Report - skybox.in.ua/intercepting+slutty+stepdaughter+fiona+frost?srsltid=AfmBOopKZjvo66e3TGQQZ4YjUbftgw-nvThtXiNSBORZVqKg7-gb0HGc

Report Overview

Visited public
2025-02-08 19:40:54
Tags
Submit Tags
URL
skybox.in.ua/intercepting+slutty+stepdaughter+fiona+frost?srsltid=AfmBOopKZjvo66e3TGQQZ4YjUbftgw-nvThtXiNSBORZVqKg7-gb0HGc
Finishing URL
wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
IP / ASN
193.233.203.246
#200019 Alexhost Srl
Title
Denne 18 år gamle gutten kjøpte et nytt hus til far sin etter å tjent titalls millioner kroner hjemmefra! – VG

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.vg.no	117853	2011-06-10	2012-05-23	2025-02-01	2.3 kB	210 kB	195.88.55.16
hoksomuptak.net	unknown	2024-10-10	2024-10-10	2025-02-05	7.8 kB	60 kB	139.45.197.122
skybox.in.ua	unknown	2025-02-06	2019-12-14	2024-03-05	588 B	367 B	193.233.203.246
sea.onlyfuns.win	unknown	2022-02-05	2023-09-16	2025-02-02	590 B	1.1 kB	104.21.112.1
reasonable-source.com	unknown	2024-08-16	2024-08-31	2025-01-30	2.5 kB	236 kB	88.85.68.219
labydoneit.com	unknown	2024-08-01	2025-01-24	2025-02-01	602 B	2.0 kB	54.240.174.35
wqiflbl8sskhlbk73t0la69a.cooknove.com	unknown	2024-02-26	2025-02-08	2025-02-08	34 kB	1.8 MB	104.21.16.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-02-08	medium	hoksomuptak.net	Sinkholed
2025-02-08	medium	hoksomuptak.net	Sinkholed
2025-02-08	medium	hoksomuptak.net	Sinkholed
2025-02-08	medium	hoksomuptak.net	Sinkholed
2025-02-08	medium	hoksomuptak.net	Sinkholed
2025-02-08	medium	hoksomuptak.net	Sinkholed
2025-02-08	medium	hoksomuptak.net	Sinkholed
2025-02-08	medium	hoksomuptak.net	Sinkholed
2025-02-08	medium	hoksomuptak.net	Sinkholed
2025-02-08	medium	hoksomuptak.net	Sinkholed
2025-02-08	medium	hoksomuptak.net	Sinkholed
2025-02-08	medium	hoksomuptak.net	Sinkholed
2025-02-08	medium	hoksomuptak.net	Sinkholed
2025-02-08	medium	hoksomuptak.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	unknown	DomTimer	2.4 kB	2024-08-03	2025-06-25
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2024-08-03 21:24 Last Seen2025-06-25 16:04 Times Seen73 Hash c03d5f2e4c3ba22fcacb509122df4707 21ad43e05bba8b07e4d1c8acf852ff8db497b61b 970aaa75d6cb46d36f325d86e61bea56024d2cdd2e9b4aceab33f7149c25192c Loading...

	unknown	EventHandler	86 B	2024-03-12	2025-07-02
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2024-03-12 07:06 Last Seen2025-07-02 07:12 Times Seen126 Hash 61898bc8bf5a314ee405260c9adb4481 5a73834b21b9b9384537f5ad9e56c448bdd164d5 0629e12aba2eda65c829f1891bc5a4f1a042b87ba5d205d5fd89f1cbf37210f6 Loading...

	hoksomuptak.net/850/66175/mw.min.js?z=7868393&sw=/sw-check-permissions-9de81.js	ScriptElement	5.5 kB	2025-02-06	2025-02-10
Pretty URL hoksomuptak.net/850/66175/mw.min.js?z=7868393&sw=/sw-check-permissions-9de81.js IP 139.45.197.122 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-06 21:18 Last Seen2025-02-10 12:03 Times Seen27 Hash ee4f0175050b2c8dfe8e621c8c5a3674 bc2017b34535fe1c09f5129b23a8eedfbc19d233 aa4acabe508ddf23c31765d8b1b93590a4bf1635a35cd2fe2dfcda0eed806f34 Loading...

	wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8	ScriptElement	522 B	2025-01-21	2025-04-22
Pretty URL wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8 IP 104.21.16.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-01-21 15:07 Last Seen2025-04-22 07:27 Times Seen66 Hash 68777da316d3e1b043f7dbed1c40198b c0c5484327bcb928ad22691babe312e5bed9dbfd 3b9431f48846fc4eea335b248cfd37792143688e1e496fea14dcfcb1c9b4c1e9 Loading...

	wqiflbl8sskhlbk73t0la69a.cooknove.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	ScriptElement	1.2 kB	2023-03-07	2025-07-13
Pretty URL wqiflbl8sskhlbk73t0la69a.cooknove.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP 104.21.16.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-13 04:44 Times Seen89856 Hash 9e8f56e8e1806253ba01a95cfc3d392c a8af90d7482e1e99d03de6bf88fed2315c5dd728 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Loading...

	wqiflbl8sskhlbk73t0la69a.cooknove.com/push-include.js	ScriptElement	1.4 kB	2024-12-21	2025-03-07
Pretty URL wqiflbl8sskhlbk73t0la69a.cooknove.com/push-include.js IP 104.21.16.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-21 07:13 Last Seen2025-03-07 07:38 Times Seen147 Hash 99d2d9ecbc6dae8cd43ebca13b19e708 4065ce46fec7bde106a4d3327499d7aed237ef8a ddc77ef42fec337992db8dd91d0e0f5c18ea97656b53bd2120e3203d1e4cd6bb Loading...

	unknown	ScriptElement	47 kB	2025-02-06	2025-02-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-06 21:18 Last Seen2025-02-10 12:03 Times Seen33 Hash c1614f207e9e7e5728d1cf4dcb53467f 61ab0eaef0ffae865f131b310625d9d111aa8ba8 c30225f40d0a142364937980cff819298562f09c7749a90e146550b5dbbf8e62 Loading...

HTTP Transactions (51)

URL IP Response Size

skybox.in.ua/intercepting+slutty+stepdaughter+fiona+frost?srsltid=AfmBOopKZjvo66e3TGQQZ4YjUbftgw-nvThtXiNSBORZVqKg7-gb0HGc

193.233.203.246

200 OK

169 B

URL
skybox.in.ua/intercepting+slutty+stepdaughter+fiona+frost?srsltid=AfmBOopKZjvo66e3TGQQZ4YjUbftgw-nvThtXiNSBORZVqKg7-gb0HGc
IP
193.233.203.246:0
ASN
#200019 Alexhost Srl

File type
HTML document, ASCII text, with no line terminators
Size
169 B (169 bytes)
Hash
c38f78cae527d508df855f4ef1633c14
c79ce3f2c6344f766ba0a8c125d1323cbeae4818
4962f767316609ba2ad453e1cc9a83e8313cb910da5a71875b223aa7d287d286

HTTP Headers

GET /intercepting+slutty+stepdaughter+fiona+frost?srsltid=AfmBOopKZjvo66e3TGQQZ4YjUbftgw-nvThtXiNSBORZVqKg7-gb0HGc HTTP/1.1
Host: skybox.in.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=utf-8
date: Sat, 08 Feb 2025 19:40:23 GMT
set-cookie: visitor=true; Expires=Sun, 09 Feb 2025 19:40:23 GMT
content-length: 169
X-Firefox-Spdy: h2

sea.onlyfuns.win/ydt?q=intercepting+slutty+stepdaughter+fiona+frost&domain=skybox.in.ua&ref=

104.21.112.1

302 Found

0 B

URL
sea.onlyfuns.win/ydt?q=intercepting+slutty+stepdaughter+fiona+frost&domain=skybox.in.ua&ref=
IP
104.21.112.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ydt?q=intercepting+slutty+stepdaughter+fiona+frost&domain=skybox.in.ua&ref= HTTP/1.1
Host: sea.onlyfuns.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://skybox.in.ua/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 08 Feb 2025 19:40:23 GMT
content-length: 0
location: https://reasonable-source.com/bj3EVB0.Pr3Vp-vpbPm/V/J/ZFDh0O0/ObD-UmzFOmD/Y/1OLaTIQ/4/NRT/M/4/N/jKYS
set-cookie: bsi=bg_hpbBtAE2AAAAALEONVErtTYAAAAAtAGwhDYAAAAAsQ41USu1NgAAAAC0AbCzsIC2AAAAALEONVErtTU1I; Version=1; Expires=Sun, 09-Feb-2025 19:40:23 GMT; Max-Age=86400; Path=/
vary: *
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tqPnjwU78VsLWAuJ6N85ywNJTT10F%2BWsd3wetp0Ev8FTT9ct0qOZ2k%2FrSoM1WIH%2FZnTHEc2%2BCwicwK5Nu5OEyiapNFf6YhXJXYhJGV5Ur5xIfelwGPBDpRkkFcRB1CIK8Zwt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90ee17581a12569c-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=7637&min_rtt=1453&rtt_var=12023&sent=8&recv=12&lost=0&retrans=0&sent_bytes=3220&recv_bytes=1380&delivery_rate=1936691&cwnd=255&unsent_bytes=0&cid=e6c8714e6d2307fc&ts=87&x=0"
X-Firefox-Spdy: h2

reasonable-source.com/favicon.ico

88.85.68.219

404 Not Found

0 B

URL
reasonable-source.com/favicon.ico
IP
88.85.68.219:0
ASN
#35415 Webzilla B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: reasonable-source.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: uniqCookie=646de13e1bcead581051dc599ed22361
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Sat, 08 Feb 2025 19:40:24 GMT
content-length: 0
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-Firefox-Spdy: h2

reasonable-source.com/bj3EVB0.Pr3Vp-vpbPm/V/J/ZFDh0O0/ObD-UmzFOmD/Y/1OLaTIQ/4/NRT/M/4/N/jKYS

88.85.68.219

200 OK

1.3 kB

URL
reasonable-source.com/bj3EVB0.Pr3Vp-vpbPm/V/J/ZFDh0O0/ObD-UmzFOmD/Y/1OLaTIQ/4/NRT/M/4/N/jKYS
IP
88.85.68.219:0
ASN
#35415 Webzilla B.V.

