 19:51:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: MFAzHrjx


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   362
Md5:    dd4fbea87127d627705239dbd81b985e
Sha1:   e749c535e326cabaaf979887a26b7da1301cae3a
Sha256: 1c5672e8b7c05b6c5face7189806c87c4fbcf0436534a053d3faf2fc5fbafa96
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0244BBA7DA8B160A94526880934CE9023B12DFAE082218CFF0B5E59F16D140"
Last-Modified: Mon, 19 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2578
Expires: Mon, 19 Sep 2022 20:34:55 GMT
Date: Mon, 19 Sep 2022 19:51:57 GMT
Connection: keep-alive

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: balor-ghn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balor-ghn.com/zcredirect?visitid=84130245-3854-11ed-8de3-0a46f6c5025b&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false

                                         
                                         34.194.66.161
HTTP/1.1 404
Content-Type: text/html;charset=utf-8
                                        
Date: Mon, 19 Sep 2022 19:51:57 GMT
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: IKEFVACr


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Size:   653
Md5:    ba2732b1b2fa2626ffaa15f62f9e7d66
Sha1:   203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
Sha256: 879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
                                        
                                            GET /s/r6?s=623619497&s2=cramoisy-sardine&s3=uniform-daw-1dx9w462zx HTTP/1.1 
Host: clever-redirect.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balor-ghn.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         78.46.197.88
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
referrer-policy: no-referrer
x-powered-by: PHP/7.4.27
set-cookie: e8063af5120f4a860e0137ca880d74aa=0187de8a5dee990bd4cec840a4226b8652fa64b899554e4f5a2b90183db8c940a%3A2%3A%7Bi%3A0%3Bs%3A32%3A%22e8063af5120f4a860e0137ca880d74aa%22%3Bi%3A1%3Bs%3A1%3A%221%22%3B%7D; expires=Tue, 20-Sep-2022 19:51:57 GMT; Max-Age=86400; path=/; HttpOnly
content-length: 356
date: Mon, 19 Sep 2022 19:51:57 GMT
server: Apache/2.4.52 (codeit) OpenSSL/1.1.1m PHP/7.4.27
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (356), with no line terminators
Size:   356
Md5:    5711b7d5e08f7a5502791540cc2f735c
Sha1:   0581b724c4a926bffb81013c393710b7985ff4d9
Sha256: 37069e3d92b9797057f50d17c20b39bb7f802bacfc60236914583c3bc5b80a13
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8449
Expires: Mon, 19 Sep 2022 22:12:46 GMT
Date: Mon, 19 Sep 2022 19:51:57 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8449
Expires: Mon, 19 Sep 2022 22:12:46 GMT
Date: Mon, 19 Sep 2022 19:51:57 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8449
Expires: Mon, 19 Sep 2022 22:12:46 GMT
Date: Mon, 19 Sep 2022 19:51:57 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5E9A20FC16F777A8AC0E22FDE47B463DB1D551AB2257733E64B921980F15E1F8"
Last-Modified: Sun, 18 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=91
Expires: Mon, 19 Sep 2022 19:53:28 GMT
Date: Mon, 19 Sep 2022 19:51:57 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e5b5676-18df-4d43-8bbd-b85ffe4f1a94.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5866
x-amzn-requestid: 3a7db39d-cd4f-486f-954b-39fc7464706c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YrNeAE67IAMFSoQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63278f8c-66a419ac7fbd977f5f41061b;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 21:37:16 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: TdVz72qdwMdsuW1WsOq1qEZk2vmbXJlbppLTTsZ9PlrmN7GEph0dyQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 21:51:43 GMT
age: 79214
etag: "58c5d6f8ba1d3236d788ac55ff7cb2ec7863fb5c"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5866
Md5:    1105b56cf779b6df1cbd081bbd0cda50
Sha1:   58c5d6f8ba1d3236d788ac55ff7cb2ec7863fb5c
Sha256: 10c1f0433baf51e06565ff905688075aaba8fec0a8b3f9cef34168e297f94c2c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a91bc33-86f4-4bda-af70-da083ceb7c72.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10894
x-amzn-requestid: f7aad96e-af80-4db7-8bc1-d1e09a9b37e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YeJQGHhOIAMFYuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322559a-538534e91448af217c59ab3d;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 22:28:42 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: P7aZQzmAvqn2rcHJUQjHo0Dcg8dsrqseey5mNOabfq1b857M4SUMDQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 01:08:23 GMT
age: 67414
etag: "ebd83f29edd95217dfa4f4c7a94eddf34dd58b14"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10894
Md5:    d3e70b2859ca89b353682d03f6b46b93
Sha1:   ebd83f29edd95217dfa4f4c7a94eddf34dd58b14
Sha256: 43ad8f8b0a664bbec39e0410c1201498a2d2e36e5bd7d5ece8d65b15230ec50b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd460ce9f-ea5c-436e-8b02-8ec8233b9681.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5064
x-amzn-requestid: 985dbd5b-3e8a-4e22-a974-1effa6c99112
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YrOS8FyBoAMFrCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632790df-201df5494f1513b91eefe9d5;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 21:42:55 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: RWcHVQkq3COqcWuVRgOdpVDi7VFrdjpu4q-NU0D3iod1B58xF4K_Yw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 21:51:55 GMT
age: 79202
etag: "b0ad467f2837d103f8a96fb732bd34176c4c7110"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5064
Md5:    e4098577adb98eae5ba4a8b5e143df71
Sha1:   b0ad467f2837d103f8a96fb732bd34176c4c7110
Sha256: 83aa54020ffc684690dfb58d78608411de38ab02fee50808a8243c6b388e77c0
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd6067cf-6392-4f3a-8543-a3861c83d1cd.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9093
x-amzn-requestid: 29c7788f-27e9-4823-8cba-ebf4ef9ea7ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yn5tjEvsoAMFrtA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63263cbc-37b8d7930503d507592bf728;Sampled=0
x-amzn-remapped-date: Sat, 17 Sep 2022 21:31:40 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: -hhkLqfURsIBwgNHxoMM002WynFjq5WJ62bNRbXhFxH6dbmZD7zm2g==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 22:10:51 GMT
age: 78066
etag: "04063797f76518668fdd9a5d5a86c7637eac43b8"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9093
Md5:    5ae5a7fc19cf9601753b147621cb9f8c
Sha1:   04063797f76518668fdd9a5d5a86c7637eac43b8
Sha256: b1c659363aa69139a03aab9a6d76800b3568ccf5201f02e1ea864e2bff70d3a7
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c670b93-3941-4322-a938-e74eba949ad6.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11919
x-amzn-requestid: b04884f3-149d-4750-876b-8e8762f0f2a5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YbfzrHKMoAMFlfQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6321467d-5852e5ef280580b8569b548f;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 03:11:57 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vaJ_7zKaGiXZh4VtTlLZCOFpi7bz9tpKRbsvRDJ4En-E93sREYnz5w==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 05:49:41 GMT
age: 50536
etag: "786c333cf08456aea446a55c547520572e1c2df9"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11919
Md5:    f003d8b6e12692fb16dddd6827deead8
Sha1:   786c333cf08456aea446a55c547520572e1c2df9
Sha256: d79ea50cfc0f237b3de8f1826cbae1de0b1dbc632a5a06b08d9640abedded935
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb78000d2-f83e-44e6-b5dd-092b2c37f6b8.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4807
x-amzn-requestid: 9fdca623-dc65-4b51-9b40-15049a21b986
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yn5tlFNeIAMFblg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63263cbd-285bbc7b1d5cf53a0e4aee0c;Sampled=0
x-amzn-remapped-date: Sat, 17 Sep 2022 21:31:41 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: CY-m1MIG3c7tAi5RB6Oh_Fm_k2eLSRD7rFefVfaFlV6iYPvZfVzEvQ==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 21:48:04 GMT
age: 79433
etag: "915155faf27fad10373d5e282621af5c2eba0c17"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4807
Md5:    a533c29caf29ac5348a4443278d5c52c
Sha1:   915155faf27fad10373d5e282621af5c2eba0c17
Sha256: eaa82b2d158d5f8c8a91a13cbce276aa8e2a9adabaa5a7d81e1155e3334ca27d
                                        
                                            GET /s/a?t=10&f=1&u=f4bdb01fc36e3f720c2a963a770625c6&m=dressmykid.no&s1=623619497&s2=cramoisy-sardine&s3=uniform-daw-1dx9w462zx&s5=cf HTTP/1.1 
Host: lookandfind.me
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         157.90.169.168
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
referrer-policy: strict-origin-when-cross-origin
x-powered-by: PHP/7.4.30
set-cookie: 0a8e48e2f8f6472ae39b2530bfb3cc5f=d81cd82c167af7bd506f432795458c61621462ca5c23a7c4ef6dc302112b881da%3A2%3A%7Bi%3A0%3Bs%3A32%3A%220a8e48e2f8f6472ae39b2530bfb3cc5f%22%3Bi%3A1%3Bs%3A1%3A%221%22%3B%7D; expires=Tue, 20-Sep-2022 19:51:57 GMT; Max-Age=86399; path=/; HttpOnly
content-length: 616
date: Mon, 19 Sep 2022 19:51:57 GMT
server: Apache/2.4.54 (codeit) OpenSSL/1.1.1q+quic PHP/7.4.30
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document, ASCII text, with very long lines (616), with no line terminators
Size:   616
Md5:    870db3e2f304adf2b328721ee146787e
Sha1:   b14c24dea463e63495cdc43175d652591d7a4b33
Sha256: e0c274c586a134a5b05c50750b4ba1b58f959c12351b68f2d3ae40f54a8e58cc
                                        
                                            GET /s/r?u=https%3A%2F%2Fapi.yadore.com%2Fv2%2Fr%2Fdeeplink%3Fe%3DckMvelhTczdSS040T0JIaEQrSHcvdFFNSXNZTFNqbERqaHRaNzU1RE9PWXg0VE95NUtXVVNSOGtOKzF4ZVZBMnhBcDRDZzluVlZLa2lRRHhhUXNIWWhtRVdhQ3E4bm10YkEzT1MwbUJjSjc5S3hlQkdVWCthZTVXWlpsMGg5Q2YrK2RTTTdyNk1QanRIV29Gb3J5cExVVTZ0dkxOZ2V2RU1pMTF1QzhSZ0E3TUNuND0%3D%26i%3DPamgcPPHfvAAhp4N%26placementId%3D385da78dcf38d4eab8cb82bb71d4f053&h=e88c62cf9f9e4cbe45c97d8bd20d5f80 HTTP/1.1 
Host: lookandfind.me
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: 0a8e48e2f8f6472ae39b2530bfb3cc5f=d81cd82c167af7bd506f432795458c61621462ca5c23a7c4ef6dc302112b881da%3A2%3A%7Bi%3A0%3Bs%3A32%3A%220a8e48e2f8f6472ae39b2530bfb3cc5f%22%3Bi%3A1%3Bs%3A1%3A%221%22%3B%7D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         157.90.169.168
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
referrer-policy: strict-origin-when-cross-origin
x-powered-by: PHP/7.4.30
content-length: 544
date: Mon, 19 Sep 2022 19:51:58 GMT
server: Apache/2.4.54 (codeit) OpenSSL/1.1.1q+quic PHP/7.4.30
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (544), with no line terminators
Size:   544
Md5:    68828384dceaaba2f7490b4b7b496c54
Sha1:   eaab15559fc017d2cb7920086fd8409c8c4630e2
Sha256: 1a60be3be4fd5bd9b3798a6a698dfbe079bd46e5bed6f561a217d4671ac860c9
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "285E3C7E02599D3B578BA1BD004EB1E851118F27C418A066814741C12B6BF7A2"
Last-Modified: Sun, 18 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6236
Expires: Mon, 19 Sep 2022 21:35:54 GMT
Date: Mon, 19 Sep 2022 19:51:58 GMT
Connection: keep-alive

                                        
                                            GET /v2/r/deeplink?e=ckMvelhTczdSS040T0JIaEQrSHcvdFFNSXNZTFNqbERqaHRaNzU1RE9PWXg0VE95NUtXVVNSOGtOKzF4ZVZBMnhBcDRDZzluVlZLa2lRRHhhUXNIWWhtRVdhQ3E4bm10YkEzT1MwbUJjSjc5S3hlQkdVWCthZTVXWlpsMGg5Q2YrK2RTTTdyNk1QanRIV29Gb3J5cExVVTZ0dkxOZ2V2RU1pMTF1QzhSZ0E3TUNuND0=&i=PamgcPPHfvAAhp4N&placementId=385da78dcf38d4eab8cb82bb71d4f053 HTTP/1.1 
Host: api.yadore.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lookandfind.me/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         88.99.112.6
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
date: Mon, 19 Sep 2022 19:51:58 GMT
location: https://api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&id=e4ef5dec-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https%3A%2F%2Fdressmykid.no%2F&custom1=f5bfa0f9fd3eb49352026011291fc46ca27dd63d96bc0da44835e3b39756cc4b&custom2=SRdytlITOR16&custom3=false
server: nginx
x-powered-by: PHP/8.0.20
content-length: 0
X-Firefox-Spdy: h2

