apiservices.krxd.net/click_tracker/track?kx_event_uid=LR25EaJr&clk=https://jewelsandabove.com/.well-known/acme-challenge/sf_rand_string_lowercase6////Y2FybC5nZW9yZ2VAYWVyby5ib21iYXJkaWVyLmNvbQ==
151.101.2.133 0 B URL apiservices.krxd.net/click_tracker/track?kx_event_uid=LR25EaJr&clk=https://jewelsandabove.com/.well-known/acme-challenge/sf_rand_string_lowercase6////Y2FybC5nZW9yZ2VAYWVyby5ib21iYXJkaWVyLmNvbQ==
IP 151.101.2.133:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click_tracker/track?kx_event_uid=LR25EaJr&clk=https://jewelsandabove.com/.well-known/acme-challenge/sf_rand_string_lowercase6////Y2FybC5nZW9yZ2VAYWVyby5ib21iYXJkaWVyLmNvbQ== HTTP/1.1
Host: apiservices.krxd.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
location: https://jewelsandabove.com/.well-known/acme-challenge/sf_rand_string_lowercase6////Y2FybC5nZW9yZ2VAYWVyby5ib21iYXJkaWVyLmNvbQ==
age: 0
via: 1.1 varnish (Varnish/5.2), 1.1 varnish
accept-ranges: bytes
date: Fri, 02 Jun 2023 04:33:58 GMT
x-served-by: click-tracker-a002-ash-prod.krxd.net, cache-bma1677-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1685680438.940332,VS0,VE273
content-length: 0
X-Firefox-Spdy: h2
jewelsandabove.com/.well-known/acme-challenge/sf_rand_string_lowercase6////Y2FybC5nZW9yZ2VAYWVyby5ib21iYXJkaWVyLmNvbQ==
192.3.201.55 0 B URL jewelsandabove.com/.well-known/acme-challenge/sf_rand_string_lowercase6////Y2FybC5nZW9yZ2VAYWVyby5ib21iYXJkaWVyLmNvbQ==
IP 192.3.201.55:0
ASN #36352 AS-COLOCROSSING
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /.well-known/acme-challenge/sf_rand_string_lowercase6////Y2FybC5nZW9yZ2VAYWVyby5ib21iYXJkaWVyLmNvbQ== HTTP/1.1
Host: jewelsandabove.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
x-powered-by: PHP/5.6.40
refresh: 0;url=https://pub-a7604a6260454c39a791072009906c6c.r2.dev/game.html#carl.george@aero.bombardier.com
content-type: text/html; charset=UTF-8
content-length: 0
date: Fri, 02 Jun 2023 04:33:58 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
pub-a7604a6260454c39a791072009906c6c.r2.dev/game.html
104.18.2.35 1.8 kB URL pub-a7604a6260454c39a791072009906c6c.r2.dev/game.html
IP 104.18.2.35:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (394)
Hash f148313ae541a8b954fa15bd2e3c5ac3
2363e0caa1c1516a544fa45071739c6b0a16391d
c6ffddd00694df2e0ce9d812e25b630efc10f7a50f1409b98d7d7128aac9f22e
Analyzer Verdict Alert openphish Office365
phishtank Other
GET /game.html HTTP/1.1
Host: pub-a7604a6260454c39a791072009906c6c.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 04:33:59 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d0cfb37dbb6b521-OSL
Content-Encoding: gzip
pub-a7604a6260454c39a791072009906c6c.r2.dev/cdn-cgi/styles/cf.errors.css
104.18.2.35200 OK 4.5 kB URL GET HTTP/1.1 pub-a7604a6260454c39a791072009906c6c.r2.dev/cdn-cgi/styles/cf.errors.css
IP 104.18.2.35:443
Requested by https://pub-a7604a6260454c39a791072009906c6c.r2.dev/game.html#carl.george@aero.bombardier.com
Certificate IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint87:5C:76:14:05:03:7E:AD:00:B9:80:0B:3F:E7:E3:25:D8:A5:4C:03
ValidityMon, 17 Apr 2023 14:40:35 GMT - Sun, 16 Jul 2023 14:40:34 GMT
File type ASCII text, with very long lines (24131)
Hash a1cedc21f16b5a97114857154fab35e9
95e9890a15a4f7f94f7f19d2c297e4b07503c526
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
Analyzer Verdict Alert urlquery suspicious Suspicious - Sinkholed / Blocked
GET /cdn-cgi/styles/cf.errors.css HTTP/1.1
Host: pub-a7604a6260454c39a791072009906c6c.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a7604a6260454c39a791072009906c6c.r2.dev/game.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 04:33:59 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 30 May 2023 15:20:42 GMT