File type
HTML document, ASCII text, with very long lines (2113), with no line terminators
Size
1.3 kB (1257 bytes)
Hash
788972c41edb027757eb97c56acc35cb
5dae8f403e49f0530de1a82cc40366e80836a791
0bb842e8878e51df646caf8454666ae0247ea0bbb23cd14abe1798f3fb30234f

HTTP Headers

GET /bj3EVB0.Pr3Vp-vpbPm/V/J/ZFDh0O0/ObD-UmzFOmD/Y/1OLaTIQ/4/NRT/M/4/N/jKYS HTTP/1.1
Host: reasonable-source.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://skybox.in.ua/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 08 Feb 2025 19:40:23 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64
referrer-policy: no-referrer
x-frame-options: DENY
set-cookie: uniqCookie=646de13e1bcead581051dc599ed22361; max-age=1741635623; path=/
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2

GET labydoneit.com/ea57c3c6-e03c-47ab-b995-c320acf498ea?zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97

54.240.174.35

302 Found

0 B

URL User Request GET HTTP/2
labydoneit.com/ea57c3c6-e03c-47ab-b995-c320acf498ea?zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97
IP
54.240.174.35:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subjectlabydoneit.com
FingerprintE4:12:B7:1A:61:82:06:42:3F:B3:E6:29:CB:97:CF:FA:24:80:40:02
ValidityThu, 07 Nov 2024 00:00:00 GMT - Sat, 06 Dec 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ea57c3c6-e03c-47ab-b995-c320acf498ea?zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97 HTTP/1.1
Host: labydoneit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-length: 0
location: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/bindex.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97
date: Sat, 08 Feb 2025 19:40:24 GMT
server: nginx
cache-control: no-store, no-cache, pre-check=0, post-check=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: ea57c3c6-e03c-47ab-b995-c320acf498ea-v4=Z8rUR5dzAhI_vtgpxLJkQS2TKn2ENBtxOKor1Dka3r4; Max-Age=86400; Expires=Sun, 09 Feb 2025 19:40:24 GMT; Domain=labydoneit.com; Path=/; Secure; HttpOnly;SameSite=None
cep-v4=ushVzox2opBK1yAxwDK5IH6EwbBYSorbGDlTEyGdZx6vbzGZ596hXsEb14I4mdnM1xS6K3u-D9JVBzgRtvrZdZx3GS8pOUwbpRnPpPf1CQu9UPjyFDsa9uiSxYwFuY2MN_tdhzG1jruc1F_jGGXJQ4Tk-BWQ1gJwTSXdDVWXsnmIR-WpSODunM52i9wGMJVzxbiU7QNJhl_Kpa9BY2hmVVFLKTgh9qkSqTkZXopHD0I6irfV7n8uqV6PQpFq506-Va1eq6t7UntihvHbcolTVLuXh_i3ajzMbNbn-CMs4b-d2FTa_5YFH8--HC5afTwrtnr8fUv2ku6B35BT0Tg0a7U5NOa-jxGmV6mb9jvKrdJXaoCQqOyoXDgAOLJ2wOW7su7xYTB_mxPl3KxJb-6hPB5cADLYbqJoy9Wa5D_1HNTA2mU35gXZ1d0nBMVuQBBVGAdUjXZhhgHobTZtoPHsBjx3WQQ_ZuYpGtXGsDZF8dufmKNWPc8sdirgKPN0nVHB; Max-Age=86400; Expires=Sun, 09 Feb 2025 19:40:24 GMT; Domain=labydoneit.com; Path=/; Secure; HttpOnly;SameSite=None
x-cache: Miss from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 5oUXqzkmmEi6DvqMghGCUqpp6Yi7G2RcmkR5ZTqEySpZY-VZI-zUjg==
X-Firefox-Spdy: h2

GET wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/540562_430147157013818_32273000_n.jpg

104.21.16.1

200 OK

1.8 kB

URL GET HTTP/3
wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/540562_430147157013818_32273000_n.jpg
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerGoogle Trust Services
Subjectcooknove.com
FingerprintA2:F7:3C:94:C5:25:BE:34:DF:D6:5B:E0:93:F3:B6:77:07:E4:D8:5A
ValidityTue, 17 Dec 2024 18:33:50 GMT - Mon, 17 Mar 2025 19:32:07 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 36x36, components 3
Size
1.8 kB (1768 bytes)
Hash
722666c9a5f91e3251bc95f2fc619b20
52ebb0d2eaba8f1392eed4d5e0dec9773244abbd
670d1b7d5f60672fcf327b13ff8c3ef782685c847775636f721889d09a18fe75

HTTP Headers

GET /pop/no-morning-vg-dynamic-tr/images/540562_430147157013818_32273000_n.jpg HTTP/1.1
Host: wqiflbl8sskhlbk73t0la69a.cooknove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Feb 2025 19:40:25 GMT
content-type: image/jpeg
content-length: 1768
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MgS2Z%2BzkkyhaYHNVBgPuGwa5S%2FLFVSdIQx9MHeBHX6VPsGtLrdVJXTZAsCSNVSMz7Lw5FsyjTchVcLHH1JpW8C%2FV0pquFPgSFyss4okIiQRv0XGMqjtwdbjV3Un4o9NcJ9olEzWv%2BaO7Q1jb%2FfAObvtbq8AVvYvP"}],"group":"cf-nel","max_age":604800}
last-modified: Wed, 02 Oct 2019 07:42:32 GMT
etag: "5d9454e8-6e8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 90ee1761c93e56b7-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

GET wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/odA9sNLrE86.jpg

104.21.16.1

200 OK

1.0 kB

URL GET HTTP/3
wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/odA9sNLrE86.jpg
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerGoogle Trust Services
Subjectcooknove.com
FingerprintA2:F7:3C:94:C5:25:BE:34:DF:D6:5B:E0:93:F3:B6:77:07:E4:D8:5A
ValidityTue, 17 Dec 2024 18:33:50 GMT - Mon, 17 Mar 2025 19:32:07 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 48x48, components 3
Size
1.0 kB (1006 bytes)
Hash
202cc9b6c45b0d7e7904d38354577792
35e054b5870248e49a3abaec2ab4e9b8e82c4820
280111f48e27bea0f546a2f17df0d0de29a26311b10e54607a2985e82f8aac36

HTTP Headers

GET /pop/no-morning-vg-dynamic-tr/images/odA9sNLrE86.jpg HTTP/1.1
Host: wqiflbl8sskhlbk73t0la69a.cooknove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Feb 2025 19:40:25 GMT
content-type: image/jpeg
content-length: 1006
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6tDgUlRqa4KAy2vr%2Bd4YfcTOfDzN0hXyo3EHA2Pb9K3SOH5LKDGKK5rvkPD9h7k11%2FE8ggle%2BnHKBsM3IlerSvncq%2BSD6teysURIqxv1KEOp4NMNRM%2Bir61YZRdn8pWd4DI7egLhUiTdLfRobIzW%2FNcTfb8dTo2c"}],"group":"cf-nel","max_age":604800}
last-modified: Wed, 02 Oct 2019 07:42:18 GMT
etag: "5d9454da-3ee"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 90ee1761b93756b7-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

GET wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/12088299_1047136358664501_9121132063381418917_n.jpg

104.21.16.1

200 OK

1.3 kB

URL GET HTTP/3
wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/12088299_1047136358664501_9121132063381418917_n.jpg
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerGoogle Trust Services
Subjectcooknove.com
FingerprintA2:F7:3C:94:C5:25:BE:34:DF:D6:5B:E0:93:F3:B6:77:07:E4:D8:5A
ValidityTue, 17 Dec 2024 18:33:50 GMT - Mon, 17 Mar 2025 19:32:07 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 36x36, components 3
Size
1.3 kB (1251 bytes)
Hash
057868ec6d457894fbaa9eea0da61d5f
660edfae2b9f5a95f1b7b20f4b915b497cc101cf
b5a5b35c4d4aca3677c2e0e8cd73a3c08b174fb772bb4cd74f257547e8fd7815

HTTP Headers

GET /pop/no-morning-vg-dynamic-tr/images/12088299_1047136358664501_9121132063381418917_n.jpg HTTP/1.1
Host: wqiflbl8sskhlbk73t0la69a.cooknove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Feb 2025 19:40:25 GMT
content-type: image/jpeg
content-length: 1251
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ju7v9%2BU57ghHGY4nMp1FXR8AdfI2r1uZ3sn7lPB%2FF9MI3Csi5u7Y4G7kA2w0BBVIfVEhZfID8wM971wAjsen3q%2F5mqQvn8AaOZB%2BtH7%2F%2BusXwoQf6rItgyetRHjL5IRwflLo%2FvkzSXwO%2BWFME%2FT1MfKAc5A21SPt"}],"group":"cf-nel","max_age":604800}
last-modified: Wed, 02 Oct 2019 07:42:34 GMT
etag: "5d9454ea-4e3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 90ee1761c93d56b7-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

GET wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/16174412_10211484033439027_3968979027246986980_n.jpg

104.21.16.1

200 OK

2.8 kB

URL GET HTTP/3
wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/16174412_10211484033439027_3968979027246986980_n.jpg
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerGoogle Trust Services
Subjectcooknove.com
FingerprintA2:F7:3C:94:C5:25:BE:34:DF:D6:5B:E0:93:F3:B6:77:07:E4:D8:5A
ValidityTue, 17 Dec 2024 18:33:50 GMT - Mon, 17 Mar 2025 19:32:07 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 48x48, components 3
Size
2.8 kB (2770 bytes)
Hash
bb675cbf3656d6e9d7bac9145f274336
07d0748d8cc87e2994d16f65a1c98fc683cd23ae
8eae6dbde4173000f9c5f91c429e96b5bef2a5745256c91c851caa46a14313c5

HTTP Headers

GET /pop/no-morning-vg-dynamic-tr/images/16174412_10211484033439027_3968979027246986980_n.jpg HTTP/1.1
Host: wqiflbl8sskhlbk73t0la69a.cooknove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Feb 2025 19:40:25 GMT
content-type: image/jpeg
content-length: 2770
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cHzLieg56pNtsR9W61sjLuSOt%2BvmMGkVvD7hqcHDfvm%2BdA6lPoCcZz2tCMuZfyccQQxxiAeUuo99vXF9zlUyydSkEYFxrKd5PFouBA9C5GtZqX9LQIHd56ugVQB7MR%2FGJPp9GseqzgcgzCSrYf2YJWkk0vFzwcqp"}],"group":"cf-nel","max_age":604800}
last-modified: Wed, 02 Oct 2019 07:42:32 GMT
etag: "5d9454e8-ad2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 90ee1761d93f56b7-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

GET wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/11880513_10153182441573635_6391766102196689121_n.jpg

104.21.16.1

200 OK

1.8 kB

URL GET HTTP/3
wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/11880513_10153182441573635_6391766102196689121_n.jpg
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerGoogle Trust Services
Subjectcooknove.com
FingerprintA2:F7:3C:94:C5:25:BE:34:DF:D6:5B:E0:93:F3:B6:77:07:E4:D8:5A
ValidityTue, 17 Dec 2024 18:33:50 GMT - Mon, 17 Mar 2025 19:32:07 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 36x36, components 3
Size
1.8 kB (1820 bytes)
Hash
906fe9b6e330a70017e1dc54746aabd0
0e90cb7152bc4521e57d4e3729777f2e608d78db
08c10d9bf3024a0774707d52b2307c67c5437a2adf883069b9eb858c40b5adfd