                                        
                                            GET /publisher/shopping/v2/link-monetizer/link?country=no&id=e4ef5dec-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https%3A%2F%2Fdressmykid.no%2F&custom1=f5bfa0f9fd3eb49352026011291fc46ca27dd63d96bc0da44835e3b39756cc4b&custom2=SRdytlITOR16&custom3=false HTTP/1.1 
Host: api.kelkoogroup.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lookandfind.me/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.95
HTTP/2 302 Found
                                        
content-length: 0
location: https://no-go.kelkoogroup.net/ctl/go/merchantGo?.ts=1663617119322&.sig=WkJkmY3iWUGgW0U_z_r7lFTMupo-&affiliationId=96965886&comId=16238513&country=no&cpcId=461373&merchantName=DressMyKid.no&searchId=1076100361024_1663617118585_1783979&service=30&url=https%3A%2F%2Fdressmykid.no%2F&custom2=SRdytlITOR16&custom3=false&custom1=f5bfa0f9fd3eb49352026011291fc46ca27dd63d96bc0da44835e3b39756cc4b
x-gravitee-transaction-id: 94eda328-d9b9-4fe4-ada3-28d9b90fe436
x-gravitee-request-id: 94eda328-d9b9-4fe4-ada3-28d9b90fe436
vary: Origin
request-time: 740
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-frame-options: DENY
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
date: Mon, 19 Sep 2022 19:51:59 GMT
x-cache: Miss from cloudfront
via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: cqzPWberdsoY0u01XIJy5J7Vwi16jCqTOs5RVL4vh2UgpyblLHlXaw==
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: status.thawte.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4334
Cache-Control: 'max-age=158059'
Date: Mon, 19 Sep 2022 19:51:59 GMT
Last-Modified: Mon, 19 Sep 2022 18:39:46 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /ctl/go/merchantGo?.ts=1663617119322&.sig=WkJkmY3iWUGgW0U_z_r7lFTMupo-&affiliationId=96965886&comId=16238513&country=no&cpcId=461373&merchantName=DressMyKid.no&searchId=1076100361024_1663617118585_1783979&service=30&url=https%3A%2F%2Fdressmykid.no%2F&custom2=SRdytlITOR16&custom3=false&custom1=f5bfa0f9fd3eb49352026011291fc46ca27dd63d96bc0da44835e3b39756cc4b HTTP/1.1 
Host: no-go.kelkoogroup.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lookandfind.me/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         95.211.116.27
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Mon, 19 Sep 2022 19:51:59 GMT
leadId: dc1-kls-prod-ls-01.prod.dc1.kelkoo.net_1663617119493_217267
clickId: 107698149_1663617119491_490655
country: no
Accept-CH: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
X-DataDome: protected
Request-Time: PT0.01297S
X-Robots-Tag: noindex,nofollow
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: ALLOWALL
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Content-Length: 31438
Set-Cookie: datadome=rT6Ibjh1Xg3uddNlDh~7EJ~V3w9OGbayLjM-ZChQMcYYm0Ocg0Z.bVfMT3aETnaAhbwB6xUdElbhACv7v5ui.Ccjd1OW2PF_0VhB.oZhi9FoDl.rySepzJPWnDx65WT; Max-Age=31536000; Expires=Tue, 19 Sep 2023 19:51:59 GMT; SameSite=Lax; Path=/; Domain=.kelkoogroup.net; Secure kelkooID=a4c6295-183574eb503-2140e; Max-Age=31536000; Expires=Tue, 19 Sep 2023 19:51:59 GMT; SameSite=None; Path=/; Domain=kelkoogroup.net; Secure; HTTPOnly
P3P: CP="Anything"
ApacheTracking: localhost
Keep-Alive: timeout=40, max=82
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (12978)
Size:   31438
Md5:    6091b4a306e11096399270c0f676d2b7
Sha1:   00072cf595716cd5f5d4eca053f0b7fbee9acd98
Sha256: fbc079fa014366ded5f14220e49d438fbf31a273d260471d501b6ac5aad4a898
                                        
                                            GET /assets/images/p.png?country=no&k=612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef2462604217b87f2c7c7f987a4a92228878dd99620335e1095c741d539784fd5ed86e1a3970a663761faab7eaec9c108795e5eb29929d830b0877a18b5e8c4bfe7aec6a58150e8b4d3b737849e24ffc90d6c53819cafde3445f1959fc6da61a1351491482c1915eea7ba3d034c03e1264d2a143c6b73ac6c1acce561d07b9320b2ff1b00905dfb421b60226bd052f6ac6463847e304048aae5d436361a91f89a4a6ff9ed69967c44c492b3fc81fb893e1d73e4a1cdb68a0458662029d15454d0f72c5612a9d1f8db99451b43b3cd5b425d12a4bfc314a1a25f40292287addc8146a603d80bf78ccf832bd2c531cb6225b6ff6dc3e1e197d11a7eecb245e224f3dded4bdd3896e685434c6ee4dda0c6f41e29e67800&leadId=dc1-kls-prod-ls-01.prod.dc1.kelkoo.net_1663617119493_217267&clickId=107698149_1663617119491_490655 HTTP/1.1 
Host: no-go.kelkoogroup.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no-go.kelkoogroup.net/ctl/go/merchantGo?.ts=1663617119322&.sig=WkJkmY3iWUGgW0U_z_r7lFTMupo-&affiliationId=96965886&comId=16238513&country=no&cpcId=461373&merchantName=DressMyKid.no&searchId=1076100361024_1663617118585_1783979&service=30&url=https%3A%2F%2Fdressmykid.no%2F&custom2=SRdytlITOR16&custom3=false&custom1=f5bfa0f9fd3eb49352026011291fc46ca27dd63d96bc0da44835e3b39756cc4b
Connection: keep-alive
Cookie: datadome=rT6Ibjh1Xg3uddNlDh~7EJ~V3w9OGbayLjM-ZChQMcYYm0Ocg0Z.bVfMT3aETnaAhbwB6xUdElbhACv7v5ui.Ccjd1OW2PF_0VhB.oZhi9FoDl.rySepzJPWnDx65WT; kelkooID=a4c6295-183574eb503-2140e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         95.211.116.27
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Mon, 19 Sep 2022 19:51:59 GMT
Request-Time: PT0.001596S
X-Robots-Tag: noindex,nofollow
Cache-Control: private, must-revalidate
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: ALLOWALL
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Content-Length: 68
P3P: CP="Anything"
ApacheTracking: localhost
Keep-Alive: timeout=40, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Size:   68
Md5:    91e42db1c66c0b276abf6234dc50b2eb
Sha1:   c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
Sha256: 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
                                        
                                            POST /fp?country=no&k=612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef2462604217b87f2c7c7f987a4a92228878dd99620335e1095c741d539784fd5ed86e1a3970a663761faab7eaec9c108795e5eb29929d830b0877a18b5e8c4bfe7aec6a58150e8b4d3b737849e24ffc90d6c53819cafde3445f1959fc6da61a1351491482c1915eea7ba3d034c03e1264d2a143c6b73ac6c1acce561d07b9320b2ff1b00905dfb421b60226bd052f6ac6463847e304048aae5d436361a91f89a4a6ff9ed69967c44c492b3fc81fb893e1d73e4a1cdb68a0458662029d15454d0f72c5612a9d1f8db99451b43b3cd5b425d12a4bfc314a1a25f40292287addc8146a603d80bf78ccf832bd2c531cb6225b6ff6dc3e1e197d11a7eecb245e224f3dded4bdd3896e685434c6ee4dda0c6f41e29e67800&leadId=dc1-kls-prod-ls-01.prod.dc1.kelkoo.net_1663617119493_217267&clickId=107698149_1663617119491_490655 HTTP/1.1 
Host: no-go.kelkoogroup.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no-go.kelkoogroup.net/ctl/go/merchantGo?.ts=1663617119322&.sig=WkJkmY3iWUGgW0U_z_r7lFTMupo-&affiliationId=96965886&comId=16238513&country=no&cpcId=461373&merchantName=DressMyKid.no&searchId=1076100361024_1663617118585_1783979&service=30&url=https%3A%2F%2Fdressmykid.no%2F&custom2=SRdytlITOR16&custom3=false&custom1=f5bfa0f9fd3eb49352026011291fc46ca27dd63d96bc0da44835e3b39756cc4b
Content-Type: text/plain;charset=utf-8
Content-Length: 520
Origin: https://no-go.kelkoogroup.net
Connection: keep-alive
Cookie: datadome=rT6Ibjh1Xg3uddNlDh~7EJ~V3w9OGbayLjM-ZChQMcYYm0Ocg0Z.bVfMT3aETnaAhbwB6xUdElbhACv7v5ui.Ccjd1OW2PF_0VhB.oZhi9FoDl.rySepzJPWnDx65WT; kelkooID=a4c6295-183574eb503-2140e; _ga=GA1.2.1884155965.1663617099; _gid=GA1.2.1849823945.1663617099
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         95.211.116.27
HTTP/1.1 200 OK
Content-Type: text/plain; charset=UTF-8
                                        
Date: Mon, 19 Sep 2022 19:51:59 GMT
Request-Time: PT0.002637S
X-Robots-Tag: noindex,nofollow
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: ALLOWALL
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Content-Length: 0
P3P: CP="Anything"
ApacheTracking: localhost
Keep-Alive: timeout=40, max=75
Connection: Keep-Alive

                                        
                                            GET /tags.js HTTP/1.1 
Host: dd.kelkoogroup.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no-go.kelkoogroup.net/
Connection: keep-alive
Cookie: datadome=rT6Ibjh1Xg3uddNlDh~7EJ~V3w9OGbayLjM-ZChQMcYYm0Ocg0Z.bVfMT3aETnaAhbwB6xUdElbhACv7v5ui.Ccjd1OW2PF_0VhB.oZhi9FoDl.rySepzJPWnDx65WT; kelkooID=a4c6295-183574eb503-2140e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

                                         
                                         54.230.111.104
HTTP/2 200 OK
content-type: text/javascript
                                        
content-length: 42506
server: Apache
strict-transport-security: max-age=63072000; includeSubDomains; preload
last-modified: Thu, 08 Sep 2022 07:49:28 GMT
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
via: 1.1 109c7a7f1cf897851e09b16d3030a948.cloudfront.net (CloudFront), 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
date: Mon, 19 Sep 2022 19:50:00 GMT
cache-control: max-age=3600, public
expires: Mon, 19 Sep 2022 20:49:58 GMT
etag: "32ef7-5e825ab48f67d-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA60-P2, OSL50-P1
x-amz-cf-id: vgGFUHs3cqmHXWukFsVlWghrBmocn2OBJirCdGOknuPWI4ub6DNLIw==
age: 121
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65432)
Size:   42506
Md5:    7150acd408b7e8d6c917ecfcfbe47050
Sha1:   cb61fa84f12b95b9be19e8fb351231e393d72dfa
Sha256: f2e8c6d5e71cff0727daf02501140f20ed2980b52a4b9f7db037efbd674a0854
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: no-go.kelkoogroup.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no-go.kelkoogroup.net/ctl/go/merchantGo?.ts=1663617119322&.sig=WkJkmY3iWUGgW0U_z_r7lFTMupo-&affiliationId=96965886&comId=16238513&country=no&cpcId=461373&merchantName=DressMyKid.no&searchId=1076100361024_1663617118585_1783979&service=30&url=https%3A%2F%2Fdressmykid.no%2F&custom2=SRdytlITOR16&custom3=false&custom1=f5bfa0f9fd3eb49352026011291fc46ca27dd63d96bc0da44835e3b39756cc4b
Connection: keep-alive
Cookie: datadome=rT6Ibjh1Xg3uddNlDh~7EJ~V3w9OGbayLjM-ZChQMcYYm0Ocg0Z.bVfMT3aETnaAhbwB6xUdElbhACv7v5ui.Ccjd1OW2PF_0VhB.oZhi9FoDl.rySepzJPWnDx65WT; kelkooID=a4c6295-183574eb503-2140e; _ga=GA1.2.1884155965.1663617099; _gid=GA1.2.1849823945.1663617099
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         95.211.116.27
HTTP/1.0 403 Forbidden
                                        
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

                                        
                                            GET /redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef2462604217b87f2c7c7f987a4a92228878dd99620335e1095c741d539784fd5ed86e1a3970a663761faab7eaec9c108795e5eb29929d830b0877a18b5e8c4bfe7aec6a58150e8b4d3b737849e24ffc90d6c53819cafde3445f1959fc6da61a1351491482c1915eea7ba3d034c03e1264d2a143c6b73ac6c1acce561d07b9320b2ff1b00905dfb421b60226bd052f6ac6463847e304048aae5d436361a91f89a4a6ff9ed69967c44c492b3fc81fb893e1d73e4a1cdb68a0458662029d15454d0f72c5612a9d1f8db99451b43b3cd5b425d12a4bfc314a1a25f40292287addc8146a603d80bf78ccf832bd2c531cb6225b6ff6dc3e1e197d11a7eecb245e224f3dded4bdd3896e685434c6ee4dda0c6f41e29e67800&leadId=dc1-kls-prod-ls-01.prod.dc1.kelkoo.net_1663617119493_217267&clickId=107698149_1663617119491_490655&url=https%3A%2F%2Fdressmykid.no%2F%3Fkk%3Da4c6295-183574eb503-2140e%26utm_campaign%3Dkelkooclick%26utm_medium%3Dcpc%26utm_source%3Dkelkoono HTTP/1.1 
Host: no-go.kelkoogroup.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no-go.kelkoogroup.net/ctl/go/merchantGo?.ts=1663617119322&.sig=WkJkmY3iWUGgW0U_z_r7lFTMupo-&affiliationId=96965886&comId=16238513&country=no&cpcId=461373&merchantName=DressMyKid.no&searchId=1076100361024_1663617118585_1783979&service=30&url=https%3A%2F%2Fdressmykid.no%2F&custom2=SRdytlITOR16&custom3=false&custom1=f5bfa0f9fd3eb49352026011291fc46ca27dd63d96bc0da44835e3b39756cc4b
Connection: keep-alive
Cookie: datadome=rT6Ibjh1Xg3uddNlDh~7EJ~V3w9OGbayLjM-ZChQMcYYm0Ocg0Z.bVfMT3aETnaAhbwB6xUdElbhACv7v5ui.Ccjd1OW2PF_0VhB.oZhi9FoDl.rySepzJPWnDx65WT; kelkooID=a4c6295-183574eb503-2140e; _ga=GA1.2.1884155965.1663617099; _gid=GA1.2.1849823945.1663617099
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