ETag: W/"6476144a-5e44"
Server: cloudflare
CF-RAY: 7d0cfb38ac2fb521-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Fri, 02 Jun 2023 06:33:59 GMT
Cache-Control: max-age=7200, public
Content-Encoding: gzip
pub-a7604a6260454c39a791072009906c6c.r2.dev/cdn-cgi/images/icon-exclamation.png?1376755637
104.18.2.35200 OK 452 B URL GET HTTP/1.1 pub-a7604a6260454c39a791072009906c6c.r2.dev/cdn-cgi/images/icon-exclamation.png?1376755637
IP 104.18.2.35:443
Requested by https://pub-a7604a6260454c39a791072009906c6c.r2.dev/game.html#carl.george@aero.bombardier.com
Certificate IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint87:5C:76:14:05:03:7E:AD:00:B9:80:0B:3F:E7:E3:25:D8:A5:4C:03
ValidityMon, 17 Apr 2023 14:40:35 GMT - Sun, 16 Jul 2023 14:40:34 GMT
File type PNG image data, 54 x 54, 8-bit colormap, non-interlaced\012- data
Hash c33de66281e933259772399d10a6afe8
b9f9d500f8814381451011d4dcf59cd2d90ad94f
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
Analyzer Verdict Alert urlquery suspicious Suspicious - Sinkholed / Blocked
GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1
Host: pub-a7604a6260454c39a791072009906c6c.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a7604a6260454c39a791072009906c6c.r2.dev/cdn-cgi/styles/cf.errors.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 04:33:59 GMT
Content-Type: image/png
Content-Length: 452
Connection: keep-alive
Last-Modified: Tue, 30 May 2023 15:20:42 GMT
ETag: "6476144a-1c4"
Server: cloudflare
CF-RAY: 7d0cfb38dc55b521-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Fri, 02 Jun 2023 06:33:59 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes
pub-a7604a6260454c39a791072009906c6c.r2.dev/favicon.ico
104.18.2.35404 Not Found 6.5 kB URL GET HTTP/1.1 pub-a7604a6260454c39a791072009906c6c.r2.dev/favicon.ico
IP 104.18.2.35:443
Requested by https://pub-a7604a6260454c39a791072009906c6c.r2.dev/game.html#carl.george@aero.bombardier.com
Certificate IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint87:5C:76:14:05:03:7E:AD:00:B9:80:0B:3F:E7:E3:25:D8:A5:4C:03
ValidityMon, 17 Apr 2023 14:40:35 GMT - Sun, 16 Jul 2023 14:40:34 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (611)
Hash df3d48946e8d3f5a83608308edbb4b86
47b9c40c97abf2658df96b1c06109324e15e1a00
570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499
Analyzer Verdict Alert urlquery suspicious Suspicious - Sinkholed / Blocked
GET /favicon.ico HTTP/1.1
Host: pub-a7604a6260454c39a791072009906c6c.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-a7604a6260454c39a791072009906c6c.r2.dev/game.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Fri, 02 Jun 2023 04:33:59 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d0cfb390c77b521-OSL
Content-Encoding: gzip
pub-a7604a6260454c39a791072009906c6c.r2.dev/game.html
104.18.2.35200 OK 4.4 kB URL User Request GET HTTP/1.1 pub-a7604a6260454c39a791072009906c6c.r2.dev/game.html
IP 104.18.2.35:443
Certificate IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint87:5C:76:14:05:03:7E:AD:00:B9:80:0B:3F:E7:E3:25:D8:A5:4C:03
ValidityMon, 17 Apr 2023 14:40:35 GMT - Sun, 16 Jul 2023 14:40:34 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (4642), with no line terminators
Hash 67db6e2c00427cf61cee89a8d108e6e2
c0eaa6d48ee611878821ec4157205b483b4f7810
f075f030611aeda69e9eb0a5632aec350c4564f190be4c1e4c305506074923dc
Analyzer Verdict Alert openphish Office365
phishtank Other
GET /game.html HTTP/1.1
Host: pub-a7604a6260454c39a791072009906c6c.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 04:33:59 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d0cfb37dbb6b521-OSL
Content-Encoding: gzip