HTTP Headers

GET /pop/no-morning-vg-dynamic-tr/images/11880513_10153182441573635_6391766102196689121_n.jpg HTTP/1.1
Host: wqiflbl8sskhlbk73t0la69a.cooknove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Feb 2025 19:40:25 GMT
content-type: image/jpeg
content-length: 1820
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=abS1Xg2KkdzMNQ0dvUKgtadCC%2BeoWopuVjoPjfeQQkDLl3S9N%2B04S5P%2BE2XEqkLU%2FZQdrA%2BX%2Bsh88To3O5tlyue62MEgI9Qcl9ZAdBRcXdRn%2FgoVlpljyMBYxIZrK6s9vJXdCRBxY3a3ams0JEqjGsHIg2Gh7zpj"}],"group":"cf-nel","max_age":604800}
last-modified: Wed, 02 Oct 2019 07:42:34 GMT
etag: "5d9454ea-71c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 90ee1761c93956b7-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

GET wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/13631522_1146706165402703_3256702316997043506_n.jpg

104.21.16.1

200 OK

2.6 kB

URL GET HTTP/3
wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/13631522_1146706165402703_3256702316997043506_n.jpg
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerGoogle Trust Services
Subjectcooknove.com
FingerprintA2:F7:3C:94:C5:25:BE:34:DF:D6:5B:E0:93:F3:B6:77:07:E4:D8:5A
ValidityTue, 17 Dec 2024 18:33:50 GMT - Mon, 17 Mar 2025 19:32:07 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 48x48, components 3
Size
2.6 kB (2599 bytes)
Hash
498eb13743471ffe63bffafe00606a94
8e85919c53613249d132eae0c4d8b872a3dad79a
a623bd2a94ac3fb2f216000cce58214affc538295c6b81760cbbd334aef5dcb1

HTTP Headers

GET /pop/no-morning-vg-dynamic-tr/images/13631522_1146706165402703_3256702316997043506_n.jpg HTTP/1.1
Host: wqiflbl8sskhlbk73t0la69a.cooknove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Feb 2025 19:40:25 GMT
content-type: image/jpeg
content-length: 2599
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BpkwgK%2BlsWKueNT3YWKFTJFiq9UTS82yfFZr9ZEbSnzq8osFx05neiJVyIJGQTgb6AT%2BwLs91aASCYyy4bfjxa5Mjc4ehSZ4dKJXFJQJli6OQLvhbikjK%2BG5BTpTU%2B2mRLN%2FH%2B%2FHUi4WCJ09ThHF%2FdE5KHN%2Bq5Ua"}],"group":"cf-nel","max_age":604800}
last-modified: Wed, 02 Oct 2019 07:42:32 GMT
etag: "5d9454e8-a27"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 90ee1761c93b56b7-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

GET wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/hvis.jpg

104.21.16.1

200 OK

2.3 kB

URL GET HTTP/3
wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/hvis.jpg
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerGoogle Trust Services
Subjectcooknove.com
FingerprintA2:F7:3C:94:C5:25:BE:34:DF:D6:5B:E0:93:F3:B6:77:07:E4:D8:5A
ValidityTue, 17 Dec 2024 18:33:50 GMT - Mon, 17 Mar 2025 19:32:07 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 48x48, components 3
Size
2.3 kB (2310 bytes)
Hash
9f3c2e618904c8d3168fbd9b65ce5af0
5fe78cc67e99e81fb58ba8fc2b2b880c43429379
e2584299a0eedc0526ede43323ba011b6cc5a6d9e5239ba139da4b1e201d6128

HTTP Headers

GET /pop/no-morning-vg-dynamic-tr/images/hvis.jpg HTTP/1.1
Host: wqiflbl8sskhlbk73t0la69a.cooknove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Feb 2025 19:40:25 GMT
content-type: image/jpeg
content-length: 2310
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gPN5a1MkMA2r5%2FU2W%2FR3b3VtJ9uE5METIz0juwDKt9UOnqIFVr7uEVCoS4Ax3PUjqAl8mq00GXqlAgu593vlonKne%2BALIbwH%2FYXWSw8YCNZWsBvkuljtYUOBYwjmHwzqR%2B0oPsloT1AyGw1zJ%2BkKmypcs7RAOxec"}],"group":"cf-nel","max_age":604800}
last-modified: Wed, 02 Oct 2019 07:42:22 GMT
etag: "5d9454de-906"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 90ee1761b93856b7-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

GET wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/12669670_10207353042137627_8224718532595991020_n.jpg

104.21.16.1

200 OK

2.0 kB

URL GET HTTP/3
wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/12669670_10207353042137627_8224718532595991020_n.jpg
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerGoogle Trust Services
Subjectcooknove.com
FingerprintA2:F7:3C:94:C5:25:BE:34:DF:D6:5B:E0:93:F3:B6:77:07:E4:D8:5A
ValidityTue, 17 Dec 2024 18:33:50 GMT - Mon, 17 Mar 2025 19:32:07 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 36x36, components 3
Size
2.0 kB (2021 bytes)
Hash
908768b26f7ae3c92b569ebd1f03bc14
7541afcfb0b531107083b2d8bb865c04fe740307
21a6190da9715cc89857c33be95561a0a6536409b497410fc38ddb0af5f44d20

HTTP Headers

GET /pop/no-morning-vg-dynamic-tr/images/12669670_10207353042137627_8224718532595991020_n.jpg HTTP/1.1
Host: wqiflbl8sskhlbk73t0la69a.cooknove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Feb 2025 19:40:25 GMT
content-type: image/jpeg
content-length: 2021
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JX996z11HCi2c0jmfJYPD1cCyNLHrKyh3bPC%2FDLdrbTQbW2Vr2InrRYVouqJnxUMdLSKvUDWdIE1a6VTyo9AywlXChQwLwwbWXYnZBvxPTiPxX7Q25t1OliNmw%2Fr5anoQB8U8ynwuwvB2i8MbDKxwgkc90p1YrSp"}],"group":"cf-nel","max_age":604800}
last-modified: Wed, 02 Oct 2019 07:42:32 GMT
etag: "5d9454e8-7e5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 90ee1761d94056b7-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

GET wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/42feb706-86ef-45af-8fb8-605df3eb8fd3.jpg

104.21.16.1

200 OK

8.4 kB

URL GET HTTP/3
wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/42feb706-86ef-45af-8fb8-605df3eb8fd3.jpg
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerGoogle Trust Services
Subjectcooknove.com
FingerprintA2:F7:3C:94:C5:25:BE:34:DF:D6:5B:E0:93:F3:B6:77:07:E4:D8:5A
ValidityTue, 17 Dec 2024 18:33:50 GMT - Mon, 17 Mar 2025 19:32:07 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 252x186, components 3
Size
8.4 kB (8412 bytes)
Hash
57a03ef73d3a592852b6622bef07bca3
3278da3ca4c0569bc85989d843ff43ebe5b98888
82b1804c9e2954dd373c0a8cf90d3d619d26c23abca88496ffda5dd6e33df776

HTTP Headers

GET /pop/no-morning-vg-dynamic-tr/images/42feb706-86ef-45af-8fb8-605df3eb8fd3.jpg HTTP/1.1
Host: wqiflbl8sskhlbk73t0la69a.cooknove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Feb 2025 19:40:25 GMT
content-type: image/jpeg
content-length: 8412
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SF%2BtaKRHgPf4An%2BpRwT16fAIy8flwbQhWBprSXYmLOTkPKh%2F0ET1nZMuvf8h4QOSeJpkX5qWVfWNh5wx1nb7WNerb122KiB5FgcqAs72Zx6aoQOZt6SeRUsuNIJ8yqChAjOgM%2BulVBYD7q0i%2BQFp%2BzxCU8R%2FyoKG"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 13 Sep 2022 18:10:49 GMT
etag: "6320c7a9-20dc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 90ee1761d94256b7-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

GET wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/14222287_1065953200155875_6514575430883754204_n.jpg

104.21.16.1

200 OK

936 B

URL GET HTTP/3
wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/14222287_1065953200155875_6514575430883754204_n.jpg
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerGoogle Trust Services
Subjectcooknove.com
FingerprintA2:F7:3C:94:C5:25:BE:34:DF:D6:5B:E0:93:F3:B6:77:07:E4:D8:5A
ValidityTue, 17 Dec 2024 18:33:50 GMT - Mon, 17 Mar 2025 19:32:07 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 36x36, components 3
Size
936 B (936 bytes)
Hash
2bf2d4258cfafe39cd78960bc208c365
e6db4700ae86f2519aedd40f51d53227ed5a53a6
1f6704173b4d3badae7a963f7f9284086a55da92550f5e29d4ff2a13727b6223

HTTP Headers

GET /pop/no-morning-vg-dynamic-tr/images/14222287_1065953200155875_6514575430883754204_n.jpg HTTP/1.1
Host: wqiflbl8sskhlbk73t0la69a.cooknove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Feb 2025 19:40:25 GMT
content-type: image/jpeg
content-length: 936
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zxw%2BQ%2BdX28CpUjxZKn7i1CKfPc3W7Qi%2FN5qG64529%2FFJP8xTC%2FZBMW5i%2Fav93uYh4pAKz7uVbgKwDVr235eSyqP5wQsEMJQGp2570bB3R%2FSnsUq73tjwnJc5WVjPMK1wqrHXWlFf3U857%2BT307QpOyAxWKaltppA"}],"group":"cf-nel","max_age":604800}
last-modified: Wed, 02 Oct 2019 07:42:32 GMT
etag: "5d9454e8-3a8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 90ee1761c93c56b7-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

GET wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/18119267_10155363709609924_958378663814436125_n.jpg

104.21.16.1

200 OK

1.4 kB

URL GET HTTP/3
wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/18119267_10155363709609924_958378663814436125_n.jpg
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerGoogle Trust Services
Subjectcooknove.com
FingerprintA2:F7:3C:94:C5:25:BE:34:DF:D6:5B:E0:93:F3:B6:77:07:E4:D8:5A
ValidityTue, 17 Dec 2024 18:33:50 GMT - Mon, 17 Mar 2025 19:32:07 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 36x36, components 3
Size
1.4 kB (1362 bytes)
Hash
f784cd789be7c8927742e665d6c0bfea
03e65553b0ee210f0728eea0b5ab4ab4a19e58dd
76945f72a2ae1f7e42c11b1142ffda98b857b3dd1a705d80886446b806a42209

HTTP Headers

GET /pop/no-morning-vg-dynamic-tr/images/18119267_10155363709609924_958378663814436125_n.jpg HTTP/1.1
Host: wqiflbl8sskhlbk73t0la69a.cooknove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Feb 2025 19:40:25 GMT
content-type: image/jpeg
content-length: 1362
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oOMKMBL%2BK3%2BIV3JS4W57%2Bd%2FUkaa%2BwVszp0ZomipIpOl7jdHp8mGsOAwQ%2FSmiRyy5FWTqFHsJNlPeRmS23ks0%2FoiKP8JTWDAD5N7cZzDUzIEJJJf4We8aMFY0k3sXVJahL5ZEc5fMJBpW4eE%2BTpwYaottrfVvOyyA"}],"group":"cf-nel","max_age":604800}
last-modified: Wed, 02 Oct 2019 07:42:32 GMT
etag: "5d9454e8-552"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 90ee1761c93a56b7-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

GET wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/bindex.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97