                                         
                                         95.211.116.27
HTTP/1.1 303 See Other
Content-Type: text/plain
                                        
Date: Mon, 19 Sep 2022 19:51:59 GMT
leadId: dc1-kls-prod-ls-01.prod.dc1.kelkoo.net_1663617119493_217267
clickId: 107698149_1663617119491_490655
country: no
Location: https://dressmykid.no/?kk=a4c6295-183574eb503-2140e&utm_campaign=kelkooclick&utm_medium=cpc&utm_source=kelkoono
Accept-CH: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
X-DataDome: protected
Request-Time: PT0.011963S
X-Robots-Tag: noindex,nofollow
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: ALLOWALL
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Content-Length: 0
Set-Cookie: datadome=tikX6khWkiyezK22t6myqsIRh.tHPELnQ5s9UyRihlYv6Rgft4Yx.C2.RZr2roh4XLoxpcS0DoN83sIcg63nYH_hIeZ~yQKm7vtxzxT.~ztdEXO_5F4HmZtiSN~9KWy; Max-Age=31536000; Expires=Tue, 19 Sep 2023 19:51:59 GMT; SameSite=Lax; Path=/; Domain=.kelkoogroup.net; Secure
P3P: CP="Anything"
ApacheTracking: localhost
Keep-Alive: timeout=40, max=98
Connection: Keep-Alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 19 Sep 2022 19:51:59 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 16 Sep 2022 08:56:58 GMT
Expires: Fri, 23 Sep 2022 08:56:57 GMT
Etag: "911fef79fa2a83cddbe3e77212331c2fe371ed0b"
Cache-Control: max-age=603132,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 490
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74d4dbf6fb1c0b49-OSL

                                        
                                            POST /js/ HTTP/1.1 
Host: api-js.datadome.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 4157
Origin: https://no-go.kelkoogroup.net
Connection: keep-alive
Referer: https://no-go.kelkoogroup.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         13.51.3.189
HTTP/2 200 OK
content-type: application/json;charset=utf-8
                                        
date: Mon, 19 Sep 2022 19:51:59 GMT
content-length: 236
server: DataDome
access-control-allow-origin: *
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   236
Md5:    ed83b29abc4fee42f195e6530003cfb7
Sha1:   d77ab254a8327a56fec2247edde008c352919d50
Sha256: 58ef45cc1732ad3d5977d0cfbb2dffae416a8310b3bc71aa6b9865698712516d
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "3C3ABF3F6A42511A5DFBF3DFE1EC880634764C0ABB77269114D8835C2D82B97C"
Last-Modified: Sun, 18 Sep 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21501
Expires: Tue, 20 Sep 2022 01:50:21 GMT
Date: Mon, 19 Sep 2022 19:52:00 GMT
Connection: keep-alive

                                        
                                            GET /?kk=a4c6295-183574eb503-2140e&utm_campaign=kelkooclick&utm_medium=cpc&utm_source=kelkoono HTTP/1.1 
Host: dressmykid.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no-go.kelkoogroup.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         46.30.215.191
HTTP/2 302 Found
content-type: text/html; charset=utf-8
                                        
cache-control: max-age:600, public
content-length: 257
expires: Mon, 19 Sep 2022 20:02:00 GMT
last-modified: Mon, 19 Sep 2022 19:52:00 GMT
location: http://www.dressmykid.no/?kk=a4c6295-183574eb503-2140e&utm_campaign=kelkooclick&utm_medium=cpc&utm_source=kelkoono
date: Mon, 19 Sep 2022 19:52:00 GMT
x-varnish: 86348368
age: 0
via: 1.1 webcache2 (Varnish/trunk)
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   257
Md5:    1ef357663b7ec010bf9d88f8936c2686
Sha1:   01261d6d01d8b93be28debb426be29853e151162
Sha256: 7c7e84baa3114f87f416d3da11be20c7603c9523b20249b6e53deea7b3600eda
                                        
                                            GET /?kk=a4c6295-183574eb503-2140e&utm_campaign=kelkooclick&utm_medium=cpc&utm_source=kelkoono HTTP/1.1 
Host: www.dressmykid.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         52.17.124.116
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Mon, 19 Sep 2022 19:52:00 GMT
Content-Length: 162
Connection: keep-alive
Location: https://www.dressmykid.no/?kk=a4c6295-183574eb503-2140e&utm_campaign=kelkooclick&utm_medium=cpc&utm_source=kelkoono


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 19 Sep 2022 19:52:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /collect?v=1&_v=j96&t=pageview&_s=1&dl=https%3A%2F%2Fno-go.kelkoogroup.net%2Fctl%2Fgo%2FmerchantGo%3F.ts%3D1663617119322%26.sig%3DWkJkmY3iWUGgW0U_z_r7lFTMupo-%26affiliationId%3D96965886%26comId%3D16238513%26country%3Dno%26cpcId%3D461373%26merchantName%3DDressMyKid.no%26searchId%3D1076100361024_1663617118585_1783979%26service%3D30%26url%3Dhttps%253A%252F%252Fdressmykid.no%252F%26custom2%3DSRdytlITOR16%26custom3%3Dfalse%26custom1%3Df5bfa0f9fd3eb49352026011291fc46ca27dd63d96bc0da44835e3b39756cc4b&dr=https%3A%2F%2Flookandfind.me%2F&dp=%2F96965886%7C16238513%7C&ul=en-us&de=UTF-8&dt=Du%20sendes%20videre%20til%20DressMyKid.no&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=QACAAAABAAAAAC~&cid=1884155965.1663617099&tid=UA-168544891-6&_gid=1849823945.1663617099&_r=1&cd1=96965886&cd2=dc1-kls-prod-ls-01.prod.dc1.kelkoo.net_1663617119493_217267&cd3=16238513&cd4=a4c6295-183574eb503-2140e&cd5=&cd6=96965886%7C16238513%7C&z=1602471527 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://no-go.kelkoogroup.net
Connection: keep-alive
Referer: https://no-go.kelkoogroup.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: image/gif
                                        
access-control-allow-origin: https://no-go.kelkoogroup.net
date: Mon, 19 Sep 2022 19:52:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
x-content-type-options: nosniff
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 19 Sep 2022 19:52:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /js/modules/consent.js HTTP/1.1 
Host: www.dressmykid.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/?kk=a4c6295-183574eb503-2140e&utm_campaign=kelkooclick&utm_medium=cpc&utm_source=kelkoono
Cookie: digistore_custid=dcj5lce16747saur8c19e5cp34
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         52.17.124.116
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Mon, 19 Sep 2022 19:52:01 GMT
content-length: 118
last-modified: Mon, 19 Sep 2022 08:40:27 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 19 Oct 2022 19:52:01 GMT
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   118
Md5:    171b8d59519749a8516bbcba8848ecfe
Sha1:   b8579c351da813cfcc7a1d62361da1ec84c7accb
Sha256: d7d034adaa578b9a749cc7b61eca30c1b64f20a8fdeb11c6d176bed640229538
                                        
                                            GET /users/themeamerica_mystore_no/templates/america/local/local_jquery.js?version=1662367267&v2&host=dressmykidno_mystore_no HTTP/1.1 
Host: www.dressmykid.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/?kk=a4c6295-183574eb503-2140e&utm_campaign=kelkooclick&utm_medium=cpc&utm_source=kelkoono
Cookie: digistore_custid=dcj5lce16747saur8c19e5cp34
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         52.17.124.116
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Mon, 19 Sep 2022 19:52:01 GMT
content-length: 30196
last-modified: Tue, 27 Oct 2020 12:15:30 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 19 Oct 2022 19:52:01 GMT
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32058), with CRLF line terminators
Size:   30196
Md5:    fa4c766f3f87efacfd97f602b1cdb5ba
Sha1:   d9fe6809b6633b1382732dbfa33cb6f32a512525
Sha256: 5661fb7492c8431443dcbec3c3e61d532186f9ebc87b07287edaee48571a9ba9
                                        
                                            GET /css/modules/consent.css HTTP/1.1 
Host: www.dressmykid.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/?kk=a4c6295-183574eb503-2140e&utm_campaign=kelkooclick&utm_medium=cpc&utm_source=kelkoono
Cookie: digistore_custid=dcj5lce16747saur8c19e5cp34
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         52.17.124.116
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Mon, 19 Sep 2022 19:52:01 GMT
content-length: 2670
last-modified: Mon, 19 Sep 2022 08:40:26 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 19 Oct 2022 19:52:01 GMT
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ISO-8859 text
Size:   2670
Md5:    69a4a27623a803708cc608444a94fc03
Sha1:   ed098e532cd26ef60bee4879f771b6b29675a6a3
Sha256: 8118ec59500378053b26ff124f7813c063f8da267ea6a1f8427af963a020216d
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 19 Sep 2022 19:52:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /leadtag.js HTTP/1.1 
Host: s.kk-resources.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.7
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
                                        
Content-Length: 2595
Connection: keep-alive
X-Gravitee-Transaction-Id: 3b4219e0-c412-420c-8219-e0c412320c20
X-Gravitee-Request-Id: 3b4219e0-c412-420c-8219-e0c412320c20
ETag: "05e089e0c08fd98ee6b4f6497ec87752b123fc2f"
Request-Time: 5
Accept-Ranges: bytes
Cache-Control: public, max-age=3600
Last-Modified: Tue, 12 Jul 2022 13:51:05 GMT
Content-Encoding: gzip
Date: Mon, 19 Sep 2022 19:32:12 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ZTkM4S-b8rZvpwG_aF8taEze4wBLmNBtrWwaZhDIsmeemsLyrMGmPA==
Age: 1189


--- Additional Info ---
Magic:  C source, ASCII text, with very long lines (6910)
Size:   2595
Md5:    b9c7aa9898d0e7b5d8dfa27c81eda1ac
Sha1:   3e22a4f4ac1fd469128de60e1a80433513242071
Sha256: 980531f0a81016e3a7a4c3fa56f75e7b791f1f4c09296992221bd766b91a53a0
                                        
                                            GET /users/themeamerica_mystore_no/templates/america/local/local_css.css?version=a1662367267&host=dressmykidno_mystore_no HTTP/1.1 
Host: www.dressmykid.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/?kk=a4c6295-183574eb503-2140e&utm_campaign=kelkooclick&utm_medium=cpc&utm_source=kelkoono
Cookie: digistore_custid=dcj5lce16747saur8c19e5cp34
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         52.17.124.116
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Mon, 19 Sep 2022 19:52:01 GMT
content-length: 41460
last-modified: Tue, 18 Jan 2022 06:51:33 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 19 Oct 2022 19:52:01 GMT
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   41460
Md5:    59787ac5f7ebcc68e8639a09baee82f2
Sha1:   57e142385b3927b031f2b1b4bf61a7d28d2f0ade
Sha256: a7cd7d0459efa2b6b59bd0612a97a2463976b883ad1936a13bff4a742ee6cabb
                                        
                                            GET /users/dressmykidno_mystore_no/templates/custom_javascript.js?v=1663617120 HTTP/1.1 
Host: www.dressmykid.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/?kk=a4c6295-183574eb503-2140e&utm_campaign=kelkooclick&utm_medium=cpc&utm_source=kelkoono
Cookie: digistore_custid=dcj5lce16747saur8c19e5cp34
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         52.17.124.116
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Mon, 19 Sep 2022 19:52:01 GMT
content-length: 4116
last-modified: Mon, 11 Apr 2022 18:15:39 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 19 Oct 2022 19:52:01 GMT
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ISO-8859 text, with very long lines (933), with CRLF line terminators
Size:   4116
Md5:    3f79401b9c195cf12e5d0c27aa755215
Sha1:   e1935712aa2dc8d6f15c64d4c991c63e6ba20bb0
Sha256: 110dbc8013b55879d9fc2593b7160b118fb75fd831c7fc38a32a2ba1173b71a5
                                        