104.21.16.1

302 Found

83 kB

URL User Request GET HTTP/2
wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/bindex.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectcooknove.com
FingerprintA2:F7:3C:94:C5:25:BE:34:DF:D6:5B:E0:93:F3:B6:77:07:E4:D8:5A
ValidityTue, 17 Dec 2024 18:33:50 GMT - Mon, 17 Mar 2025 19:32:07 GMT

File type
data
Size
83 kB (82636 bytes)
Hash
acaccf07451973c3d2b6adbf1890d207
4afed2627fbb0e397e89126b88f3f337fca84124
9fb6e2527c85ec60ba58b0a96d85fb5a1fd30d1fb530da5b8ff21dca57a5597a

HTTP Headers

GET /pop/no-morning-vg-dynamic-tr/bindex.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97 HTTP/1.1
Host: wqiflbl8sskhlbk73t0la69a.cooknove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 08 Feb 2025 19:40:24 GMT
content-type: text/html; charset=UTF-8
location: index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
x-powered-by: PHP/7.3.19
strict-transport-security: max-age=15768000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iN9dNaYQWfo%2Ft1rxzvdVRV4RKv5mw7MKMUmS7YAt8FncIEkcFt2LNyZaJQwvTEm%2B5oqUdpJVNzu6DJokH5EfGG%2BTzpcg1UnUxjwqY%2FlYNKcZmumVy8bVgsqRbYv729LYRs4FTVoMy42WNExbhV1Wyinm7wgwW5xL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90ee175e3e4356ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1506&min_rtt=963&rtt_var=484&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3202&recv_bytes=1701&delivery_rate=3777391&cwnd=254&unsent_bytes=0&cid=2a73e0d0635cc747&ts=51&x=0"
X-Firefox-Spdy: h2

GET wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/css/index.1.7.3.css

104.21.16.1

200 OK

60 kB

URL GET HTTP/3
wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/css/index.1.7.3.css
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerGoogle Trust Services
Subjectcooknove.com
FingerprintA2:F7:3C:94:C5:25:BE:34:DF:D6:5B:E0:93:F3:B6:77:07:E4:D8:5A
ValidityTue, 17 Dec 2024 18:33:50 GMT - Mon, 17 Mar 2025 19:32:07 GMT

File type
ASCII text, with very long lines (7734), with no line terminators
Size
60 kB (59739 bytes)
Hash
c823871f06d6fb41795bf9f80f396ae9
b72533233284e03da57b10e5a40f9a64b99db60b
e217403a73cb585d48c529f8bfb00e15dbb7776df1efae59661fc64c4b958636

HTTP Headers

GET /pop/no-morning-vg-dynamic-tr/css/index.1.7.3.css HTTP/1.1
Host: wqiflbl8sskhlbk73t0la69a.cooknove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Feb 2025 19:40:25 GMT
content-type: text/css
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1iDg3TV28q7NtksjVf1nW88HrfcvV4K%2FtXtwokqv8O7LmL0WvMTkBRp%2BfoQx2Whx%2Btbtc2KIVo%2B2LH4gfIjRTBbUefh9G8%2Busz%2Byd9FRVZ%2BphRcxZy7xj2x13x5lJwwNYSsQAc0xJPeiT6HWFL1UYhhU0j6xnEIy"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 13 Sep 2022 17:57:52 GMT
etag: W/"6320c4a0-1e36"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000
cf-cache-status: MISS
content-encoding: br
cf-ray: 90ee1761993056b7-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET www.vg.no/vgc/font/AustinNewsHeadline-Bold-Web.woff2

195.88.55.16

200 OK

36 kB

URL GET HTTP/2
www.vg.no/vgc/font/AustinNewsHeadline-Bold-Web.woff2
IP
195.88.55.16:443
ASN
#2116 Globalconnect As

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerZeroSSL
Subjectvg.no
Fingerprint7C:48:C4:78:F8:14:52:39:C4:75:83:D4:4F:72:70:4C:31:E6:29:3A
ValidityTue, 21 Jan 2025 00:00:00 GMT - Mon, 21 Apr 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 36052, version 1.0
Size
36 kB (36052 bytes)
Hash
825347e809b9364e21071a6d7cd472bd
acbb1351fb5f07d8b695760ee78040ec1a87b932
4611fff259a75afc01e9a129eec88b522669480d10177c9e9c3f911d9403223d

HTTP Headers

GET /vgc/font/AustinNewsHeadline-Bold-Web.woff2 HTTP/1.1
Host: www.vg.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 08 Feb 2025 19:40:25 GMT
content-type: font/woff2
content-length: 36052
last-modified: Tue, 19 Dec 2017 09:48:50 GMT
expires: Tue, 29 Jul 2025 22:24:05 GMT
access-control-allow-origin: *
x-varnish-director: static_web
vary: User-Agent
cache-control: max-age=15552000, immutable
strict-transport-security: max-age=15552000
x-vg-webcache: u89-varnish-02
x-cache: HIT:536523
x-age: 767779
age: 0
accept-ranges: bytes
x-vg-tlsproxy: u89-tlsproxy-02.int.vgnett.no
X-Firefox-Spdy: h2

GET www.vg.no/vgc/font/AustinNewsText-Roman-Web.woff2

195.88.55.16

200 OK

71 kB

URL GET HTTP/2
www.vg.no/vgc/font/AustinNewsText-Roman-Web.woff2
IP
195.88.55.16:443
ASN
#2116 Globalconnect As

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerZeroSSL
Subjectvg.no
Fingerprint7C:48:C4:78:F8:14:52:39:C4:75:83:D4:4F:72:70:4C:31:E6:29:3A
ValidityTue, 21 Jan 2025 00:00:00 GMT - Mon, 21 Apr 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 71416, version 1.0
Size
71 kB (71416 bytes)
Hash
ad64157e753fcccdc857e273422fc4cb
cf2c04192c78d4d994399b6e79bd5edfc4475295
6ad370cdab2ca63706c81e35e5f82151b1d3a8af8515c39016bb085bcc7eb318

HTTP Headers

GET /vgc/font/AustinNewsText-Roman-Web.woff2 HTTP/1.1
Host: www.vg.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 08 Feb 2025 19:40:25 GMT
content-type: font/woff2
content-length: 71416
last-modified: Mon, 18 Jun 2018 11:26:55 GMT
expires: Tue, 29 Jul 2025 22:24:23 GMT
access-control-allow-origin: *
x-varnish-director: static_web
vary: User-Agent
cache-control: max-age=15552000, immutable
strict-transport-security: max-age=15552000
x-vg-webcache: u89-varnish-02
x-cache: HIT:8203
x-age: 767761
age: 0
accept-ranges: bytes
x-vg-tlsproxy: u89-tlsproxy-02.int.vgnett.no
X-Firefox-Spdy: h2

GET wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/bittrader-step3.png

104.21.16.1

200 OK

26 kB

URL GET HTTP/3
wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/bittrader-step3.png
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerGoogle Trust Services
Subjectcooknove.com
FingerprintA2:F7:3C:94:C5:25:BE:34:DF:D6:5B:E0:93:F3:B6:77:07:E4:D8:5A
ValidityTue, 17 Dec 2024 18:33:50 GMT - Mon, 17 Mar 2025 19:32:07 GMT

File type
PNG image data, 749 x 329, 8-bit colormap, non-interlaced
Size
26 kB (26280 bytes)
Hash
a35fea71fd1c7bbe8bcbcaaa31e5ed6f
e683ca3f5721195fb5cd063018bc658f295cd2c5
c2c8f8eb5aecfb18f5492f44d9c85130392b8ebc26c132a12c41f88b18917725

HTTP Headers

GET /pop/no-morning-vg-dynamic-tr/images/bittrader-step3.png HTTP/1.1
Host: wqiflbl8sskhlbk73t0la69a.cooknove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Feb 2025 19:40:25 GMT
content-type: image/png
content-length: 26280
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NQWm0bSL3PCcwAWm2UUDM7YQq0j11SfVrhne81FRyL99y14A8ZaSuNyMcTbBGzTsNhyB5kUwFlqgrMnnCQvk2ZtOD5R2mRlb1KuGGpPftQ1scyHlZ6NTN7%2F6U%2FG0S600fbMOyMCO5%2FP1cB0hZo2C4H%2FP4idZjYKc"}],"group":"cf-nel","max_age":604800}
last-modified: Wed, 02 Oct 2019 07:42:24 GMT
etag: "5d9454e0-66a8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 90ee1761b93656b7-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

GET wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/6d2517b7-7b7e-412f-8569-779376208944.jpg

104.21.16.1

200 OK

14 kB

URL GET HTTP/3
wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/6d2517b7-7b7e-412f-8569-779376208944.jpg
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerGoogle Trust Services
Subjectcooknove.com
FingerprintA2:F7:3C:94:C5:25:BE:34:DF:D6:5B:E0:93:F3:B6:77:07:E4:D8:5A
ValidityTue, 17 Dec 2024 18:33:50 GMT - Mon, 17 Mar 2025 19:32:07 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 245x182, components 3
Size
14 kB (13817 bytes)
Hash
f43cf593141c032e8eae279d73181dc2
836d6d45403da13e3a041271c032665d450f3e52
639759ddae119ba39e093143f02aa53ce5f3596758929d83b952afaf61da3e9d

HTTP Headers

GET /pop/no-morning-vg-dynamic-tr/images/6d2517b7-7b7e-412f-8569-779376208944.jpg HTTP/1.1
Host: wqiflbl8sskhlbk73t0la69a.cooknove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Feb 2025 19:40:25 GMT
content-type: image/jpeg
content-length: 13817
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8k1OOXo8J3QacdTH8BGZgtCFJ%2BUfTxO%2Bm4URZcxWCUkVf2PJg%2F5JTDoHnuwU8%2FtlCc4yW3X3spHl4x7qbZX6V%2F27PMF%2BXuPgIjUwBRz0etoDYtwvocyBXQzVEgdNIEb2Z%2FKTh5YdhYPBNkocKt%2Bebju8pjoSzKZx"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 13 Sep 2022 18:09:42 GMT
etag: "6320c766-35f9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 90ee1761d94156b7-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

GET www.vg.no/vgc/font-spesial/Inter/3.15/Inter-roman.var.subset.woff2

195.88.55.16

200 OK

42 kB

URL GET HTTP/2
www.vg.no/vgc/font-spesial/Inter/3.15/Inter-roman.var.subset.woff2
IP
195.88.55.16:443
ASN
#2116 Globalconnect As

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerZeroSSL
Subjectvg.no
Fingerprint7C:48:C4:78:F8:14:52:39:C4:75:83:D4:4F:72:70:4C:31:E6:29:3A
ValidityTue, 21 Jan 2025 00:00:00 GMT - Mon, 21 Apr 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 41664, version 1.0
Size
42 kB (41664 bytes)
Hash
c89426bfc03a145a2d6bff6475a5fb10
c9d365090a6fb9ccd86b6816d318b77b255dbf74
e793402f00190c189be5fa4a77cce2489798d6b5f72f28b0c626eb25e378f74a