                                            GET /users/dressmykidno_mystore_no/logo/Header07.08.183.jpg HTTP/1.1 
Host: www.dressmykid.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/?kk=a4c6295-183574eb503-2140e&utm_campaign=kelkooclick&utm_medium=cpc&utm_source=kelkoono
Cookie: digistore_custid=dcj5lce16747saur8c19e5cp34
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         52.17.124.116
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Mon, 19 Sep 2022 19:52:01 GMT
content-length: 9902
last-modified: Sun, 08 Jul 2018 12:45:23 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 19 Oct 2022 19:52:01 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 95", baseline, precision 8, 256x100, components 3\012- data
Size:   9902
Md5:    1d4c3ab712b3c636587ca85ce419259f
Sha1:   125fbd45da501d496c229e22b2e5833cbba2ba5b
Sha256: 65f8dc1da0aa52d6c01068c3d66aa2cf0baeb1da6caee4105fb0a2027504a6c9
                                        
                                            GET /?kk=a4c6295-183574eb503-2140e&utm_campaign=kelkooclick&utm_medium=cpc&utm_source=kelkoono HTTP/1.1 
Host: www.dressmykid.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         52.17.124.116
HTTP/2 200 OK
content-type: text/html; charset=iso-8859-1
                                        
server: nginx
date: Mon, 19 Sep 2022 19:52:01 GMT
x-frame-options: SAMEORIGIN
set-cookie: digistore_custid=dcj5lce16747saur8c19e5cp34; path=/; secure; SameSite=None
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   66745
Md5:    0c30f4cf5b6f068505ddc98a46adf9f6
Sha1:   27c97165e1251ee0220a51d9e06c48204d1105d8
Sha256: e6541418678a2a72d89ab0acb95aa58e1d047da452147cb2855264ca1c544b96
                                        
                                            GET /mysimgprod/dressmykidno_mystore_no/images/aK79X_Kivat_Kivat_knutepanneb_nd_til_barn__st_vros_1.webp/w600h600.webp HTTP/1.1 
Host: dressmykidno-i04.mycdn.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.13
HTTP/2 200 OK
content-type: image/webp
                                        
content-length: 24790
last-modified: Mon, 11 Apr 2022 13:38:16 GMT
server: AmazonS3
date: Mon, 19 Sep 2022 09:30:13 GMT
etag: "ec105949563cadc5284028a57fcb3603"
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 9Z5bRdvdHBqnKJqWixeJmdXZP3dcsYqQQ5y96y6ARK6ADk23TuVKGg==
age: 37309
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 600x600, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   24790
Md5:    ec105949563cadc5284028a57fcb3603
Sha1:   1ec55d5cd506ad124d9f9a145045a50726f2c745
Sha256: f162a54450d15ed6dc9bb29f7557fdba4bdcfc2c52d687450833b67e2a7f1162
                                        
                                            GET /mysimgprod/dressmykidno_mystore_no/images/upload_16620380606310b02c8aaaa.webp/w600h600.webp HTTP/1.1 
Host: dressmykidno-i04.mycdn.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.13
HTTP/2 200 OK
content-type: image/webp
                                        
content-length: 24058
last-modified: Thu, 01 Sep 2022 13:14:23 GMT
server: AmazonS3
date: Mon, 19 Sep 2022 10:34:48 GMT
etag: "d62e39472bbf26444990c14d96a4bdd2"
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Tjyw3c1v42KNVoOKUWlM71AWihb2fQx3MRI0_5kmGWSo6UNTCwKyUA==
age: 33434
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 600x600, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   24058
Md5:    d62e39472bbf26444990c14d96a4bdd2
Sha1:   6a9ecd9bf39f2f64a0bb1db1b700ad8cfaf7bfe9
Sha256: c0a09def264a41ee4d80873b8e8c21e175b7cc6dfe7bd5fbab28f4217a0d2a97
                                        
                                            GET /users/themeamerica_mystore_no/Image/loading.gif HTTP/1.1 
Host: www.dressmykid.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/?kk=a4c6295-183574eb503-2140e&utm_campaign=kelkooclick&utm_medium=cpc&utm_source=kelkoono
Cookie: digistore_custid=dcj5lce16747saur8c19e5cp34
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         52.17.124.116
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Mon, 19 Sep 2022 19:52:01 GMT
content-length: 925
last-modified: Fri, 30 Oct 2020 08:17:40 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 19 Oct 2022 19:52:01 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Size:   925
Md5:    1ff7f4e281e119b09fd668c1470b4c5e
Sha1:   127755a00c8d748c7f3433fd3d3478d5d2360648
Sha256: 166dd79bd94954ba9df9b96f459f9921726925cf382ce1434736030bacc309db
                                        
                                            GET /mysimgprod/dressmykidno_mystore_no/images/98164_Fila_Fila_Radia_Trackpants_til_dame__keepsak_1.webp/w600h600.webp HTTP/1.1 
Host: dressmykidno-i04.mycdn.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.13
HTTP/2 200 OK
content-type: image/webp
                                        
content-length: 5010
date: Mon, 19 Sep 2022 12:05:02 GMT
last-modified: Mon, 11 Apr 2022 15:48:58 GMT
etag: "5e3cf9a106669f5a8306fa21273b74ab"
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: -YV-eZY1WqKlK2HB6mXe0LpD-UllipXxPJBMKw_T0feanVe6nmL7Rg==
age: 28020
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 600x600, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   5010
Md5:    5e3cf9a106669f5a8306fa21273b74ab
Sha1:   3fb1591b0042c2f8b248cccbf869e53418c45455
Sha256: a67cfb207ca9420afc87a6fc8833be76c266ca7cb8f9bb522f36c9f5ef4d522d
                                        
                                            GET /css/instagram/owl.carousel.min.css HTTP/1.1 
Host: www.dressmykid.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/?kk=a4c6295-183574eb503-2140e&utm_campaign=kelkooclick&utm_medium=cpc&utm_source=kelkoono
Cookie: digistore_custid=dcj5lce16747saur8c19e5cp34
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         52.17.124.116
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Mon, 19 Sep 2022 19:52:01 GMT
content-length: 1069
last-modified: Mon, 19 Sep 2022 08:40:26 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 19 Oct 2022 19:52:01 GMT
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3184)
Size:   1069
Md5:    d4aee9ab003194f1613781284ff38ccf
Sha1:   8c2c8a616aebf21aca3ccf2fb28b906205570815
Sha256: ac1266d52dde4e5a3d122e2196a3230e3db7684e01420b1973b82f5065ee5551
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 19 Sep 2022 19:52:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /mysimgprod/dressmykidno_mystore_no/images/35168_Gullkorn_Design_Gullkorn_Design_Moss_bukse___1.webp/w600h600.webp HTTP/1.1 
Host: dressmykidno-i04.mycdn.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.13
HTTP/2 200 OK
content-type: image/webp
                                        
content-length: 7914
last-modified: Mon, 11 Apr 2022 13:55:01 GMT
server: AmazonS3
date: Mon, 19 Sep 2022 17:44:00 GMT
etag: "85e70839f5157df9837691a3d10db491"
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: lhPFdkTQi3J-WJEEN_Tf_N0YpJJ05odyCLSzDnpUWJPmPDImTRUl_w==
age: 7682
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 600x600, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   7914
Md5:    85e70839f5157df9837691a3d10db491
Sha1:   79a6d3c3f571509e171ace37ff2e8ccb733a7a4d
Sha256: 494b37d389455a0bc9518b5dd8937b95ff823ba5192904b2b17ae155ca007640
                                        
                                            GET /mysimgprod/dressmykidno_mystore_no/images/21450_Hummel_Hummel_Frankie_joggebukse_til_barn__C_1.webp/w600h600.webp HTTP/1.1 
Host: dressmykidno-i04.mycdn.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.13
HTTP/2 200 OK
content-type: image/webp
                                        
content-length: 8280
date: Mon, 19 Sep 2022 02:53:31 GMT
last-modified: Mon, 11 Apr 2022 13:20:50 GMT
etag: "5f4a5999959b3249633a861a06e6c0fd"
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: vyX6Me09FFlMtnuCw9e6U75G215hyPW5cLIwTTe-CkQHqy6wsvxIPw==
age: 61111
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 600x600, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   8280
Md5:    5f4a5999959b3249633a861a06e6c0fd
Sha1:   9061f077907ee396e1d8c63919d5c7af875bd02e
Sha256: 48b7d9de669a26006134a93f681c4b6899fbc7773e7e61cc85632d5e3a5b7ba3
                                        
                                            GET /js/instagram/owl.carousel.min.js HTTP/1.1 
Host: www.dressmykid.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/?kk=a4c6295-183574eb503-2140e&utm_campaign=kelkooclick&utm_medium=cpc&utm_source=kelkoono
Cookie: digistore_custid=dcj5lce16747saur8c19e5cp34
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         52.17.124.116
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Mon, 19 Sep 2022 19:52:01 GMT
content-length: 11091
last-modified: Mon, 19 Sep 2022 08:40:27 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 19 Oct 2022 19:52:01 GMT
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32035)
Size:   11091
Md5:    e011b6d01955569b6eb148c0f941b6cc
Sha1:   79b9758ce82a47359b0f9ffd03a5bd5c84f58523
Sha256: a5de155e479ae1bfb924f0b90d62a3f36ebce666e2ebece633247e3f9d9dd604
                                        
                                            GET /gtag/js?id=UA-31278684-1 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.72
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 19 Sep 2022 19:52:01 GMT
expires: Mon, 19 Sep 2022 19:52:01 GMT
cache-control: private, max-age=900
last-modified: Mon, 19 Sep 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42361
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1720)
Size:   42361
Md5:    2dfc5e0b46769208e8e47e01662cf863
Sha1:   fcbd97128cc4684056f7c8d1a5d2c89cae152aa5
Sha256: 18f8781064d6cd7870bb3e308bf684594bf0cb9049b94012d2ae39664245af3b
                                        
                                            GET /mysimgprod/dressmykidno_mystore_no/images/upload_16620380866310b0467f2ff.webp/w600h600.webp HTTP/1.1 
Host: dressmykidno-i05.mycdn.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.13
HTTP/2 200 OK
content-type: image/webp
                                        
content-length: 39228
last-modified: Thu, 01 Sep 2022 13:14:50 GMT
server: AmazonS3
date: Mon, 19 Sep 2022 04:22:34 GMT
etag: "355de45d4225d8aac4af617a4581bf4c"
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: SanGzP5C3C8O78AituJw7A3LX9ckYMnNCXIeVjTQbpWZe3sCKCVgnA==
age: 55768
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 600x600, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   39228
Md5:    355de45d4225d8aac4af617a4581bf4c
Sha1:   1da32cfb0f766d53c1e867efa0c95544b6c03c81
Sha256: 93ae423ae8d661c07563476125939c4834d2cd23d8b37a2bcc209e697912d7eb
                                        
                                            GET /users/themeamerica_mystore_no/templates/america/local/local_css_footer.css?version=a1662367267&host=dressmykidno_mystore_no HTTP/1.1 
Host: www.dressmykid.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/?kk=a4c6295-183574eb503-2140e&utm_campaign=kelkooclick&utm_medium=cpc&utm_source=kelkoono
Cookie: digistore_custid=dcj5lce16747saur8c19e5cp34
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         52.17.124.116
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Mon, 19 Sep 2022 19:52:01 GMT
content-length: 13631
last-modified: Thu, 11 Mar 2021 08:55:16 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 19 Oct 2022 19:52:01 GMT
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   13631
Md5:    6fc22fd2f79a286f970b69512272f174
Sha1:   bee19b6a2af4e686eef7a85e670c58712e190a35
Sha256: 6eec6f1313211a4cae29cfc95407646676f57d26fbb592e3b94fb705e5119c2a
                                        
                                            GET /mysimgprod/dressmykidno_mystore_no/images/mTo9W_Gant_Gant_Archive_shield_hettegenser__Dry_sa_1.webp/w600h600.webp HTTP/1.1 
Host: dressmykidno-i05.mycdn.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.13
HTTP/2 200 OK
content-type: image/webp
                                        
content-length: 13338
date: Mon, 19 Sep 2022 11:42:05 GMT
last-modified: Mon, 11 Apr 2022 13:19:04 GMT
etag: "49b438dd966c3bd4f7bcd23a1993db0a"
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: fNrraoel1G3o30N5siQfsnFUxemzWyi5iyDBjrpoofBZrsTlUJGSqg==
age: 29397
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 600x600, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   13338
Md5:    49b438dd966c3bd4f7bcd23a1993db0a
Sha1:   a3fe27d89858dfc670a6c665eedc6e75998364f8
Sha256: 2fb162c6885c5ebc329903ff87a903a984031852644e8ee03a78633bacae61f6
                                        
                                            GET /includes/languages/norwegian/images/icon.gif HTTP/1.1 
Host: www.dressmykid.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/?kk=a4c6295-183574eb503-2140e&utm_campaign=kelkooclick&utm_medium=cpc&utm_source=kelkoono
Cookie: digistore_custid=dcj5lce16747saur8c19e5cp34
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         52.17.124.116
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Mon, 19 Sep 2022 19:52:01 GMT
content-length: 878
last-modified: Mon, 19 Sep 2022 08:40:27 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 19 Oct 2022 19:52:01 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 87a, 24 x 15\012- data
Size:   878
Md5:    b76acef15318ccd859064c7393ac2732
Sha1:   71b308fd48d6cb704e7ff6c57fffa6fc193cc6d1
Sha256: 53cac29f92a900eaa9c9d687b01e9358562906b6a086aab60c60b482faf4d085
                                        
                                            GET /mysimgprod/dressmykidno_mystore_no/images/87803_Hummel_Hummel_Due_hettegenser_til_barn__Airy_1.webp/w600h600.webp HTTP/1.1 
Host: dressmykidno-i01.mycdn.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.13
HTTP/2 200 OK
content-type: image/webp
                                        
content-length: 12740
date: Sun, 18 Sep 2022 20:48:30 GMT
last-modified: Mon, 11 Apr 2022 15:27:07 GMT
etag: "49ea3101943835af1b2d8928872786fb"
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: _6VfVv9s6SNxzg3jUu9jOqkBwnALHltNR2vkTiz3tvC02ItyQFLohQ==
age: 83012
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 600x600, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   12740
Md5:    49ea3101943835af1b2d8928872786fb
Sha1:   d56744431771dd389f904dfa350d39c1a80af0af
Sha256: 5b14907f642c1280eacd1d8ac8b98ebccaf75c01c467de4e01a4cae0f2a3f5c0
                                        
                                            GET /js/customer_club.js?v=4 HTTP/1.1 
Host: www.dressmykid.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/?kk=a4c6295-183574eb503-2140e&utm_campaign=kelkooclick&utm_medium=cpc&utm_source=kelkoono
Cookie: digistore_custid=dcj5lce16747saur8c19e5cp34
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         52.17.124.116
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Mon, 19 Sep 2022 19:52:01 GMT
content-length: 2762
last-modified: Mon, 19 Sep 2022 08:40:27 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 19 Oct 2022 19:52:01 GMT
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ISO-8859 text
Size:   2762
Md5:    d9c34b0161b32211331ee5dc619121da
Sha1:   0b9f450e3769e3e833ffc8118245292f7a2f4bb1
Sha256: 3dd3271b8b23f423fb9b2676d90a3b13bed48058e10830f2c0b6422bb52c5033
                                        
                                            GET /mysimgprod/dressmykidno_mystore_no/images/VGUuc_Hust_Claire_bambus_Hust___Claire_Bonita_body_1.webp/w600h600.webp HTTP/1.1 
Host: dressmykidno-i01.mycdn.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.13
HTTP/2 200 OK
content-type: image/webp
                                        
content-length: 77020
last-modified: Mon, 11 Apr 2022 14:01:31 GMT
server: AmazonS3
date: Mon, 19 Sep 2022 02:50:46 GMT
etag: "311e53874b7d7fa5f9d39b9cc8831aee"
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: bQAsfxcYwrYE9tJfXTAKne055Ewjmh01K-_RHU9LX3dAxpljKrZTMw==
age: 61276
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 600x600, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   77020
Md5:    311e53874b7d7fa5f9d39b9cc8831aee
Sha1:   592775ae35acbd1f4afdd85f3b9bf98d239d22ce
Sha256: c35b5f695bf7d6c26acff347b1b836530af19aef58dab76a8c16a3df53422f13
                                        
                                            GET /mysimgprod/dressmykidno_mystore_no/images/04867_Hust_Claire_Hust___Claire_Faust_sl_yfe_til_b_1.webp/w600h600.webp HTTP/1.1 
Host: dressmykidno-i02.mycdn.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.13
HTTP/2 200 OK
content-type: image/webp
                                        
content-length: 8294
last-modified: Mon, 11 Apr 2022 13:29:33 GMT
server: AmazonS3
date: Mon, 19 Sep 2022 16:21:20 GMT
etag: "e124f57f1f085c75d1b88c24e4965c5c"
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Vwkr-3PSlZLaplwHtkC_yYi4FgmL4PguhbsnQSuEjqDAUqCw1Z2DHg==
age: 12642
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 600x600, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   8294
Md5:    e124f57f1f085c75d1b88c24e4965c5c
Sha1:   9d94d31c04e80f7e559746a9e5990a41f8f661e5
Sha256: 5de33fa9323ebd1f7249abd54018f10d07b54779f5708d0f56e14edca380b732
                                        
                                            GET /mysimgprod/dressmykidno_mystore_no/images/upload_16620381636310b0933af45.webp/w600h600.webp HTTP/1.1 
Host: dressmykidno-i01.mycdn.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.13
HTTP/2 200 OK
content-type: image/webp
                                        
content-length: 34084
last-modified: Thu, 01 Sep 2022 13:16:08 GMT
server: AmazonS3
date: Mon, 19 Sep 2022 02:45:11 GMT
etag: "877e77000239d250ee9e94041e63be25"
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: qJnUXJjfEdf8WokBbDcmFU_anIGXl9TIyCEbdSlN5RXNSjZpKhR25g==
age: 63675
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 600x600, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   34084
Md5:    877e77000239d250ee9e94041e63be25
Sha1:   c14b4138e77eec852797da4a498b74252cc45b97
Sha256: f0e6056a6c85d61ef82a53efbdaf77d1bbe4aaa0b5a346b6d1115e916a51606a
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3479
Cache-Control: 'max-age=158059'
Date: Mon, 19 Sep 2022 19:52:01 GMT
Last-Modified: Mon, 19 Sep 2022 18:54:02 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /gtm.js?id=GTM-MC2CVRK HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         142.250.74.72
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 19 Sep 2022 19:52:01 GMT
expires: Mon, 19 Sep 2022 19:52:01 GMT
cache-control: private, max-age=900
last-modified: Mon, 19 Sep 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 39068
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1720)
Size:   39068
Md5:    d67571024dd0a11a5104c386a218919b
Sha1:   17fa8f9bb9528a6db50f4562423bfb2af99215ae
Sha256: 626262bc5dd01a06fb76c7e5ce7060fc6e4e52bbb8a3d1e9b39268bd4258998c
                                        
                                            GET /gtag/js?id=AW-833441087 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         142.250.74.72
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 19 Sep 2022 19:52:01 GMT
expires: Mon, 19 Sep 2022 19:52:01 GMT
cache-control: private, max-age=900
last-modified: Mon, 19 Sep 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 46532
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1720)
Size:   46532
Md5:    a7d45c7c1d120f42e0587a1974bf4f24
Sha1:   1c9ab2159c7c401d8e27e0a515b6f67fc0311512
Sha256: 00d315f3ab0ca305050d058b00ca1892b705baf697c3d8772c093f42a48dbe1b
                                        
                                            GET /t/client.js?v=4 HTTP/1.1 
Host: cdn.crall.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.87
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 19 Sep 2022 18:49:43 GMT
Server: nginx/1.10.1
Last-Modified: Mon, 12 Sep 2022 00:05:16 GMT
ETag: W/"631e77bc-2b7d1"
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: KR8nRXiCcKZFJEleXf-BZVfFLRQ8YjMWp8WZBZLiqEO_SGjZiD0RYA==
Age: 3738


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (47171), with NEL line terminators
Size:   51492
Md5:    f0e2432a714a5d4bc1471b7ba4e5c796
Sha1:   12b5c04a62434a840079a1795881e7ed92c5f81c
Sha256: 230dca09fad7cec0fe198ec283b32c529429d39dde564af054f5890623ca2783
                                        
                                            GET /w/widgets.js?v=4 HTTP/1.1 
Host: cdn.crall.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.87
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.10.1
Last-Modified: Wed, 07 Sep 2022 08:23:34 GMT
Content-Encoding: gzip
Date: Mon, 19 Sep 2022 19:51:28 GMT
ETag: W/"63185506-1c401"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: kPIP1Fx4wUM1nHYzoM7jNYbLJqt0kFviZb9_nVvkhgo6BKHPVCWcdA==
Age: 33


--- Additional Info ---
Magic:  ASCII text, with very long lines (34286)
Size:   30772
Md5:    e131b82ce8fc10362d29adcb908a2e75
Sha1:   c72c5c6c2597d40b5e057efdc03233df3590a020
Sha256: 44a90f91ec8f01d5bee9741427c912a42be281c1d3a19e99a95d44dbc15941d0
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 19 Sep 2022 19:52:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /fonts/Roboto/Roboto-Regular.ttf HTTP/1.1 
Host: www.dressmykid.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/css/modules/consent.css
Cookie: digistore_custid=dcj5lce16747saur8c19e5cp34; kk_leadtag=true; kelkooId=a4c6295-183574eb503-2140e
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         52.17.124.116
HTTP/2 200 OK
content-type: application/font-sfnt
                                        
server: nginx
date: Mon, 19 Sep 2022 19:52:01 GMT
content-length: 168260
last-modified: Mon, 19 Sep 2022 08:40:26 GMT
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  TrueType Font data, 18 tables, 1st "GDEF", 13 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-RegularRob\012- data
Size:   168260
Md5:    f36638c2135b71e5a623dca52b611173
Sha1:   84d102488738b0ebbc7a5087973effbd54c95bd5
Sha256: 319cff6e7a31f0f2a41c475dca42890aa5d19fe16017e2290f8c1d4e14f76481
                                        
                                            GET /assets/no/lipscore-v1.js HTTP/1.1 
Host: static.lipscore.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.53
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Length: 69041
Connection: keep-alive
Date: Mon, 19 Sep 2022 09:41:57 GMT
Last-Modified: Mon, 19 Sep 2022 09:38:25 GMT
ETag: "25b5fc084af7bff4283260836e5257d2"
Content-Encoding: gzip
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: VF3ndwZ7Es6jzN0J5xT7biD_hivx-_rNsKl3k6gDt6tR9_gghKAOdQ==
Age: 36605


--- Additional Info ---
Magic:  ASCII text, with very long lines (589)
Size:   69041
Md5:    25b5fc084af7bff4283260836e5257d2
Sha1:   716f65a71ce759940c323302be7b64111cc65d39
Sha256: 835e5e67557f8c5a184f6604d7fab2ec50b206366902bcb357c3829f6b9deb19
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3479
Cache-Control: 'max-age=158059'
Date: Mon, 19 Sep 2022 19:52:01 GMT
Last-Modified: Mon, 19 Sep 2022 18:54:02 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: status.thawte.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4336
Cache-Control: 'max-age=158059'
Date: Mon, 19 Sep 2022 19:52:01 GMT
Last-Modified: Mon, 19 Sep 2022 18:39:46 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /1/api.js?hl=no HTTP/1.1 
Host: js.hcaptcha.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.16.168.131
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Mon, 19 Sep 2022 19:52:01 GMT
cf-ray: 74d4dc009b97b4eb-OSL
age: 0
cache-control: max-age=120
etag: W/"84729783ded6e9166650d2e40d1556b2"
last-modified: Thu, 11 Aug 2022 21:59:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-id: 10g5RVqLpYkU0aa-3kxGh5TDyliupy3A-DXslF07tUxdkEnx8Zz81g==
x-amz-cf-pop: OSL50-P1
x-cache: Hit from cloudfront
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   81283
Md5:    675b5d1d6ac6366f7c67fd5594386751
Sha1:   4a64373de7ee1a0ec6ee7d58d10c5611248646f8
Sha256: fa6f3c4e01b7490824f231ed3a8433e754e0c83c9c960c931888b5ac54294149
                                        
                                            GET /users/dressmykidno_mystore_no/templates/custom_stylesheet.css?v=1663617120 HTTP/1.1 
Host: www.dressmykid.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/?kk=a4c6295-183574eb503-2140e&utm_campaign=kelkooclick&utm_medium=cpc&utm_source=kelkoono
Cookie: digistore_custid=dcj5lce16747saur8c19e5cp34; kk_leadtag=true; kelkooId=a4c6295-183574eb503-2140e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         52.17.124.116
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Mon, 19 Sep 2022 19:52:01 GMT
content-length: 1738
last-modified: Mon, 11 Apr 2022 17:25:26 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 19 Oct 2022 19:52:01 GMT
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   1738
Md5:    544645cd6a9afcb9e2b350ec8676ab3c
Sha1:   53e9e02e52dfd744afd7f23c274c48cd987ecc71
Sha256: 840af66433440a7b5ede9ea9d4462c806bc3dd5174cba7da21d0c7a88296be99
                                        
                                            GET /bower_components/font-awesome/css/font-awesome.min.css HTTP/1.1 
Host: www.dressmykid.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/?kk=a4c6295-183574eb503-2140e&utm_campaign=kelkooclick&utm_medium=cpc&utm_source=kelkoono
Cookie: digistore_custid=dcj5lce16747saur8c19e5cp34; kk_leadtag=true; kelkooId=a4c6295-183574eb503-2140e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         52.17.124.116
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Mon, 19 Sep 2022 19:52:01 GMT
content-length: 6081
last-modified: Mon, 19 Sep 2022 08:40:26 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 19 Oct 2022 19:52:01 GMT
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (26548)
Size:   6081
Md5:    0438a5f21083130bac2b1004274c1657
Sha1:   d4139da20c143a9cbca0071e29664d0a0e0f434a
Sha256: 990af156e4c6c322a9123c5df748b507db0e1c7f46bd357969ccca17481be1d0
                                        
                                            GET /templates/america/css/fa5/fontawesome-all.css HTTP/1.1 
Host: www.dressmykid.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/?kk=a4c6295-183574eb503-2140e&utm_campaign=kelkooclick&utm_medium=cpc&utm_source=kelkoono
Cookie: digistore_custid=dcj5lce16747saur8c19e5cp34; kk_leadtag=true; kelkooId=a4c6295-183574eb503-2140e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         52.17.124.116
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Mon, 19 Sep 2022 19:52:01 GMT
content-length: 9234
last-modified: Mon, 19 Sep 2022 08:40:28 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 19 Oct 2022 19:52:01 GMT
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (427)
Size:   9234
Md5:    a9321fd627517f6b13d19274252ae625
Sha1:   9a303b0ff581f7edbb25aad6822a2154cb416908
Sha256: 7768ea0f4aa1c6ce47ba29b132617746f86de5312873c715ca87937827d97c27
                                        