HTTP Headers

GET /vgc/font-spesial/Inter/3.15/Inter-roman.var.subset.woff2 HTTP/1.1
Host: www.vg.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 08 Feb 2025 19:40:25 GMT
content-type: font/woff2
content-length: 41664
last-modified: Fri, 09 Oct 2020 13:22:36 GMT
expires: Tue, 29 Jul 2025 22:24:10 GMT
access-control-allow-origin: *
x-varnish-director: static_web
vary: User-Agent
cache-control: max-age=15552000, immutable
strict-transport-security: max-age=15552000
x-vg-webcache: u89-varnish-02
x-cache: HIT:344178
x-age: 767775
age: 0
accept-ranges: bytes
x-vg-tlsproxy: u89-tlsproxy-02.int.vgnett.no
X-Firefox-Spdy: h2

OPTIONS hoksomuptak.net/event

139.45.197.122

200 OK

0 B

URL OPTIONS HTTP/2
hoksomuptak.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerLet's Encrypt
Subjecthoksomuptak.net
FingerprintDC:CB:DE:8A:4E:87:CA:01:0A:F7:01:CA:4A:06:63:14:51:F0:FD:02
ValiditySun, 29 Dec 2024 05:51:51 GMT - Sat, 29 Mar 2025 05:51:50 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: hoksomuptak.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/
Origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 08 Feb 2025 19:40:26 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

OPTIONS hoksomuptak.net/event

139.45.197.122

200 OK

26 B

URL OPTIONS HTTP/2
hoksomuptak.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerLet's Encrypt
Subjecthoksomuptak.net
FingerprintDC:CB:DE:8A:4E:87:CA:01:0A:F7:01:CA:4A:06:63:14:51:F0:FD:02
ValiditySun, 29 Dec 2024 05:51:51 GMT - Sat, 29 Mar 2025 05:51:50 GMT

File type
JSON text data
Size
26 B (26 bytes)
Hash
de2c78e0c56306634970985c622f636b
568abada083d032cdc5de0f306e98837d241fbc4
235b928085dcdeafdaa0dbaae6ce1ef5329805c32938e258e8287df0fae2e3f9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: hoksomuptak.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1018
Origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 08 Feb 2025 19:40:26 GMT
content-type: application/json; charset=utf-8
content-length: 26
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

POST hoksomuptak.net/zone?pub=0&zone_id=7868393&is_mobile=false&domain=wqiflbl8sskhlbk73t0la69a.cooknove.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.584&trace_id=7fe26c5d-17b1-45e1-856d-dc70a6c24cfb&action=prerequest&drf=

139.45.197.122

200 OK

0 B

URL POST HTTP/2
hoksomuptak.net/zone?pub=0&zone_id=7868393&is_mobile=false&domain=wqiflbl8sskhlbk73t0la69a.cooknove.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.584&trace_id=7fe26c5d-17b1-45e1-856d-dc70a6c24cfb&action=prerequest&drf=
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerLet's Encrypt
Subjecthoksomuptak.net
FingerprintDC:CB:DE:8A:4E:87:CA:01:0A:F7:01:CA:4A:06:63:14:51:F0:FD:02
ValiditySun, 29 Dec 2024 05:51:51 GMT - Sat, 29 Mar 2025 05:51:50 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /zone?pub=0&zone_id=7868393&is_mobile=false&domain=wqiflbl8sskhlbk73t0la69a.cooknove.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.584&trace_id=7fe26c5d-17b1-45e1-856d-dc70a6c24cfb&action=prerequest&drf= HTTP/1.1
Host: hoksomuptak.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 08 Feb 2025 19:40:26 GMT
content-length: 0
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

OPTIONS hoksomuptak.net/event

139.45.197.122

200 OK

0 B

URL OPTIONS HTTP/2
hoksomuptak.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerLet's Encrypt
Subjecthoksomuptak.net
FingerprintDC:CB:DE:8A:4E:87:CA:01:0A:F7:01:CA:4A:06:63:14:51:F0:FD:02
ValiditySun, 29 Dec 2024 05:51:51 GMT - Sat, 29 Mar 2025 05:51:50 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: hoksomuptak.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/
Origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 08 Feb 2025 19:40:26 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

OPTIONS hoksomuptak.net/event

139.45.197.122

200 OK

0 B

URL OPTIONS HTTP/2
hoksomuptak.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerLet's Encrypt
Subjecthoksomuptak.net
FingerprintDC:CB:DE:8A:4E:87:CA:01:0A:F7:01:CA:4A:06:63:14:51:F0:FD:02
ValiditySun, 29 Dec 2024 05:51:51 GMT - Sat, 29 Mar 2025 05:51:50 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: hoksomuptak.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/
Origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 08 Feb 2025 19:40:26 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

OPTIONS hoksomuptak.net/event

139.45.197.122

200 OK

26 B

URL OPTIONS HTTP/2
hoksomuptak.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerLet's Encrypt
Subjecthoksomuptak.net
FingerprintDC:CB:DE:8A:4E:87:CA:01:0A:F7:01:CA:4A:06:63:14:51:F0:FD:02
ValiditySun, 29 Dec 2024 05:51:51 GMT - Sat, 29 Mar 2025 05:51:50 GMT

File type
JSON text data
Size
26 B (26 bytes)
Hash
de2c78e0c56306634970985c622f636b
568abada083d032cdc5de0f306e98837d241fbc4
235b928085dcdeafdaa0dbaae6ce1ef5329805c32938e258e8287df0fae2e3f9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: hoksomuptak.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1021
Origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 08 Feb 2025 19:40:26 GMT
content-type: application/json; charset=utf-8
content-length: 26
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

OPTIONS hoksomuptak.net/event

139.45.197.122

200 OK

26 B

URL OPTIONS HTTP/2
hoksomuptak.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerLet's Encrypt
Subjecthoksomuptak.net
FingerprintDC:CB:DE:8A:4E:87:CA:01:0A:F7:01:CA:4A:06:63:14:51:F0:FD:02
ValiditySun, 29 Dec 2024 05:51:51 GMT - Sat, 29 Mar 2025 05:51:50 GMT

File type
JSON text data
Size
26 B (26 bytes)
Hash
de2c78e0c56306634970985c622f636b
568abada083d032cdc5de0f306e98837d241fbc4
235b928085dcdeafdaa0dbaae6ce1ef5329805c32938e258e8287df0fae2e3f9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: hoksomuptak.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1020
Origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 08 Feb 2025 19:40:26 GMT
content-type: application/json; charset=utf-8
content-length: 26
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

OPTIONS hoksomuptak.net/event

139.45.197.122

200 OK

81 B

URL OPTIONS HTTP/2
hoksomuptak.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerLet's Encrypt
Subjecthoksomuptak.net
FingerprintDC:CB:DE:8A:4E:87:CA:01:0A:F7:01:CA:4A:06:63:14:51:F0:FD:02
ValiditySun, 29 Dec 2024 05:51:51 GMT - Sat, 29 Mar 2025 05:51:50 GMT

File type
JSON text data
Size
81 B (81 bytes)
Hash
7f549cb347d35933c53bc66cfd7a9862
5b3e33d389bb72f75b4e753449900a54e1bdd9d7
99d233f8d33c631a4fd6b490b5c8e0515e9898464d9865fb895a90cb9df2df09

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: hoksomuptak.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/
Content-Type: application/json
Content-Length: 1114
Origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 08 Feb 2025 19:40:26 GMT
content-type: application/json; charset=utf-8
content-length: 81
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

GET wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/image12.jpg

104.21.16.1

200 OK

298 kB

URL GET HTTP/3
wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/image12.jpg
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerGoogle Trust Services
Subjectcooknove.com
FingerprintA2:F7:3C:94:C5:25:BE:34:DF:D6:5B:E0:93:F3:B6:77:07:E4:D8:5A
ValidityTue, 17 Dec 2024 18:33:50 GMT - Mon, 17 Mar 2025 19:32:07 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1907x1080, components 3
Size
298 kB (298126 bytes)
Hash
b9f416c809012061c4a72ae00220aa8f
e11c66e8a5bd66b4fb1a13275a942d0a40adfa1b
409e8456c23240a95c0f3b03e6d660d6d8f7a9fc25498a2b7c25cd300afbc2aa

HTTP Headers

GET /pop/no-morning-vg-dynamic-tr/images/image12.jpg HTTP/1.1
Host: wqiflbl8sskhlbk73t0la69a.cooknove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Feb 2025 19:40:25 GMT
content-type: image/jpeg
content-length: 298126
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qeogv%2Bgdz%2Fa0oFWQ3fW7Me63HKhpP2%2FCMaxzwRrsfMTC0W17KySwr6z4d%2FhZcF3EmdJDpaITPp6YJ15KvzgZBdwvFlbXCcemZK1mSr7MCdI%2F1KAFSSjQolEw6BX7ZyaH9pNA%2BtFmYlLyyHOd2iswWFiCO9jylxzh"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 20 Sep 2022 12:16:28 GMT
etag: "6329af1c-48c8e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 90ee1761b93556b7-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

OPTIONS hoksomuptak.net/event

139.45.197.122

200 OK

0 B

URL OPTIONS HTTP/2
hoksomuptak.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerLet's Encrypt
Subjecthoksomuptak.net
FingerprintDC:CB:DE:8A:4E:87:CA:01:0A:F7:01:CA:4A:06:63:14:51:F0:FD:02
ValiditySun, 29 Dec 2024 05:51:51 GMT - Sat, 29 Mar 2025 05:51:50 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: hoksomuptak.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/
Origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 08 Feb 2025 19:40:26 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

GET wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/69f2c6e661f546c39ea4b37fbfa92dec.jpg

104.21.16.1

200 OK

416 kB

URL GET HTTP/3
wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/69f2c6e661f546c39ea4b37fbfa92dec.jpg
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerGoogle Trust Services
Subjectcooknove.com
FingerprintA2:F7:3C:94:C5:25:BE:34:DF:D6:5B:E0:93:F3:B6:77:07:E4:D8:5A
ValidityTue, 17 Dec 2024 18:33:50 GMT - Mon, 17 Mar 2025 19:32:07 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1920x1080, components 3
Size
416 kB (415482 bytes)
Hash
5bafd2be98ab35c8d414ad5b7af1dda6
995787e57e756dd09741dbed1986de10831f3bce
70b3e6d340219dbf4df67dd795a394173c6f16e129c22fe690bff462b6b26295

HTTP Headers

GET /pop/no-morning-vg-dynamic-tr/images/69f2c6e661f546c39ea4b37fbfa92dec.jpg HTTP/1.1
Host: wqiflbl8sskhlbk73t0la69a.cooknove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Feb 2025 19:40:25 GMT
content-type: image/jpeg
content-length: 415482
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IhAVEJMBmpSH6n5UJAmwjD5d3AOlQ8Oldz0PhTOP4ugnrDDqcfgJWjE9%2FIHs38OkKnNdjMTGVpEOR5ei3Cufe8a%2Fi6nQBZFfxLmWH7LmQGmcZlHPSFFelIDE1B8sx7Kaobu7JPGsOZKHN76F0udSp8K5z4eNuDKG"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 20 Sep 2022 12:20:01 GMT
etag: "6329aff1-656fa"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 90ee1761a93456b7-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