                                            GET /t/crallchat.css?v=3 HTTP/1.1 
Host: cdn.crall.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.87
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 19 Sep 2022 19:27:28 GMT
Server: nginx/1.10.1
Last-Modified: Wed, 07 Sep 2022 08:23:34 GMT
ETag: W/"63185506-6527"
Content-Encoding: gzip
X-Cache: Hit from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 9jTbHOr_CYRXp5UmWnaqXXXp31qKK5GI1hTPy2rP74_FBFGqPbbOng==
Age: 1473


--- Additional Info ---
Magic:  ASCII text, with very long lines (25895)
Size:   5829
Md5:    329e54d7e213ca1fb9027b2f087a644d
Sha1:   13f9250344488829244c5decb0e30eed9345a324
Sha256: d15c1a2ca5368d0f3f41257611b76dceea5b7992f7005280236d4c2257096b0b
                                        
                                            OPTIONS /k.gif HTTP/1.1 
Host: s.kelkoogroup.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: etag
Referer: https://www.dressmykid.no/
Origin: https://www.dressmykid.no
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         185.60.164.26
HTTP/1.1 200 OK
                                        
X-Gravitee-Transaction-Id: 3debb596-d150-4581-abb5-96d1504581b4
X-Gravitee-Request-Id: 3debb596-d150-4581-abb5-96d1504581b4
Vary: Origin
Access-Control-Max-Age: 3600
Access-Control-Allow-Origin: https://www.dressmykid.no
Access-Control-Allow-Headers: etag
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: true
Date: Mon, 19 Sep 2022 19:52:01 GMT
content-length: 0

                                        
                                            GET /ajax.php?ajaxfunc=consent HTTP/1.1 
Host: www.dressmykid.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://www.dressmykid.no/?kk=a4c6295-183574eb503-2140e&utm_campaign=kelkooclick&utm_medium=cpc&utm_source=kelkoono
Cookie: digistore_custid=dcj5lce16747saur8c19e5cp34
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         52.17.124.116
HTTP/2 200 OK
content-type: text/html; charset=iso-8859-1
                                        
server: nginx
date: Mon, 19 Sep 2022 19:52:01 GMT
content-length: 3025
x-frame-options: SAMEORIGIN
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ISO-8859 text, with very long lines (484)
Size:   3025
Md5:    08ae544be8f44c2bcf4234de6a9ac7dd
Sha1:   07f8b068682101d79b9850116ea524d0fe0fb2f6
Sha256: 84c9e447c956ec9aaf21732e14e3dfbe153d42caf32e6f20d6da60d25e648600
                                        
                                            GET /mysimgprod/dressmykidno_mystore_no/images/upload_1662705985631ae1419d753.webp/w1920h780.webp HTTP/1.1 
Host: dressmykidno-i05.mycdn.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.13
HTTP/2 200 OK
content-type: image/webp
                                        
content-length: 107806
last-modified: Fri, 09 Sep 2022 06:46:36 GMT
server: AmazonS3
date: Mon, 19 Sep 2022 13:06:44 GMT
etag: "25341f158f74fdfed4313c5412229ec8"
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: QckuuCXc37Y5bUuo8ioI3vbu7slor0VM-34ocN1ahnd59VGAUFZT9w==
age: 24318
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    f837aa60b6fe83458f790db60d529fc9
Sha1:   14af87ccec7f81bb28d53c84da2fd5a9d5925cda
Sha256: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
                                        
                                            GET /assets/lipscore-v1.css HTTP/1.1 
Host: static.lipscore.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.53
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Content-Length: 11547
Connection: keep-alive
Date: Mon, 19 Sep 2022 09:41:57 GMT
Last-Modified: Mon, 19 Sep 2022 09:38:28 GMT
ETag: "9fcf4968689064e97f6f6d3f1ae21b20"
Content-Encoding: gzip
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: qQP3Y6w8Fi3W1O8Y6Haus54Mhv68BmRlWuSb-gD4OxHJkOwatMeIOw==
Age: 36605


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   11547
Md5:    9fcf4968689064e97f6f6d3f1ae21b20
Sha1:   ed3d8a7c4e22e64986b0d187e62cb12ed12a3cd4
Sha256: 2f9130f19d83f3c3965b5e2dc2d29bcacbf59ebd237c9274889c4f5ef98f1f7b
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 19 Sep 2022 19:52:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 19 Sep 2022 19:52:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 19 Sep 2022 19:52:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.dressmykid.no
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:34:08 GMT
expires: Thu, 14 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 433073
last-modified: Wed, 11 May 2022 19:24:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size:   15860
Md5:    e9f5aaf547f165386cd313b995dddd8e
Sha1:   acdef5603c2387b0e5bffd744b679a24a8bc1968
Sha256: f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 19 Sep 2022 19:52:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.dressmykid.no
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17368
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:47:56 GMT
expires: Thu, 14 Sep 2023 19:47:56 GMT
cache-control: public, max-age=31536000
age: 432245
last-modified: Wed, 11 May 2022 19:24:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 17368, version 1.0\012- data
Size:   17368
Md5:    abe083d96b58eb02ada8b7c30d7b09f2
Sha1:   61447d66d13a8c8f4335696777a85c438c46f749
Sha256: db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9
                                        
                                            GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.dressmykid.no
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:34:21 GMT
expires: Thu, 14 Sep 2023 19:34:21 GMT
cache-control: public, max-age=31536000
age: 433060
last-modified: Wed, 11 May 2022 19:24:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Size:   15740
Md5:    b9c29351c46f3e8c8631c4002457f48a
Sha1:   e57e59c5780995ff2937ab2b511a769212974a87
Sha256: f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 19 Sep 2022 19:52:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.dressmykid.no
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:34:08 GMT
expires: Thu, 14 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 433073
last-modified: Wed, 11 May 2022 19:24:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size:   15744
Md5:    15d9f621c3bd1599f0169dcf0bd5e63e
Sha1:   7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
Sha256: f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
                                        
                                            GET /t/5-chunk.js?t=1653173656187 HTTP/1.1 
Host: cdn.crall.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.87
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 19 Sep 2022 18:28:22 GMT
Server: nginx/1.10.1
Last-Modified: Mon, 12 Sep 2022 00:05:16 GMT
ETag: W/"631e77bc-667"
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: CgxAAsjSzsQm3imn9L78OVHNTQpNo5FnrTANnjMNImVmERgmRkhYJA==
Age: 5019


--- Additional Info ---
Magic:  ASCII text, with very long lines (1639), with no line terminators
Size:   740
Md5:    3d7d03934f96ef91d98290e383a9946f
Sha1:   9dc688daf6a1c0202ff091f7ca9ba6a95c686204
Sha256: 79c1301bf01f2f96e02277ebfa19f92d6906f1ccc531994772aa4aab81f02355
                                        
                                            GET /t/4-chunk.js?t=1653173656187 HTTP/1.1 
Host: cdn.crall.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.87
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 19 Sep 2022 18:32:42 GMT
Server: nginx/1.10.1
Last-Modified: Wed, 07 Sep 2022 08:23:34 GMT
ETag: W/"63185506-531"
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: rArsDZKGTqQhEvcjhBesaoi5s08JF8UOYYi_WLX1NYHfKEPud_ifxQ==
Age: 4759


--- Additional Info ---
Magic:  ASCII text, with very long lines (1329), with no line terminators
Size:   711
Md5:    f14cef86028dfd427083d160737b7417
Sha1:   717cf713d3a03ac778a382404215d064d5f67203
Sha256: fc35f911b52218e2f1f823e4b95023df5d297ed6ee8eaaa41c62a3e96ba1ddce
                                        
                                            GET /templates/america/fonts/webfonts/fa-light-300.woff2 HTTP/1.1 
Host: www.dressmykid.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.dressmykid.no/users/themeamerica_mystore_no/templates/america/local/local_css_footer.css?version=a1662367267&host=dressmykidno_mystore_no
Cookie: digistore_custid=dcj5lce16747saur8c19e5cp34; kk_leadtag=true; kelkooId=a4c6295-183574eb503-2140e; crall_uid=1-e57cdeb3-7c31-4c0c-b08e-57d5c28a0c7e
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         52.17.124.116
HTTP/2 200 OK
                                        
server: nginx
date: Mon, 19 Sep 2022 19:52:01 GMT
content-length: 61500
last-modified: Mon, 19 Sep 2022 08:40:28 GMT
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 61500, version 1.0\012- data
Size:   61500
Md5:    7cc3813fd8210dc22ed2cc16891d0c6d
Sha1:   01d3ecbd600c003e34f6645a738a2453c09c4dda
Sha256: afdb7da70cadb7f081878a3df33f1634c2542cf54ac71bc0e3da76530b6e75ca
                                        
                                            GET /bower_components/font-awesome/fonts/fontawesome-webfont.woff2?v=4.4.0 HTTP/1.1 
Host: www.dressmykid.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.dressmykid.no/bower_components/font-awesome/css/font-awesome.min.css
Cookie: digistore_custid=dcj5lce16747saur8c19e5cp34; kk_leadtag=true; kelkooId=a4c6295-183574eb503-2140e; crall_uid=1-e57cdeb3-7c31-4c0c-b08e-57d5c28a0c7e
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         52.17.124.116
HTTP/2 200 OK
                                        
server: nginx
date: Mon, 19 Sep 2022 19:52:01 GMT
content-length: 64464
last-modified: Mon, 19 Sep 2022 08:40:26 GMT
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 64464, version 4.262\012- data
Size:   64464
Md5:    4b5a84aaf1c9485e060c503a0ff8cadb
Sha1:   574ea2698c03ae9477db2ea3baf460ee32f1a7ea
Sha256: 3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019
                                        
                                            GET /w/1-chunk.js?t=1653175411266 HTTP/1.1 
Host: cdn.crall.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.87
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.10.1
Last-Modified: Wed, 07 Sep 2022 08:23:34 GMT
Content-Encoding: gzip
Date: Mon, 19 Sep 2022 19:51:36 GMT
ETag: W/"63185506-2b5dc"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Q-Z03hx8d7uoe7eJb7bQHtNBlUC21gT_B4xA61QqZbLWnwTCgP1Nug==
Age: 25


--- Additional Info ---
Magic:  ASCII text, with very long lines (62840)
Size:   48505
Md5:    f3ab4c004d002588fce2d5151b43b129
Sha1:   1daaafb8af2abce51015ff2c6c571033a13b2b3f
Sha256: b42f3f478d5920672d618ea6540e096c98e8cf04c89624c4e53ab91f827fb47e
                                        
                                            GET /w/2-chunk.js?t=1653175411266 HTTP/1.1 
Host: cdn.crall.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.87
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.10.1
Last-Modified: Mon, 12 Sep 2022 00:05:16 GMT
Content-Encoding: gzip
Date: Mon, 19 Sep 2022 19:51:39 GMT
ETag: W/"631e77bc-27ca"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: l_u8Fg2Bn3m7ZD__j8m-6Xh6IYVKTBE4PbtBAI9hhDCFWlXgujciSw==
Age: 22


--- Additional Info ---
Magic:  ASCII text, with very long lines (10186), with no line terminators
Size:   3085
Md5:    6ad66e438e17324da577d63323d6edc4
Sha1:   85a746606806f81fd917dc4e07859a59c2b4d06f
Sha256: a3167bbefa74ce13b1f4e3d13127965ccdc7558848ece6d05345379620b50d84
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         54.230.245.118
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 19 Sep 2022 19:52:01 GMT
Last-Modified: Mon, 19 Sep 2022 19:00:29 GMT
Server: ECS (nyb/1D24)
X-Cache: Miss from cloudfront
Via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 2mwOUPiyL3cZdye0FzDovup0dn5K0F2XHXVfvWIH9cVk6gZh1WSG-A==
Age: 3092

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         54.230.245.118
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 19 Sep 2022 19:52:01 GMT
Last-Modified: Mon, 19 Sep 2022 19:09:56 GMT
Server: ECS (bsa/EB1F)
X-Cache: Miss from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: -jA6fX20Ld5IaicZbGbuHMshWSQAWrndNQHav_aX7JPmj_fxsdAehw==
Age: 2525