OPTIONS hoksomuptak.net/event

139.45.197.122

200 OK

81 B

URL OPTIONS HTTP/2
hoksomuptak.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerLet's Encrypt
Subjecthoksomuptak.net
FingerprintDC:CB:DE:8A:4E:87:CA:01:0A:F7:01:CA:4A:06:63:14:51:F0:FD:02
ValiditySun, 29 Dec 2024 05:51:51 GMT - Sat, 29 Mar 2025 05:51:50 GMT

File type
JSON text data
Size
81 B (81 bytes)
Hash
a5785fc9385ebb6860145a52e8f5bf10
7deddfbde884c42dea32446d40a87467f9559c9d
b8699619598e6bcbd29d282b95f2711b98ca769056bdff9670eb4b0325269949

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: hoksomuptak.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/
Content-Type: application/json
Content-Length: 1112
Origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 08 Feb 2025 19:40:26 GMT
content-type: application/json; charset=utf-8
content-length: 81
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

OPTIONS hoksomuptak.net/event

139.45.197.122

200 OK

81 B

URL OPTIONS HTTP/2
hoksomuptak.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerLet's Encrypt
Subjecthoksomuptak.net
FingerprintDC:CB:DE:8A:4E:87:CA:01:0A:F7:01:CA:4A:06:63:14:51:F0:FD:02
ValiditySun, 29 Dec 2024 05:51:51 GMT - Sat, 29 Mar 2025 05:51:50 GMT

File type
JSON text data
Size
81 B (81 bytes)
Hash
f74cbed9bf4574f3a1089af602ccd4cb
98d79036c241a9adea3f09c63baaba28cf442daf
a1987128222edce46a6b21da0cf50baafa7ad4e812f8c2610743cbf31c621b16

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: hoksomuptak.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/
Content-Type: application/json
Content-Length: 1118
Origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 08 Feb 2025 19:40:26 GMT
content-type: application/json; charset=utf-8
content-length: 81
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

OPTIONS hoksomuptak.net/event

139.45.197.122

200 OK

81 B

URL OPTIONS HTTP/2
hoksomuptak.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerLet's Encrypt
Subjecthoksomuptak.net
FingerprintDC:CB:DE:8A:4E:87:CA:01:0A:F7:01:CA:4A:06:63:14:51:F0:FD:02
ValiditySun, 29 Dec 2024 05:51:51 GMT - Sat, 29 Mar 2025 05:51:50 GMT

File type
JSON text data
Size
81 B (81 bytes)
Hash
98df20a6b4486f722becc52fa618b911
5a9b1b4ffab4e1be9c9c5773b572eb018af943db
76bf94beedd09bbe4b36f3322d88bb2e496d5114556f61e5f786de7f9a3efff5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: hoksomuptak.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/
Content-Type: application/json
Content-Length: 5784
Origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 08 Feb 2025 19:40:26 GMT
content-type: application/json; charset=utf-8
content-length: 81
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

GET wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/apple-touch-icon-1024x1024.png

104.21.16.1

200 OK

29 kB

URL GET HTTP/3
wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/apple-touch-icon-1024x1024.png
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerGoogle Trust Services
Subjectcooknove.com
FingerprintA2:F7:3C:94:C5:25:BE:34:DF:D6:5B:E0:93:F3:B6:77:07:E4:D8:5A
ValidityTue, 17 Dec 2024 18:33:50 GMT - Mon, 17 Mar 2025 19:32:07 GMT

File type
PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced
Size
29 kB (29258 bytes)
Hash
5e3431a3630d15f1ecf798026586a3d4
77be40385b4b3946454a3f9bf9d926b2336e5826
69f672999bd2f9fb9a94042a231c819dde915de90b852691377b90a3bcdd403d

HTTP Headers

GET /pop/no-morning-vg-dynamic-tr/images/apple-touch-icon-1024x1024.png HTTP/1.1
Host: wqiflbl8sskhlbk73t0la69a.cooknove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Feb 2025 19:40:26 GMT
content-type: image/png
content-length: 29258
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v8aiQrGVkQZV0WZ%2FeeQ64QJguc4ttDKTkCfF1wiP5PtugLesZfjyhJrzptVFDVna%2BelZSVdnLL9TP%2FGMD8u3muZlPiLS0Aw20ZAIBhHHA8DOGAgqdoVf4tttV8v65GYJS2%2BhRrgMQ1xgq%2BGmCtDqbOeglhi372Zh"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 13 Sep 2022 17:59:33 GMT
etag: "6320c505-724a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 90ee1768995356b7-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

GET wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/favicon-16x16.png

104.21.16.1

200 OK

327 B

URL GET HTTP/3
wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/favicon-16x16.png
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerGoogle Trust Services
Subjectcooknove.com
FingerprintA2:F7:3C:94:C5:25:BE:34:DF:D6:5B:E0:93:F3:B6:77:07:E4:D8:5A
ValidityTue, 17 Dec 2024 18:33:50 GMT - Mon, 17 Mar 2025 19:32:07 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
327 B (327 bytes)
Hash
3fb8ebf5d2ed107346af4a5b77088aee
229d2ae21fc0af6f0fb829c7bb524fee54d5971d
3d1be0f3c23cb7021daed5a104ab47058c82ac476e77cea6d629d68ed2b419ff

HTTP Headers

GET /pop/no-morning-vg-dynamic-tr/images/favicon-16x16.png HTTP/1.1
Host: wqiflbl8sskhlbk73t0la69a.cooknove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Feb 2025 19:40:26 GMT
content-type: image/png
content-length: 327
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ovHvFWOOSqJn3WaqvYv7Gj9wkujqpUsi0K6La2ydZEE3E7UNo1hZ515z4vqnPRJ7YCzcq2bB8qfgkG6GKwH%2BKRiel3KCF0M3yBzac%2B%2FopWvj9RCB%2FVGN%2FpbIfBGE6pxA1nX%2Fsi9vfEMtFiI7d%2FoSosILvAxf2f4l"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 13 Sep 2022 18:00:22 GMT
etag: "6320c536-147"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 90ee1768995456b7-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

GET wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/image1vg.jpg?fit=crop&format=auto&h=667&w=1000&s=48e6e560b02445bab282654a98c706682c9cc840

104.21.16.1

200 OK

544 kB

URL GET HTTP/3
wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/images/image1vg.jpg?fit=crop&format=auto&h=667&w=1000&s=48e6e560b02445bab282654a98c706682c9cc840
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerGoogle Trust Services
Subjectcooknove.com
FingerprintA2:F7:3C:94:C5:25:BE:34:DF:D6:5B:E0:93:F3:B6:77:07:E4:D8:5A
ValidityTue, 17 Dec 2024 18:33:50 GMT - Mon, 17 Mar 2025 19:32:07 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1923x1058, components 3
Size
544 kB (543821 bytes)
Hash
73841e59d12bb8d218cc4019a5c19c6a
7b48df514f2edbb3716fb0cf4cd1020541ad2a40
9edf9d2e8458f259bfe9b0894359905a7e3f24b04a2165e0442c019db87a9bea

HTTP Headers

GET /pop/no-morning-vg-dynamic-tr/images/image1vg.jpg?fit=crop&format=auto&h=667&w=1000&s=48e6e560b02445bab282654a98c706682c9cc840 HTTP/1.1
Host: wqiflbl8sskhlbk73t0la69a.cooknove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Feb 2025 19:40:25 GMT
content-type: image/jpeg
content-length: 543821
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BVSKJoqrHQFnKTdHD7hWEnYTEtDaPjR%2FglMzH4p6%2FHkrHNg%2FYP5e8rkBREDWl0U4gLXsgTCoBFzLoh5xUHtHSP3xY6KhM9xjxpejPciDYbUtXZyGcgive4yuSawTYse53s5Uue474j46FqIn%2Bs901bnNwy7sRE%2Ba"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 20 Sep 2022 13:42:47 GMT
etag: "6329c357-84c4d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000
accept-ranges: bytes
cf-cache-status: MISS
cf-ray: 90ee1761a93356b7-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

GET www.vg.no/vgc/font/AustinNewsText-Bold-Web.woff2

195.88.55.16

200 OK

58 kB

URL GET HTTP/2
www.vg.no/vgc/font/AustinNewsText-Bold-Web.woff2
IP
195.88.55.16:443
ASN
#2116 Globalconnect As

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerZeroSSL
Subjectvg.no
Fingerprint7C:48:C4:78:F8:14:52:39:C4:75:83:D4:4F:72:70:4C:31:E6:29:3A
ValidityTue, 21 Jan 2025 00:00:00 GMT - Mon, 21 Apr 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 58472, version 1.0
Size
58 kB (58472 bytes)
Hash
faba9dbd4451ae0f3a436e13387cb489
ec75a5f4bb7fb4bb58a3a025b7f161fea0c24290
d3d55bfa9b2d985c4fb5e85a5768539af122f5d844dee2cbfb5e4ec933569610

HTTP Headers

GET /vgc/font/AustinNewsText-Bold-Web.woff2 HTTP/1.1
Host: www.vg.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 08 Feb 2025 19:40:25 GMT
content-type: font/woff2
content-length: 58472
last-modified: Mon, 18 Jun 2018 11:26:55 GMT
expires: Tue, 29 Jul 2025 22:23:30 GMT
access-control-allow-origin: *
x-varnish-director: static_web
vary: User-Agent
cache-control: max-age=15552000, immutable
strict-transport-security: max-age=15552000
x-vg-webcache: u89-varnish-01
x-cache: HIT:8053
x-age: 767815
age: 0
accept-ranges: bytes
x-vg-tlsproxy: u89-tlsproxy-02.int.vgnett.no
X-Firefox-Spdy: h2

GET hoksomuptak.net/850/66175/mw.min.js?z=7868393&sw=/sw-check-permissions-9de81.js

139.45.197.122

200 OK

5.5 kB

URL GET HTTP/2
hoksomuptak.net/850/66175/mw.min.js?z=7868393&sw=/sw-check-permissions-9de81.js
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerLet's Encrypt
Subjecthoksomuptak.net
FingerprintDC:CB:DE:8A:4E:87:CA:01:0A:F7:01:CA:4A:06:63:14:51:F0:FD:02
ValiditySun, 29 Dec 2024 05:51:51 GMT - Sat, 29 Mar 2025 05:51:50 GMT

File type
JavaScript source, ASCII text, with very long lines (5528), with no line terminators
Size
5.5 kB (5528 bytes)
Hash
ee4f0175050b2c8dfe8e621c8c5a3674
bc2017b34535fe1c09f5129b23a8eedfbc19d233
aa4acabe508ddf23c31765d8b1b93590a4bf1635a35cd2fe2dfcda0eed806f34

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /850/66175/mw.min.js?z=7868393&sw=/sw-check-permissions-9de81.js HTTP/1.1
Host: hoksomuptak.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 08 Feb 2025 19:40:25 GMT
content-type: application/javascript
last-modified: Thu, 06 Feb 2025 13:21:45 GMT
etag: W/"67a4b769-1598"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

GET hoksomuptak.net/850/66175/micro.tag.min.js?zoneId=7868393&sw=%2Fsw-check-permissions-9de81.js

139.45.197.122

200 OK

47 kB

URL GET HTTP/2
hoksomuptak.net/850/66175/micro.tag.min.js?zoneId=7868393&sw=%2Fsw-check-permissions-9de81.js
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerLet's Encrypt
Subjecthoksomuptak.net
FingerprintDC:CB:DE:8A:4E:87:CA:01:0A:F7:01:CA:4A:06:63:14:51:F0:FD:02
ValiditySun, 29 Dec 2024 05:51:51 GMT - Sat, 29 Mar 2025 05:51:50 GMT

File type
JavaScript source, ASCII text, with very long lines (46673), with no line terminators
Size
47 kB (46673 bytes)
Hash
c1614f207e9e7e5728d1cf4dcb53467f
61ab0eaef0ffae865f131b310625d9d111aa8ba8
c30225f40d0a142364937980cff819298562f09c7749a90e146550b5dbbf8e62

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /850/66175/micro.tag.min.js?zoneId=7868393&sw=%2Fsw-check-permissions-9de81.js HTTP/1.1
Host: hoksomuptak.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/
Origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 08 Feb 2025 19:40:25 GMT
content-type: application/javascript
last-modified: Thu, 06 Feb 2025 13:21:45 GMT
etag: W/"67a4b769-b651"
access-control-allow-origin: https://wqiflbl8sskhlbk73t0la69a.cooknove.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

GET wqiflbl8sskhlbk73t0la69a.cooknove.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

104.21.16.1

200 OK

1.2 kB

URL GET HTTP/3
wqiflbl8sskhlbk73t0la69a.cooknove.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerGoogle Trust Services
Subjectcooknove.com
FingerprintA2:F7:3C:94:C5:25:BE:34:DF:D6:5B:E0:93:F3:B6:77:07:E4:D8:5A
ValidityTue, 17 Dec 2024 18:33:50 GMT - Mon, 17 Mar 2025 19:32:07 GMT

File type
HTML document, ASCII text, with very long lines (1271), with no line terminators
Size
1.2 kB (1239 bytes)
Hash
40d981045a7516cdadd00e8dccc9c58d
8b8d9a48c6b9d2fba596034ef5db3dd0f2f781c3
71c7d5fc630ff38080f71945be1e8b0c43140d8c25338056b752495e18739c0c

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: wqiflbl8sskhlbk73t0la69a.cooknove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 08 Feb 2025 19:40:25 GMT
content-type: application/javascript
last-modified: Tue, 04 Feb 2025 15:57:24 GMT
cache-control: max-age=172800, public
content-encoding: gzip
etag: W/"67a238e4-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TDkmJ7k7yJpm0BQm37XghzCPjdACpdRfSa67wegtXApKMUBC3tDLcE1o98OiV47ElzeJUGhBsmSckzNvMxZmGlBdEemAeOSD1I5tLYuv2cd2oj1g74zSjcZKPJpT5u3zNEb7L%2FENkrqRREJ3je8KTSBa3H%2FbhXue"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90ee1761d94356b7-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Mon, 10 Feb 2025 19:40:25 GMT

GET wqiflbl8sskhlbk73t0la69a.cooknove.com/push-include.js

104.21.16.1

200 OK

1.4 kB

URL GET HTTP/3
wqiflbl8sskhlbk73t0la69a.cooknove.com/push-include.js
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerGoogle Trust Services
Subjectcooknove.com
FingerprintA2:F7:3C:94:C5:25:BE:34:DF:D6:5B:E0:93:F3:B6:77:07:E4:D8:5A
ValidityTue, 17 Dec 2024 18:33:50 GMT - Mon, 17 Mar 2025 19:32:07 GMT

File type
C source, ASCII text, with very long lines (1461), with no line terminators
Size
1.4 kB (1400 bytes)
Hash
72b8295514826a1f39b1621c711c59bf
64dc90813a22cde48aa6ff774a448ca76f49eef7
a93979464645f4fa0f374441b9bfa54b1d07395c61aa0bb9b713d0b6d75080b0

HTTP Headers

GET /push-include.js HTTP/1.1
Host: wqiflbl8sskhlbk73t0la69a.cooknove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 08 Feb 2025 19:40:25 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dsSZlGSyDO4kJahs%2BeabM8z7rPvzV0GW4XpcgH%2BFJJ0KKHpphDOIrd5YOd8eKEosaqLh2AbgbyL2zuOSaZZ70KWl060NeFikKU86UVBFg2dwnC92Yt9SYRl0kGUccn%2BVodO6HjA3l9byLTUgp%2FFzJl43p6cvLjKw"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 30 Nov 2024 09:37:39 GMT
etag: W/"674adce3-578"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000
cf-cache-status: MISS
content-encoding: br
cf-ray: 90ee1761d94456b7-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET wqiflbl8sskhlbk73t0la69a.cooknove.com/sw-check-permissions-9de81.js?zoneId=7868393

104.21.16.1

200 OK

566 B

URL GET HTTP/3
wqiflbl8sskhlbk73t0la69a.cooknove.com/sw-check-permissions-9de81.js?zoneId=7868393
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerGoogle Trust Services
Subjectcooknove.com
FingerprintA2:F7:3C:94:C5:25:BE:34:DF:D6:5B:E0:93:F3:B6:77:07:E4:D8:5A
ValidityTue, 17 Dec 2024 18:33:50 GMT - Mon, 17 Mar 2025 19:32:07 GMT

File type
ASCII text, with very long lines (605), with no line terminators
Size
566 B (566 bytes)
Hash
90e460b30afc29d5ab8f8629828ea82a
2880e435cb8f72f884ac327820fe250f2d451b11
8526330e42e8e65866b6abbe371f5e89be4b2b081c0d92b7ad8445b6b8259348

HTTP Headers

GET /sw-check-permissions-9de81.js?zoneId=7868393 HTTP/1.1
Host: wqiflbl8sskhlbk73t0la69a.cooknove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 08 Feb 2025 19:40:26 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rxq6QV0QzBLIoocc5I1pAU7%2BNGmlfEE8ByHJJG3rrZ7U2BKIUutg%2By59oBZr4WW4qRRtnlDs%2B50THcsbHKthOroXnE0ecSO6QCzrI2fmqBvhVFbfsMx1O05O9lV7rP%2BcMnxWeqv2CZzv7nOzDQMje0X0HsE045bm"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 10 Aug 2024 08:39:14 GMT
etag: W/"66b72732-236"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000
cf-cache-status: MISS
content-encoding: br
cf-ray: 90ee176ba95856b7-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8

104.21.16.1

200 OK

233 kB

URL User Request GET HTTP/2
wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectcooknove.com
FingerprintA2:F7:3C:94:C5:25:BE:34:DF:D6:5B:E0:93:F3:B6:77:07:E4:D8:5A
ValidityTue, 17 Dec 2024 18:33:50 GMT - Mon, 17 Mar 2025 19:32:07 GMT

File type

Size
233 kB (232670 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8 HTTP/1.1
Host: wqiflbl8sskhlbk73t0la69a.cooknove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 08 Feb 2025 19:40:24 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.19
strict-transport-security: max-age=15768000
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a1tpOHjQJvU9Yuj%2B5Kb6CZOCdeBSG6tAw3m0seUXxfdKXJNUZtvk99k7K3FdaNgmXCtAC3wJEL168YOsLBEWD5R6AI5td%2B6Myot65633%2FzH1qn04s0%2FjnwRcs51qoT78j%2Fr3kUCNHgCIF%2FKzFKWwaQIYjj57HMjQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90ee175e7e9456ab-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1571&min_rtt=963&rtt_var=494&sent=10&recv=12&lost=0&retrans=0&sent_bytes=4437&recv_bytes=2345&delivery_rate=3777391&cwnd=256&unsent_bytes=0&cid=2a73e0d0635cc747&ts=337&x=0"
X-Firefox-Spdy: h2

POST reasonable-source.com/caG.Fbzccdz-9fkgahXiQ_9kMlTmcnz-OpTqAr0sM_zuYvywMxz-gz3AMBDCQ_xENFjGAHx-NJyKZLkMd_GOtPuQPRV-ZTtUdVTWB_5YOZWatbj-ddDedfUgQ_mi1jTkVlD-dnloNpFqd_SsctkutvJ-MxkyMz3AQ_1CJDxEVFW-xHhIJJmKR_0MaN2O5Pv-dRXSQT9Ua_HWFXiYUZ1-RbucbdTeI_zgShEiJjr-RlzmdnhoT_jqRrysMt2-9vzwax2yd_hAQBTCNDj-SFTGFHzIR_3KYLmMcNH-RPuQPRUSN_nUSVkW9XU-eZEalbKcW_We5fKgdhl-ljXkUlmml_ZoVpzqVrr-St2ulvBwe_Ey1zUAZBz-JDPERFFGE_xITJWKpLn-dN0O5PHQT_TSRTZUVVE-pXpYWZWap_ncMdke5fq-VhXidjZka_lmUn0oTpU-RrFsetUu5_XwWxmy1zO-VBECNDuEN_XGAH2IOJU-JLqMaNUOp_tQURUSZTB-NVmWFXDYb_0aFbncLdS-0fmgchniJ_lkclWmgn9-ZpDqcr2sN_muEv0wMxj-UzzAMBGCE_zEMFDGgH1-MJjKIL1MN_DOlPmQMRj-UT2UMVzWR_iYNZjaAb0-MdGeMfmgc_niJjpkZlD-1nhoMpGqY_3sMtGuRvh-ZxjyYz3AY_WCYDwEYFj-IH0IOJWKR_hMMNzOdPm-NRTSgT0UN_GWYX3YNZj-lbmcYdyeZ_ygch3iJjj-PlWm9n1od_CqZr6sbt2-5vlwaxWyQ_9ANBDCgD1-MFzGgH2IN_QK

88.85.68.219

302 Found

233 kB

URL User Request POST HTTP/2
reasonable-source.com/caG.Fbzccdz-9fkgahXiQ_9kMlTmcnz-OpTqAr0sM_zuYvywMxz-gz3AMBDCQ_xENFjGAHx-NJyKZLkMd_GOtPuQPRV-ZTtUdVTWB_5YOZWatbj-ddDedfUgQ_mi1jTkVlD-dnloNpFqd_SsctkutvJ-MxkyMz3AQ_1CJDxEVFW-xHhIJJmKR_0MaN2O5Pv-dRXSQT9Ua_HWFXiYUZ1-RbucbdTeI_zgShEiJjr-RlzmdnhoT_jqRrysMt2-9vzwax2yd_hAQBTCNDj-SFTGFHzIR_3KYLmMcNH-RPuQPRUSN_nUSVkW9XU-eZEalbKcW_We5fKgdhl-ljXkUlmml_ZoVpzqVrr-St2ulvBwe_Ey1zUAZBz-JDPERFFGE_xITJWKpLn-dN0O5PHQT_TSRTZUVVE-pXpYWZWap_ncMdke5fq-VhXidjZka_lmUn0oTpU-RrFsetUu5_XwWxmy1zO-VBECNDuEN_XGAH2IOJU-JLqMaNUOp_tQURUSZTB-NVmWFXDYb_0aFbncLdS-0fmgchniJ_lkclWmgn9-ZpDqcr2sN_muEv0wMxj-UzzAMBGCE_zEMFDGgH1-MJjKIL1MN_DOlPmQMRj-UT2UMVzWR_iYNZjaAb0-MdGeMfmgc_niJjpkZlD-1nhoMpGqY_3sMtGuRvh-ZxjyYz3AY_WCYDwEYFj-IH0IOJWKR_hMMNzOdPm-NRTSgT0UN_GWYX3YNZj-lbmcYdyeZ_ygch3iJjj-PlWm9n1od_CqZr6sbt2-5vlwaxWyQ_9ANBDCgD1-MFzGgH2IN_QK
IP
88.85.68.219:443
ASN
#35415 Webzilla B.V.