                                        
                                            GET /users/dressmykidno_mystore_no/logo/favicon0.ico HTTP/1.1 
Host: www.dressmykid.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/?kk=a4c6295-183574eb503-2140e&utm_campaign=kelkooclick&utm_medium=cpc&utm_source=kelkoono
Cookie: digistore_custid=dcj5lce16747saur8c19e5cp34; kk_leadtag=true; kelkooId=a4c6295-183574eb503-2140e; crall_uid=1-e57cdeb3-7c31-4c0c-b08e-57d5c28a0c7e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         52.17.124.116
HTTP/2 200 OK
content-type: image/vnd.microsoft.icon
                                        
server: nginx
date: Mon, 19 Sep 2022 19:52:01 GMT
content-length: 99678
last-modified: Thu, 23 Jan 2020 07:19:51 GMT
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size:   99678
Md5:    227b8e4460f85df776871e00a4073089
Sha1:   9c3db9c14fcd26949177dc4288a20d9c62f6bd2e
Sha256: f8038e21877c020c75a5116ac33dfda27cedb8bafdfe532f55d4e9124fa9399e
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3177
Cache-Control: 'max-age=158059'
Date: Mon, 19 Sep 2022 19:52:02 GMT
Last-Modified: Mon, 19 Sep 2022 18:59:05 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 19 Sep 2022 19:52:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 19 Sep 2022 19:52:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /en_US/fbevents.js HTTP/1.1 
Host: connect.facebook.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         157.240.200.14
HTTP/2 200 OK
content-type: application/x-javascript; charset=utf-8
                                        
vary: Accept-Encoding
content-encoding: gzip
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: 2RBLL09cgaPH4rMJEU9ok1JTRzUneAiitfvY4N1QNWX5Nbakj/vJcPek+bbKLs2Dl6u1NFV3gjjgENC2l6XIvg==
priority: u=3,i
content-length: 26839
x-fb-trip-id: 1679558926
date: Mon, 19 Sep 2022 19:52:02 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (64348)
Size:   26839
Md5:    9ecd89752214ef749272eef344b9089a
Sha1:   70a58a49c08934265ee34c74efb01d6b3124095d
Sha256: f76c51487e348977288fcaf83984cd8fe4e73758cc352402774d9eb94680d528
                                        
                                            GET /pagead/conversion_async.js HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.164
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 19 Sep 2022 19:52:02 GMT
expires: Mon, 19 Sep 2022 19:52:02 GMT
cache-control: private, max-age=3600
etag: 3080337328058561381
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 15693
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1654)
Size:   15693
Md5:    890f716858b5f72587e47c5eca121cb5
Sha1:   91871a0acd9a0ab644d51036bb5ca0c3bdc5e687
Sha256: 7a3629e375468328b3fb25e1a6cc5749604f09099e8d2109f366e7e0226aee4a
                                        
                                            GET /dc.js HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.251.1.154
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 17093
date: Mon, 19 Sep 2022 18:45:39 GMT
expires: Mon, 19 Sep 2022 20:45:39 GMT
cache-control: public, max-age=7200
age: 3983
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1305)
Size:   17093
Md5:    5f65521f6c6223e1e18cb161832bea2a
Sha1:   f03800023e7bbe2579cd24e122cdf8c6ecf8b4c6
Sha256: 787b69b93681cf41784dfa8655cbdafe8a56ecc62f0112a6ea2241a284a0e3c9
                                        
                                            OPTIONS /api/v1/visitors/1-e57cdeb3-7c31-4c0c-b08e-57d5c28a0c7e HTTP/1.1 
Host: app.crall.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: account-id,content-type
Referer: https://www.dressmykid.no/
Origin: https://www.dressmykid.no
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.253.80.175
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Mon, 19 Sep 2022 19:52:01 GMT
server: nginx/1.10.1
x-powered-by: PHP/7.2.8-1+ubuntu16.04.1+deb.sury.org+1
cache-control: no-cache, private
access-control-allow-origin: *
access-control-max-age: 600
access-control-allow-methods: OPTIONS, GET, POST, PUT, DELETE
access-control-allow-headers: Origin, X-Requested-With, user-language, Content-Type, Accept, account-id,Authorization,Authorized-account
content-encoding: gzip
X-Firefox-Spdy: h2

                                        
                                            GET /css?family=Roboto:300,300i,400,400i,700,700i HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 19 Sep 2022 19:52:01 GMT
date: Mon, 19 Sep 2022 19:52:01 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (10919)
Size:   3341
Md5:    ed4416d9d3b1174d94265c4cb629f3d6
Sha1:   438c651f5a6072a8ea93c8ba8c6226bffab22def
Sha256: 8947c947b038ad07749b8b5bd9915d06ad4b7ef57c3670c64f2f4c35012bec50
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 19 Sep 2022 19:52:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 19 Sep 2022 19:52:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /t/6-chunk.js?t=1653173656187 HTTP/1.1 
Host: cdn.crall.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.87
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 19 Sep 2022 19:15:53 GMT
Server: nginx/1.10.1
Last-Modified: Mon, 12 Sep 2022 00:05:16 GMT
ETag: W/"631e77bc-e1c8"
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: BI4JK-yU2StWiSFfA02f5fP4fflpbeecaCvVjM4FfoAQE3_CFMZ4IQ==
Age: 2169


--- Additional Info ---
Magic:  ASCII text, with very long lines (57800), with no line terminators
Size:   15598
Md5:    842de5c04a58de718363add5de8b0e7b
Sha1:   70aa03be99a9f6d3df5b8173280adf3552418077
Sha256: a9b16cc46dc27282c5da0f1fc36650877afb54a601bf9204ea21e75dfc8649ae
                                        
                                            GET /v1/recommend/11223/@cart-others-also-bought?u=1-e57cdeb3-7c31-4c0c-b08e-57d5c28a0c7e HTTP/1.1 
Host: api2.crall.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dressmykid.no
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         52.16.6.39
HTTP/2 200 OK
content-type: application/json
                                        
date: Mon, 19 Sep 2022 19:52:02 GMT
content-length: 1354
access-control-allow-headers: Content-Type, Authorization
cache-control: no-cache, private
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-methods: GET
apigw-requestid: YuQ_Yi4CjoEEPMw=
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- HTML document, ASCII text, with very long lines (4647), with no line terminators
Size:   1354
Md5:    5e4b734ec4327cd96a9c743d5234de31
Sha1:   79006aa9bee801b338ba7a0c54e4dd6ce94be46a
Sha256: bf4a1eceba25ebc870c082db737a7ce9998b608664ecd9b66321f988a5b749a2
                                        
                                            POST /api/v1/visitors/1-e57cdeb3-7c31-4c0c-b08e-57d5c28a0c7e HTTP/1.1 
Host: app.crall.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
account-id: 11223
Content-Length: 312
Origin: https://www.dressmykid.no
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.253.80.175
HTTP/2 200 OK
content-type: application/json
                                        
date: Mon, 19 Sep 2022 19:52:02 GMT
server: nginx/1.10.1
x-powered-by: PHP/7.2.8-1+ubuntu16.04.1+deb.sury.org+1
cache-control: no-cache, private
access-control-allow-origin: *
access-control-max-age: 600
access-control-allow-headers: Authorization,account-id, Origin, X-Requested-With, Content-Type, Accept
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   12839
Md5:    bfac7ea7f2f5442d9fbe7370ec3d56f7
Sha1:   862a2d11c825fffbc20f991e6edbe3e9419a2348
Sha256: 6b2d3a38e1cc097bbc602baa9efae18c36729f2a326ba4d61918e9f67304bd9a
                                        
                                            GET /images/arrow-right-fal-white.png HTTP/1.1 
Host: www.dressmykid.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/?kk=a4c6295-183574eb503-2140e&utm_campaign=kelkooclick&utm_medium=cpc&utm_source=kelkoono
Cookie: digistore_custid=dcj5lce16747saur8c19e5cp34; kk_leadtag=true; kelkooId=a4c6295-183574eb503-2140e; crall_uid=1-e57cdeb3-7c31-4c0c-b08e-57d5c28a0c7e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         52.17.124.116
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Mon, 19 Sep 2022 19:52:02 GMT
content-length: 202
last-modified: Mon, 19 Sep 2022 08:40:26 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 19 Oct 2022 19:52:02 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  gzip compressed data, from Unix\012- data
Size:   1031
Md5:    34c96a00aae7276ac5ffcaa92c464e2f
Sha1:   b4fc353c583f1367b5459a35cc351e5c0668750c
Sha256: 9bde6f903dacc193b6e110730fa7087418ba417bad84b47f1fab0af727d5d020
                                        
                                            GET /t/2-chunk.js?t=1653173656187 HTTP/1.1 
Host: cdn.crall.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.87
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 19 Sep 2022 19:10:47 GMT
Server: nginx/1.10.1
Last-Modified: Mon, 12 Sep 2022 00:05:16 GMT
ETag: W/"631e77bc-1687b"
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: UBB6jSMrINSbxZpsRB1OAvMYAOIYOO3VifLP36sFe3L0kFkRIz-_yA==
Age: 2475


--- Additional Info ---
Magic:  ASCII text, with very long lines (48435)
Size:   25944
Md5:    5f46855bd77047ec6961826db2afc630
Sha1:   35bd5c1d251b1651cf152c1c6ca27cf8c53eaf2d
Sha256: ed77ece8c2d789a5fb064b19b0a4db0508b0ebaa90188271138f258de7869663
                                        
                                            GET /initial_data/settings/show?api_key=bd7fffa455c12bb9e8c4f865&invitation_template_id=&lang= HTTP/1.1 
Host: wapi.lipscore.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dressmykid.no
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.86.217
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: Cowboy
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
access-control-expose-headers: X-Pagination
access-control-max-age: 86400
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
access-control-allow-credentials: true
access-control-allow-headers: X-Http-Method-Override
cache-control: public, no-cache
x-request-id: 2092d56a-1682-4c91-aabe-3ad6d85c7a46
x-runtime: 0.016913
via: 1.1 vegur, 1.1 varnish
accept-ranges: bytes
date: Mon, 19 Sep 2022 19:52:02 GMT
age: 971353
x-served-by: cache-bma1677-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1663617122.472022,VS0,VE1
vary: Origin
access-control-allow-origin: https://www.dressmykid.no
content-length: 8968
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (8968), with no line terminators
Size:   8968
Md5:    e7a7fcde2bb719355995f5cba1a22456
Sha1:   4e54570361d292dc4f29d8312c548822a37e7b53
Sha256: 65629f94b7ac647104bc39401e98502739c963408241536c47cfa2657dc6776d
                                        
                                            GET /mysimgprod/dressmykidno_mystore_no/images/6feHl_Reima_Reima_Parvin_ulldress_baby_og_barn__Th_1.jpg/w500h500.jpg HTTP/1.1 
Host: dressmykidno-i05.mycdn.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.13
HTTP/2 200 OK
content-type: image/jpeg
                                        
content-length: 14310
date: Mon, 19 Sep 2022 13:01:49 GMT
last-modified: Thu, 15 Sep 2022 14:11:56 GMT
etag: "d69cac45f39cc088540d63d818cedd7f"
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: GCBgz6jbEQ8aTkCx3JCfvt_-gfbQq558KGvIAfB1JCIfP8L0nw95bA==
age: 24614
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, baseline, precision 8, 500x500, components 3\012- data
Size:   14310
Md5:    d69cac45f39cc088540d63d818cedd7f
Sha1:   6ced8bdadab9e53043564284a3df5b5246f49ce9
Sha256: 9363d67e67bc0ea1936e388b008265a6f3fae083924083cd89fad2b2f4a265f7
                                        
                                            GET /mysimgprod/dressmykidno_mystore_no/images/qheUA_Reima_Reima_Parvin_ulldress_baby_og_barn__Pa_1.jpg/w500h500.jpg HTTP/1.1 
Host: dressmykidno-i04.mycdn.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.13
HTTP/2 200 OK
content-type: image/jpeg
                                        
content-length: 12513
last-modified: Thu, 15 Sep 2022 15:11:13 GMT
server: AmazonS3
date: Mon, 19 Sep 2022 08:36:06 GMT
etag: "59aba5ebc3636d69ab770f93718b2542"
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: yQhCgtRjvfSuQIGBHk3M462MIFo620TLTv7NYPLksRBn60RrjUnbxQ==
age: 40557
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, baseline, precision 8, 500x500, components 3\012- data
Size:   12513
Md5:    59aba5ebc3636d69ab770f93718b2542
Sha1:   360b5289ec99e7f4d6bdbb945eeb0b8301317132
Sha256: e154efe8b41e3e0c90cbce7dec3f50d067a1cb20afb41e316fd579770753bdc4
                                        
                                            GET /mysimgprod/dressmykidno_mystore_no/images/EmYXG_Reima_Reima_Parvin_ulldress_baby_og_barn__Ci_1.jpg/w500h500.jpg HTTP/1.1 
Host: dressmykidno-i04.mycdn.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.13
HTTP/2 200 OK
content-type: image/jpeg
                                        
content-length: 15023
last-modified: Fri, 02 Sep 2022 10:06:50 GMT
server: AmazonS3
date: Mon, 19 Sep 2022 18:24:26 GMT
etag: "e11e7d90294fe1bb0079f1f83fc71942"
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 4NArZm_VL8G3zVYNcMwZy9lqpW6-5oQWcjMzD48V0bjg7X3ewK5Leg==
age: 5257
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, baseline, precision 8, 500x500, components 3\012- data
Size:   15023
Md5:    e11e7d90294fe1bb0079f1f83fc71942
Sha1:   9256a4de4eba3b2e131d2784f9dcb171a7fc1281
Sha256: 7e12249730806eedeaf8a3d959a81f7f3025cd68490df88c786f620a0f0cf91a
                                        
                                            GET /hit?api_key=bd7fffa455c12bb9e8c4f865 HTTP/1.1 
Host: wapi.lipscore.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dressmykid.no
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.86.217
HTTP/2 200 OK
                                        
server: Varnish
retry-after: 0
access-control-allow-credentials: true
accept-ranges: bytes
date: Mon, 19 Sep 2022 19:52:02 GMT
via: 1.1 varnish
x-served-by: cache-bma1677-BMA
x-cache: HIT
x-cache-hits: 0
x-timer: S1663617122.476207,VS0,VE0
access-control-allow-origin: https://www.dressmykid.no
content-length: 0
X-Firefox-Spdy: h2

                                        
                                            GET /mysimgprod/dressmykidno_mystore_no/images/uQbMw_Reima_Reima_Parvin_ulldress_baby_og_barn__Me_1.jpg/w500h500.jpg HTTP/1.1 
Host: dressmykidno-i03.mycdn.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.13
HTTP/2 200 OK
content-type: image/jpeg
                                        
content-length: 21398
last-modified: Fri, 02 Sep 2022 10:06:50 GMT
server: AmazonS3
date: Mon, 19 Sep 2022 19:21:51 GMT
etag: "51bc8a0f62309d73c21adcafed5bcb08"
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: dgHcrA40umSHPPNKM--uKrU8JBoqMpANMNu2WJOcDua1DiSoG-mUjg==
age: 1812
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, baseline, precision 8, 500x500, components 3\012- data
Size:   21398
Md5:    51bc8a0f62309d73c21adcafed5bcb08
Sha1:   0867268c5e8abc3b091fe6bef8273a31bc62fa1d
Sha256: e2bd0809407f1802b4dca2bf5da1a1c01e6702732153b548627647a22a55499e
                                        
                                            GET /mysimgprod/dressmykidno_mystore_no/images/AbhDJ_Reima_Reima_Parvin_ulldress_baby_og_barn__Li_1.jpg/w500h500.jpg HTTP/1.1 
Host: dressmykidno-i03.mycdn.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.13
HTTP/2 200 OK
content-type: image/jpeg
                                        
content-length: 16488
date: Mon, 19 Sep 2022 08:36:06 GMT
last-modified: Thu, 15 Sep 2022 14:11:56 GMT
etag: "dd095153f9015ce1ba7a1a0bc9ba36f1"
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: nnZlcvv4nP4v9_OLEOhPdWvP0OYM7EFRvdeDrRnKYl0AKiQVtqQ7fw==
age: 40557
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, baseline, precision 8, 500x500, components 3\012- data
Size:   16488
Md5:    dd095153f9015ce1ba7a1a0bc9ba36f1
Sha1:   31e2b9eadff6913a0131c9e2115fd8d0a0645a92
Sha256: 4852943a24328ff765992c3a333f6718731ccdc48e70d6daf587da6d0b1ba228
                                        
                                            GET /initial_data/products/show?api_key=bd7fffa455c12bb9e8c4f865&internal_id=11827&widgets=r_sm&translate_to_lang=no HTTP/1.1 
Host: wapi.lipscore.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dressmykid.no
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         151.101.86.217
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: Cowboy
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
access-control-expose-headers: X-Pagination
access-control-max-age: 86400
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
access-control-allow-credentials: true
access-control-allow-headers: X-Http-Method-Override
cache-control: public, no-cache
x-request-id: 0998c8b5-abd7-4d70-a485-8798661aa8ec
x-runtime: 0.018272
via: 1.1 vegur, 1.1 varnish
accept-ranges: bytes
date: Mon, 19 Sep 2022 19:52:02 GMT
age: 268572
x-served-by: cache-bma1677-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1663617123.545669,VS0,VE1
vary: Origin
access-control-allow-origin: https://www.dressmykid.no
content-length: 71
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   71
Md5:    423fcafd052f31967ebd720487e567f1
Sha1:   ff5e889875c1afb310c6f852ae0b093cf3069aa5
Sha256: 32caed3dff32db21d1758631cc193e09c057d8094ad964089562ad4a4982066b
                                        
                                            GET /initial_data/products/show?api_key=bd7fffa455c12bb9e8c4f865&internal_id=11114&widgets=r_sm&translate_to_lang=no HTTP/1.1 
Host: wapi.lipscore.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dressmykid.no
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         151.101.86.217
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: Cowboy
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
access-control-expose-headers: X-Pagination
access-control-max-age: 86400
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
access-control-allow-credentials: true
access-control-allow-headers: X-Http-Method-Override
cache-control: public, no-cache
x-request-id: c2dcbe12-6c3e-4c02-9855-a949c59e58fd
x-runtime: 0.043628
via: 1.1 vegur, 1.1 varnish
accept-ranges: bytes
date: Mon, 19 Sep 2022 19:52:02 GMT
age: 1177149
x-served-by: cache-bma1677-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1663617123.548074,VS0,VE1
vary: Origin
access-control-allow-origin: https://www.dressmykid.no
content-length: 71
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  gzip compressed data, from Unix\012- data
Size:   2921
Md5:    4296a46bbed43852a38081f579acdee3
Sha1:   ed40b102e0f4bf9c71c471b68623fa6b366a7a51
Sha256: d27be085dfe0b638d4e2de7216dcb8686dcd3ca87ab218e860f2ca702870d656
                                        
                                            GET /initial_data/products/show?api_key=bd7fffa455c12bb9e8c4f865&internal_id=10293&widgets=r_sm&translate_to_lang=no HTTP/1.1 
Host: wapi.lipscore.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dressmykid.no
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         151.101.86.217
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: Cowboy
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
access-control-expose-headers: X-Pagination
access-control-max-age: 86400
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
access-control-allow-credentials: true
access-control-allow-headers: X-Http-Method-Override
cache-control: public, no-cache
x-request-id: b328ce72-c581-4eec-ad28-caee8ef3cc4b
x-runtime: 0.025255
via: 1.1 vegur, 1.1 varnish
accept-ranges: bytes
date: Mon, 19 Sep 2022 19:52:02 GMT
age: 546810
x-served-by: cache-bma1677-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1663617123.549632,VS0,VE1
vary: Origin
access-control-allow-origin: https://www.dressmykid.no
content-length: 71
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   71
Md5:    4a7654650dd3fa8de294039f8d80e547
Sha1:   f451a65854ff8ed567fc8b21952d088728a44b86
Sha256: 03dff15c200e51afff4f06a0b1357622179b6a5012e8bc200ad696c305e220b6
                                        
                                            GET /initial_data/products/show?api_key=bd7fffa455c12bb9e8c4f865&internal_id=11810&widgets=r_sm&translate_to_lang=no HTTP/1.1 
Host: wapi.lipscore.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dressmykid.no
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         151.101.86.217
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: Cowboy
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
access-control-expose-headers: X-Pagination
access-control-max-age: 86400
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
access-control-allow-credentials: true
access-control-allow-headers: X-Http-Method-Override
cache-control: public, no-cache
x-request-id: 8b2451ec-7ec6-4498-9074-ca682b4bc2fa
x-runtime: 0.039046
via: 1.1 vegur, 1.1 varnish
accept-ranges: bytes
date: Mon, 19 Sep 2022 19:52:02 GMT
age: 1178663
x-served-by: cache-bma1677-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1663617123.550969,VS0,VE1
vary: Origin
access-control-allow-origin: https://www.dressmykid.no
content-length: 71
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   71
Md5:    84c80874869cd0f7875274c6ff1dbceb
Sha1:   71e744deed731fbd30f2f6b66a53248c46d07f02
Sha256: d19bce1b09f0a57f8c1777f2709972421b6d15b2a061763c366112f80e606af7
                                        
                                            GET /initial_data/products/show?api_key=bd7fffa455c12bb9e8c4f865&internal_id=11315&widgets=r_sm&translate_to_lang=no HTTP/1.1 
Host: wapi.lipscore.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dressmykid.no
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         151.101.86.217
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: Cowboy
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
access-control-expose-headers: X-Pagination
access-control-max-age: 86400
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
access-control-allow-credentials: true
access-control-allow-headers: X-Http-Method-Override
cache-control: public, no-cache
x-request-id: 55374c23-a60d-4b14-8d5a-955387a89078
x-runtime: 0.028223
via: 1.1 vegur, 1.1 varnish
accept-ranges: bytes
date: Mon, 19 Sep 2022 19:52:02 GMT
age: 560218
x-served-by: cache-bma1677-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1663617123.553058,VS0,VE1
vary: Origin
access-control-allow-origin: https://www.dressmykid.no
content-length: 71
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  gzip compressed data, from Unix\012- data
Size:   535
Md5:    ffc6a6853787d9310f49bd5f2eda6f18
Sha1:   2ea6641618c919a0ca5c3e94610bb770376b2493
Sha256: be302956a48713d0e962af5c829d944557b99a2f5f494160391fa215ccaf488c
                                        
                                            GET /initial_data/products/show?api_key=bd7fffa455c12bb9e8c4f865&internal_id=12185&widgets=r_sm&translate_to_lang=no HTTP/1.1 
Host: wapi.lipscore.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dressmykid.no
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         151.101.86.217
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: Cowboy
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
access-control-expose-headers: X-Pagination
access-control-max-age: 86400
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
access-control-allow-credentials: true
access-control-allow-headers: X-Http-Method-Override
cache-control: public, no-cache
x-request-id: 8373c36e-9f42-42c2-919e-11d9e1d9ae34
x-runtime: 0.019234
via: 1.1 vegur, 1.1 varnish
accept-ranges: bytes
date: Mon, 19 Sep 2022 19:52:02 GMT
age: 462642
x-served-by: cache-bma1677-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1663617123.553760,VS0,VE1
vary: Origin
access-control-allow-origin: https://www.dressmykid.no
content-length: 71
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   71
Md5:    6238b862257b295ad18ed48178578dd2
Sha1:   c730abffbb79c78be27fdb751f5543976c389a4c
Sha256: b51cd2bf7c21ab1ac62f050f9386d877a4a3e7cd9f381b02cd476729dcbd1381
                                        
                                            GET /initial_data/products/show?api_key=bd7fffa455c12bb9e8c4f865&internal_id=10848&widgets=r_sm&translate_to_lang=no HTTP/1.1 
Host: wapi.lipscore.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dressmykid.no
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         151.101.86.217
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: Cowboy
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
access-control-expose-headers: X-Pagination
access-control-max-age: 86400
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
access-control-allow-credentials: true
access-control-allow-headers: X-Http-Method-Override
cache-control: public, no-cache
x-request-id: 63c53d5c-e0db-4815-9efe-95cf63744992
x-runtime: 0.061648
via: 1.1 vegur, 1.1 varnish
accept-ranges: bytes
date: Mon, 19 Sep 2022 19:52:02 GMT
age: 1176841
x-served-by: cache-bma1677-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1663617123.554702,VS0,VE1
vary: Origin
access-control-allow-origin: https://www.dressmykid.no
content-length: 71
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   71
Md5:    484f07c6ed2a9684e5a7af5b45492c90
Sha1:   a71a4b141520a77cd9045994dd7c3070d1231b64
Sha256: 4124ec655dab9fe09a5088ecf5bc7e04b5270d80bd8e6b83ec6d8b05b3cfc7a0
                                        
                                            GET /initial_data/products/show?api_key=bd7fffa455c12bb9e8c4f865&internal_id=11356&widgets=r_sm&translate_to_lang=no HTTP/1.1 
Host: wapi.lipscore.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dressmykid.no
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         151.101.86.217
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: Cowboy
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
access-control-expose-headers: X-Pagination
access-control-max-age: 86400
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
access-control-allow-credentials: true
access-control-allow-headers: X-Http-Method-Override
cache-control: public, no-cache
x-request-id: cf956c64-13fc-4464-bbfe-4b3ff6e0a696
x-runtime: 0.023806
via: 1.1 vegur, 1.1 varnish
accept-ranges: bytes
date: Mon, 19 Sep 2022 19:52:02 GMT
age: 293862
x-served-by: cache-bma1677-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1663617123.555811,VS0,VE1
vary: Origin
access-control-allow-origin: https://www.dressmykid.no
content-length: 71
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   71
Md5:    9ed46b6c60aee5adff1a7348c65dd013
Sha1:   38ccddc505eade96da3f5d0eb7aff8b144a09230
Sha256: 24e7dab66755246efb9bab17b2aa6150c96447235b55565155586753500d4604
                                        
                                            GET /initial_data/products/show?api_key=bd7fffa455c12bb9e8c4f865&internal_id=service_review&widgets=srw_t&translate_to_lang=no HTTP/1.1 
Host: wapi.lipscore.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dressmykid.no
Connection: keep-alive
Referer: https://www.dressmykid.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         151.101.86.217
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: Cowboy
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
access-control-expose-headers: X-Pagination
access-control-max-age: 86400
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
access-control-allow-credentials: true
access-control-allow-headers: X-Http-Method-Override
cache-control: public, no-cache
x-request-id: b19d95a6-1c07-49a3-9636-d30dd91126d4
x-runtime: 0.077603
via: 1.1 vegur, 1.1 varnish
accept-ranges: bytes
date: Mon, 19 Sep 2022 19:52:02 GMT
age: 27154
x-served-by: cache-bma1677-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1663617123.556478,VS0,VE1
vary: Origin
access-control-allow-origin: https://www.dressmykid.no
content-length: 1757
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , Unicode text, UTF-8 text, with very long lines (1735), with no line terminators
Size:   1757
Md5:    968cbceea1ce9e7098fab90b399421a0
Sha1:   eecf5c79c39fb9d022f895077fc9c8c3deed9722
Sha256: 91d6496885ae9aa0899cb7f3bbce15b6904ca4d2d8b136b3e2aa84de66a0a751
                                        
                                            GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.dressmykid.no