Certificate
IssuerLet's Encrypt
Subjectreasonable-source.com
FingerprintDE:74:21:0E:61:B3:12:5D:E0:08:24:93:3F:37:46:C5:C3:2A:E8:3C
ValiditySun, 22 Dec 2024 05:56:06 GMT - Sat, 22 Mar 2025 05:56:05 GMT

File type

Size
233 kB (232670 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /caG.Fbzccdz-9fkgahXiQ_9kMlTmcnz-OpTqAr0sM_zuYvywMxz-gz3AMBDCQ_xENFjGAHx-NJyKZLkMd_GOtPuQPRV-ZTtUdVTWB_5YOZWatbj-ddDedfUgQ_mi1jTkVlD-dnloNpFqd_SsctkutvJ-MxkyMz3AQ_1CJDxEVFW-xHhIJJmKR_0MaN2O5Pv-dRXSQT9Ua_HWFXiYUZ1-RbucbdTeI_zgShEiJjr-RlzmdnhoT_jqRrysMt2-9vzwax2yd_hAQBTCNDj-SFTGFHzIR_3KYLmMcNH-RPuQPRUSN_nUSVkW9XU-eZEalbKcW_We5fKgdhl-ljXkUlmml_ZoVpzqVrr-St2ulvBwe_Ey1zUAZBz-JDPERFFGE_xITJWKpLn-dN0O5PHQT_TSRTZUVVE-pXpYWZWap_ncMdke5fq-VhXidjZka_lmUn0oTpU-RrFsetUu5_XwWxmy1zO-VBECNDuEN_XGAH2IOJU-JLqMaNUOp_tQURUSZTB-NVmWFXDYb_0aFbncLdS-0fmgchniJ_lkclWmgn9-ZpDqcr2sN_muEv0wMxj-UzzAMBGCE_zEMFDGgH1-MJjKIL1MN_DOlPmQMRj-UT2UMVzWR_iYNZjaAb0-MdGeMfmgc_niJjpkZlD-1nhoMpGqY_3sMtGuRvh-ZxjyYz3AY_WCYDwEYFj-IH0IOJWKR_hMMNzOdPm-NRTSgT0UN_GWYX3YNZj-lbmcYdyeZ_ygch3iJjj-PlWm9n1od_CqZr6sbt2-5vlwaxWyQ_9ANBDCgD1-MFzGgH2IN_QK HTTP/1.1
Host: reasonable-source.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 4
Origin: null
DNT: 1
Connection: keep-alive
Cookie: uniqCookie=646de13e1bcead581051dc599ed22361
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Sat, 08 Feb 2025 19:40:24 GMT
content-type: text/html;charset=UTF-8
content-length: 0
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64
x-frame-options: DENY
location: https://labydoneit.com/ea57c3c6-e03c-47ab-b995-c320acf498ea?zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97
referrer-policy: no-referrer
p3p: CP="CUR ADM OUR NOR STA NID"
last-modified: Sat, 08 Feb 2025 19:40:24 GMT
set-cookie: uniqCookie=646de13e1bcead581051dc599ed22361; max-age=1741635624; path=/
skipJsRedirect=1739043624; max-age=1770579624; path=/
kadCCap=341840:1:1739043624; max-age=1770579624; path=/
kadCSCap=341840:1:1739043624; path=/
kadRPixJ=bnVsbA==; max-age=1770579624; path=/
kadUnP3=CAEQqOaevQYaDQjpoKgCEAEYqOaevQYiCggDEAEYqOaevQYqDAjvgioQARio5p69Bg==; max-age=1770579624; path=/
x-content-type-options: nosniff
X-Firefox-Spdy: h2

GET wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/css/main.1.4.49.css

104.21.16.1

200 OK

16 kB

URL GET HTTP/3
wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/css/main.1.4.49.css
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerGoogle Trust Services
Subjectcooknove.com
FingerprintA2:F7:3C:94:C5:25:BE:34:DF:D6:5B:E0:93:F3:B6:77:07:E4:D8:5A
ValidityTue, 17 Dec 2024 18:33:50 GMT - Mon, 17 Mar 2025 19:32:07 GMT

File type
ASCII text, with very long lines (3186)
Size
16 kB (15750 bytes)
Hash
2aae241b703b92be9e32b7a975b76594
d35a5002743920b088a206c8f550300ac1dd4187
719948fe0abc81af09c5554a0aaf2c73b0c94db5c3346b13904c80066116ea0b

HTTP Headers

GET /pop/no-morning-vg-dynamic-tr/css/main.1.4.49.css HTTP/1.1
Host: wqiflbl8sskhlbk73t0la69a.cooknove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 08 Feb 2025 19:40:25 GMT
content-type: text/css
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U5GEUjouo7X%2Bt07YXlCsUGvaQvt%2BbXU5C2Ut%2FRWl4vOfLKY9xSEzF%2BrGrJTFpGhVgitX6Dl4quJEzMHXmgic6nIbw7TQvnJMAPmBrllzKrHLGYumoVv%2B8jwxhmF0AMDi3XU%2BMZJtVKaXYZVLIMdKTo9JmcRUd%2Fuk"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 13 Sep 2022 17:57:57 GMT
etag: W/"6320c4a5-3d86"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000
cf-cache-status: MISS
content-encoding: br
cf-ray: 90ee1761992f56b7-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/css/ministore.pro.embed.css?1663091076340

104.21.16.1

200 OK

2.5 kB

URL GET HTTP/3
wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/css/ministore.pro.embed.css?1663091076340
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerGoogle Trust Services
Subjectcooknove.com
FingerprintA2:F7:3C:94:C5:25:BE:34:DF:D6:5B:E0:93:F3:B6:77:07:E4:D8:5A
ValidityTue, 17 Dec 2024 18:33:50 GMT - Mon, 17 Mar 2025 19:32:07 GMT

File type
ASCII text, with very long lines (2678), with no line terminators
Size
2.5 kB (2526 bytes)
Hash
9df00fdc0e9b955534800555d91940ff
77f275cb069ce401429d9cb364aeb86b6ff081a8
f6bf01b271e852c3b177b5c0297746a9b1cbb43724451af6b28759a43662afac

HTTP Headers

GET /pop/no-morning-vg-dynamic-tr/css/ministore.pro.embed.css?1663091076340 HTTP/1.1
Host: wqiflbl8sskhlbk73t0la69a.cooknove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 08 Feb 2025 19:40:25 GMT
content-type: text/css
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sPa%2FKjoBBxDTOihip1QfUtLY1K4KjQ%2FLNX0JJ1DtOsLYMwvhtDPr8%2BB60Nkl8AlIm24MiI8yspRGfsdMXa1lGUI%2Bo99PzLjw9kqEhBk3MvOoZptNqKYMktnUhFdfLW7g6%2B0i1cfsOucMb0fBWczH13YS1vuDp4L3"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 13 Sep 2022 17:57:43 GMT
etag: W/"6320c497-9de"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000
cf-cache-status: MISS
content-encoding: br
cf-ray: 90ee1761a93256b7-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/css/main.55f083cb.css

104.21.16.1

200 OK

3.0 kB

URL GET HTTP/3
wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/css/main.55f083cb.css
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Certificate
IssuerGoogle Trust Services
Subjectcooknove.com
FingerprintA2:F7:3C:94:C5:25:BE:34:DF:D6:5B:E0:93:F3:B6:77:07:E4:D8:5A
ValidityTue, 17 Dec 2024 18:33:50 GMT - Mon, 17 Mar 2025 19:32:07 GMT

File type
ASCII text, with very long lines (2959), with no line terminators
Size
3.0 kB (2951 bytes)
Hash
60d2042917fa61eafeedabfe6a4489d4
d3f4ba324dfc2dfc202d5541e518e6161ed7f34f
9e83e572d901a3d33b0d8bf525bda06fd09dc50cccbf211daf460277eb50f2fb

HTTP Headers

GET /pop/no-morning-vg-dynamic-tr/css/main.55f083cb.css HTTP/1.1
Host: wqiflbl8sskhlbk73t0la69a.cooknove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wqiflbl8sskhlbk73t0la69a.cooknove.com/pop/no-morning-vg-dynamic-tr/index.php?exid=nob7c7bjxzci5sv0ag97&tr=labydoneit.com&cep=lKbC3fauvm0kt09lzuonGfk6lamFBHio2qjaJcIIT2K8Tr2AYHYuuU248acO68cvdltedBnpGn_vyAQmZNknTO5wc3TLUIM96w5ujBxccBwVTIEY-SedPphlgNnLXKjdgcL2JetB7BpftbjGLB9oABgZZtgeNzhCZ9w83wxN-ESE3JwQfCEnPr7VmfEzee_yH1qixKQ6lsW5VCnRuOzNxVXxmEPn6AkZmrn_oUDUKfLk9hIFfKwD1tgXFveK98IdwAGYQaIc4C9U-Q0rhCfVFYl5i6N7HGvSL1u5iawywGz2FIBYPxl7z-zf35NNmaENckxeasN9Y0n_MAQcou-0pkutnCLGmx1_SUxw9ToqEN7RBX_pDKrQxxwfZd6PDUUjyKkC3owTt01wQSSA355129-vcSjIrhFKQd07shGXPmf81G3KpuW2l8RlV4bNpEGQOmFr8CXZv1Peg3OsbkP6O0cuBSHI8BQXIRJ3qnrPNhhYoiH8t88LUjyUaKvQ3GQP&lptoken=1741395d04985456245f&zoneid=7D5KZG49JO&campaignid=341840&geo=NO&price=0.005295&token=nob7c7bjxzci5sv0ag97&lpkey=00c16773a87d5b17e8
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 08 Feb 2025 19:40:25 GMT
content-type: text/css
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Biz9tJkgub4AvYx2cvU%2BezY7RnJ0g3TZux2%2ByznXVM71GnEtWwPud%2FxLUngwhNrFr8IPoz%2FNpDpEdVZmyZBSGKqmc7INsCXpuqY2X5eHQNLc3TzIFqMxJLeKNjq9KdO0U8iEI%2FVmQ4SqpaC3I8673lbUdGggGsfj"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 13 Sep 2022 17:57:48 GMT
etag: W/"6320c49c-b87"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000
cf-cache-status: MISS
content-encoding: br
cf-ray: 90ee1761a93156b7-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (7)

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (51)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash