Report - crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg?info=ZmxvcmVuY2VAd2lsbGlhbXNzdG9yZS5jb20=

Report Overview

Visitedpublic

2024-08-08 16:44:08

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Sent	Received	IP
r11.o.lencr.org	unknown	327 B	888 B	2.23.172.216
mail.williamsstore.com	unknown	1.0 kB	1.2 kB	204.9.77.40
crjewellery.co.il	unknown	4.1 kB	58 kB	188.114.97.1
r10.o.lencr.org	unknown	2.6 kB	7.1 kB	2.23.172.216
o.pki.goog	unknown	1.6 kB	3.5 kB	142.251.9.94
www.google.com	7	896 B	1.7 kB	142.250.147.103
t3.gstatic.com	unknown	2.1 kB	5.4 kB	142.250.74.100

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-08-08	medium	crjewellery.co.il	Sinkholed
2024-08-08	medium	crjewellery.co.il	Sinkholed
2024-08-08	medium	crjewellery.co.il	Sinkholed
2024-08-08	medium	crjewellery.co.il	Sinkholed
2024-08-08	medium	crjewellery.co.il	Sinkholed
2024-08-08	medium	crjewellery.co.il	Sinkholed
2024-08-08	medium	crjewellery.co.il	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/?info=ZmxvcmVuY2VAd2lsbGlhbXNzdG9yZS5jb20=	ScriptElement	0 B	0001-01-01	2025-08-02
URL crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/?info=ZmxvcmVuY2VAd2lsbGlhbXNzdG9yZS5jb20= IP / ASN 188.114.97.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 0001-01-01 Last Seen 2025-08-02 Times Seen 5606766 Size 0 B (0 bytes) MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Format Code Loading...

	crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/assets/js/index.js	ScriptElement	25 kB	2024-02-29	2025-08-01
URL crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/assets/js/index.js IP / ASN 188.114.97.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2024-02-29 Last Seen 2025-08-01 Times Seen 293 Size 25 kB (24730 bytes) MD5 a4279d8d402beb941895d3e9c18b738d SHA1 6cab01a778966e2d5d1d84659525339d5f70cb88 SHA256 e4f1f89acd4984a38721d43081ffb9b10323f1b2d37ae35c9c92eb69ae109d5d Format Code Loading...

HTTP Transactions (29)

URL IP Response Size

r10.o.lencr.org/

2.23.172.216

504 B

URL

r10.o.lencr.org/

IP / ASN

2.23.172.216

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-06

Last Seen2024-08-19

Times Seen29584

Size504 B (504 bytes)

MD5a4b0d33ac49c96c71e39bb632bda5673

SHA1f4a1b2c6888fbf71cf9f3a36170c0968463df973

SHA256b28c45ed35b17a62f81e5aa81541f61740e5dfb5d5c1baa572feed4a4e2db9c5

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B28C45ED35B17A62F81E5AA81541F61740E5DFB5D5C1BAA572FEED4A4E2DB9C5"
Last-Modified: Tue, 06 Aug 2024 06:28:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3064
Expires: Thu, 08 Aug 2024 17:34:46 GMT
Date: Thu, 08 Aug 2024 16:43:42 GMT
Connection: keep-alive

r10.o.lencr.org/

2.23.172.216

504 B

URL

r10.o.lencr.org/

IP / ASN

2.23.172.216

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-06

Last Seen2024-08-19

Times Seen26925

Size504 B (504 bytes)

MD5361994b45d17874f3d57044be82a542d

SHA1ddad8ebd0d7ecdc2c9d07245d5aff4df9e3e0a56

SHA256bf3643f753112c9f8fa5204e8ee172a6e0374d160407b7f14e2c0708aa0daad5

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BF3643F753112C9F8FA5204E8EE172A6E0374D160407B7F14E2C0708AA0DAAD5"
Last-Modified: Tue, 06 Aug 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10392
Expires: Thu, 08 Aug 2024 19:36:54 GMT
Date: Thu, 08 Aug 2024 16:43:42 GMT
Connection: keep-alive

r10.o.lencr.org/

2.23.172.216

504 B

URL

r10.o.lencr.org/

IP / ASN

2.23.172.216

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-06

Last Seen2024-08-19

Times Seen36182

Size504 B (504 bytes)

MD5e7a128439c6dec237227cc4b883a2c99

SHA17794fc9e9bc964823a96cec60a2ec829dbce9919

SHA256f0a648a200fc7849174d4b74c6fbfee82b5bd098c9c9cae7084bdafaba169e3b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F0A648A200FC7849174D4B74C6FBFEE82B5BD098C9C9CAE7084BDAFABA169E3B"
Last-Modified: Tue, 06 Aug 2024 06:26:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2318
Expires: Thu, 08 Aug 2024 17:22:21 GMT
Date: Thu, 08 Aug 2024 16:43:43 GMT
Connection: keep-alive

r10.o.lencr.org/

2.23.172.216

504 B

URL

r10.o.lencr.org/

IP / ASN

2.23.172.216

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-06

Last Seen2024-08-19

Times Seen20403

Size504 B (504 bytes)

MD55aa0870760a323e0c76c1574633ed6e1

SHA15ba6f90abf50092defc125757aef5f3775353f40

SHA256485adde6605f8d46bbb24f1ce8fbdeba81d44f09b75600300584d408aa9f3ce1

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "485ADDE6605F8D46BBB24F1CE8FBDEBA81D44F09B75600300584D408AA9F3CE1"
Last-Modified: Tue, 06 Aug 2024 06:57:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4008
Expires: Thu, 08 Aug 2024 17:50:31 GMT
Date: Thu, 08 Aug 2024 16:43:43 GMT
Connection: keep-alive

o.pki.goog/wr2

142.251.9.94

471 B

URL

o.pki.goog/wr2

IP / ASN

142.251.9.94

#15169 GOOGLE

Requested byN/A

Resource Info

File typedata

First Seen2024-08-08

Last Seen2024-08-19

Times Seen1202

Size471 B (471 bytes)

MD572c7682ecb837a4dac94b4b80cb619b8

SHA1deb3e1e096856027cb7b86c8f28b96ea4344bc57

SHA256018cf025f16282b6c8239c2013bfae2661b016e1cc1b3cf143eec247fde06caf

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Aug 2024 16:43:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET www.google.com/s2/favicons?domain=williamsstore.com

142.250.147.103

301 Moved Permanently

337 B

URL

www.google.com/s2/favicons?domain=williamsstore.com

IP / ASN

142.250.147.103

#15169 GOOGLE

Requested byhttps://crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/?info=ZmxvcmVuY2VAd2lsbGlhbXNzdG9yZS5jb20=

Resource Info

File typeHTML document, ASCII text, with CRLF, LF line terminators

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size337 B (337 bytes)

MD5d2d2b1eb4c28bb824313ebe5fea47bae

SHA1cbd256f57b57ae7e2d6badbd3aa3fa14e41c9d92

SHA2562e5aaa6ba0da0ceaf116181acd519daae73e11384bf642382b3268db20ec4cce

Certificate Info

IssuerGoogle Trust Services

Subjectwww.google.com

Fingerprint78:90:10:00:62:E9:32:D2:E2:99:72:73:B5:44:27:CB:98:2E:AD:29

ValidityTue, 30 Jul 2024 12:50:13 GMT - Tue, 22 Oct 2024 12:50:12 GMT

HTTP Headers

GET /s2/favicons?domain=williamsstore.com HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crjewellery.co.il/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
location: https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://williamsstore.com&size=16
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 08 Aug 2024 16:43:45 GMT
expires: Thu, 08 Aug 2024 17:13:45 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 337
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET www.google.com/s2/favicons?domain=williamsstore.com

142.250.147.103

301 Moved Permanently

337 B

URL

www.google.com/s2/favicons?domain=williamsstore.com

IP / ASN

142.250.147.103

#15169 GOOGLE

Requested byhttps://crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/?info=ZmxvcmVuY2VAd2lsbGlhbXNzdG9yZS5jb20=

Resource Info

File typeHTML document, ASCII text, with CRLF, LF line terminators

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size337 B (337 bytes)

MD5d2d2b1eb4c28bb824313ebe5fea47bae

SHA1cbd256f57b57ae7e2d6badbd3aa3fa14e41c9d92

SHA2562e5aaa6ba0da0ceaf116181acd519daae73e11384bf642382b3268db20ec4cce

Certificate Info

IssuerGoogle Trust Services

Subjectwww.google.com

Fingerprint78:90:10:00:62:E9:32:D2:E2:99:72:73:B5:44:27:CB:98:2E:AD:29

ValidityTue, 30 Jul 2024 12:50:13 GMT - Tue, 22 Oct 2024 12:50:12 GMT

HTTP Headers

GET /s2/favicons?domain=williamsstore.com HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crjewellery.co.il/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
location: https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://williamsstore.com&size=16
x-content-type-options: nosniff
server: sffe
content-length: 337
x-xss-protection: 0
date: Thu, 08 Aug 2024 16:43:45 GMT
expires: Thu, 08 Aug 2024 17:13:45 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.251.9.94

472 B

URL

o.pki.goog/wr2

IP / ASN

142.251.9.94

#15169 GOOGLE

Requested byN/A

Resource Info

File typedata

First Seen2024-08-07

Last Seen2024-08-19

Times Seen1516

Size472 B (472 bytes)

MD512a47d9f54f30eb9c280225d71de659b

SHA18d8cdc61fa9d0af2110d9c0705e982a9cf515596

SHA256292932d253e50357c8734b6607c6f37a1c32fae5d95a47759114b931f00f6ddb

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Aug 2024 16:43:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://williamsstore.com&size=16

142.250.74.100

482 B

URL

t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://williamsstore.com&size=16

IP / ASN

142.250.74.100

#15169 GOOGLE

Requested byN/A

Resource Info

File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size482 B (482 bytes)

MD5aa19bda155a232930906f139a0c65e45

SHA11201540a0663be268d847e7d25d66c0ec4f3984b

SHA2562ee4cd143dccf05edde0710a1bf4f84d000bfd6f98ebfecaf0db68598f5f0109

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://williamsstore.com&size=16 HTTP/1.1
Host: t3.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://crjewellery.co.il/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
content-location: https://funsmarttoys.com/wp-content/uploads/2018/09/ms-icon-310x310-66x66.png
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 482
date: Thu, 08 Aug 2024 16:43:45 GMT
expires: Thu, 15 Aug 2024 16:43:45 GMT
cache-control: public, max-age=604800
last-modified: Wed, 19 Jun 2019 06:20:41 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.251.9.94

472 B

URL

o.pki.goog/wr2

IP / ASN

142.251.9.94

#15169 GOOGLE

Requested byN/A

Resource Info

File typedata

First Seen2024-08-07

Last Seen2024-08-19

Times Seen1516

Size472 B (472 bytes)

MD512a47d9f54f30eb9c280225d71de659b

SHA18d8cdc61fa9d0af2110d9c0705e982a9cf515596

SHA256292932d253e50357c8734b6607c6f37a1c32fae5d95a47759114b931f00f6ddb

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Aug 2024 16:43:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://williamsstore.com&size=16

142.250.74.100

482 B

URL

t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://williamsstore.com&size=16

IP / ASN

142.250.74.100

#15169 GOOGLE

Requested byN/A

Resource Info

File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size482 B (482 bytes)

MD5aa19bda155a232930906f139a0c65e45

SHA11201540a0663be268d847e7d25d66c0ec4f3984b

SHA2562ee4cd143dccf05edde0710a1bf4f84d000bfd6f98ebfecaf0db68598f5f0109

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://williamsstore.com&size=16 HTTP/1.1
Host: t3.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://crjewellery.co.il/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-location: https://funsmarttoys.com/wp-content/uploads/2018/09/ms-icon-310x310-66x66.png
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 482
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Aug 2024 16:43:45 GMT
expires: Thu, 15 Aug 2024 16:43:45 GMT
cache-control: public, max-age=604800
last-modified: Wed, 19 Jun 2019 06:20:41 GMT
content-type: image/png
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.147.94

472 B

URL

o.pki.goog/wr2

IP / ASN

142.250.147.94

#15169 GOOGLE

Requested byN/A

Resource Info

File typedata

First Seen2024-08-07

Last Seen2024-08-19

Times Seen1516

Size472 B (472 bytes)

MD512a47d9f54f30eb9c280225d71de659b

SHA18d8cdc61fa9d0af2110d9c0705e982a9cf515596

SHA256292932d253e50357c8734b6607c6f37a1c32fae5d95a47759114b931f00f6ddb

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Aug 2024 16:43:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

o.pki.goog/wr2

142.250.147.94

471 B

URL

o.pki.goog/wr2

IP / ASN

142.250.147.94

#15169 GOOGLE

Requested byN/A

Resource Info

File typedata

First Seen2024-08-07

Last Seen2024-08-19

Times Seen1152

Size471 B (471 bytes)

MD5a7f2c09460e28e8212d4763819f352ff

SHA19bab13da7c2fbce6cb90eeef3f6a7698d22bb5e9

SHA256a8f505f79a6c574b583dd06ff1a2efdda8109a719947fd3e1a385f054066f7aa

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Aug 2024 16:43:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r10.o.lencr.org/

2.23.172.203

504 B

URL

r10.o.lencr.org/

IP / ASN

2.23.172.203

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-06

Last Seen2024-08-19

Times Seen30072

Size504 B (504 bytes)

MD5460334cc4e5b7d0e9bae1a2db2ad27cd

SHA1b0a331b5252d61b68e687dc25581842a360aac4f

SHA2568e85f0944ea44f26c441f73cd791e0cf50936b0278733f5af7305e594372df58

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8E85F0944EA44F26C441F73CD791E0CF50936B0278733F5AF7305E594372DF58"
Last-Modified: Tue, 06 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9873
Expires: Thu, 08 Aug 2024 19:28:18 GMT
Date: Thu, 08 Aug 2024 16:43:45 GMT
Connection: keep-alive

r10.o.lencr.org/

2.23.172.203

504 B

URL

r10.o.lencr.org/

IP / ASN

2.23.172.203

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-06

Last Seen2024-08-19

Times Seen30072

Size504 B (504 bytes)

MD5460334cc4e5b7d0e9bae1a2db2ad27cd

SHA1b0a331b5252d61b68e687dc25581842a360aac4f

SHA2568e85f0944ea44f26c441f73cd791e0cf50936b0278733f5af7305e594372df58

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8E85F0944EA44F26C441F73CD791E0CF50936B0278733F5AF7305E594372DF58"
Last-Modified: Tue, 06 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9873
Expires: Thu, 08 Aug 2024 19:28:18 GMT
Date: Thu, 08 Aug 2024 16:43:45 GMT
Connection: keep-alive

r10.o.lencr.org/

2.23.172.203

504 B

URL

r10.o.lencr.org/

IP / ASN

2.23.172.203

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-06

Last Seen2024-08-19

Times Seen30072

Size504 B (504 bytes)

MD5460334cc4e5b7d0e9bae1a2db2ad27cd

SHA1b0a331b5252d61b68e687dc25581842a360aac4f

SHA2568e85f0944ea44f26c441f73cd791e0cf50936b0278733f5af7305e594372df58

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8E85F0944EA44F26C441F73CD791E0CF50936B0278733F5AF7305E594372DF58"
Last-Modified: Tue, 06 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9873
Expires: Thu, 08 Aug 2024 19:28:18 GMT
Date: Thu, 08 Aug 2024 16:43:45 GMT
Connection: keep-alive

r10.o.lencr.org/

2.23.172.203

504 B

URL

r10.o.lencr.org/

IP / ASN

2.23.172.203

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-06

Last Seen2024-08-19

Times Seen30072

Size504 B (504 bytes)

MD5460334cc4e5b7d0e9bae1a2db2ad27cd

SHA1b0a331b5252d61b68e687dc25581842a360aac4f

SHA2568e85f0944ea44f26c441f73cd791e0cf50936b0278733f5af7305e594372df58

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8E85F0944EA44F26C441F73CD791E0CF50936B0278733F5AF7305E594372DF58"
Last-Modified: Tue, 06 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9873
Expires: Thu, 08 Aug 2024 19:28:18 GMT
Date: Thu, 08 Aug 2024 16:43:45 GMT
Connection: keep-alive

r11.o.lencr.org/

2.23.172.216

504 B

URL

r11.o.lencr.org/

IP / ASN

2.23.172.216

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size504 B (504 bytes)

MD5e86843512d89bb3ce025f00ffce3ac86

SHA138e66f8e1a1bf7b4abcde55f297825933051cc03

SHA256587a2c32e271dd3cd0799e1e5dfc142c0ddffb7f2ebae7a2a908660ba71e2945

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "587A2C32E271DD3CD0799E1E5DFC142C0DDFFB7F2EBAE7A2A908660BA71E2945"
Last-Modified: Thu, 08 Aug 2024 15:51:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21589
Expires: Thu, 08 Aug 2024 22:43:34 GMT
Date: Thu, 08 Aug 2024 16:43:45 GMT
Connection: keep-alive

GET mail.williamsstore.com/

204.9.77.40

302 Document Moved

612 B

URL

mail.williamsstore.com/

IP / ASN

204.9.77.40

#6461 ZAYO-6461

Requested byhttps://crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/?info=ZmxvcmVuY2VAd2lsbGlhbXNzdG9yZS5jb20=

Resource Info

File typeHTML document, ASCII text, with very long lines (612), with no line terminators

First Seen2023-04-12

Last Seen2025-01-27

Times Seen27

Size612 B (612 bytes)

MD512493328522dfdaf22540e9dc516ce16

SHA1397c05e873b81f090f2397c3135eddc773d93617

SHA2567faef5d4622651570d9e0e12990171bd8357a9240e8c2562fff249ccc84d7e6e

Certificate Info

IssuerLet's Encrypt

Subjectmail.williamsstore.com

FingerprintA4:03:DB:F8:D0:F9:B8:65:04:C5:B9:22:37:C4:AE:01:B5:53:0E:F3

ValiditySun, 14 Jul 2024 07:21:16 GMT - Sat, 12 Oct 2024 07:21:15 GMT

HTTP Headers

GET / HTTP/1.1
Host: mail.williamsstore.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crjewellery.co.il/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Document Moved
Strict-Transport-Security: max-age=31536000; includeSubDomains;
Expires: Thu, 08 Aug 2034 16:43:45 GMT
Server: IceWarp/14.1.0.9 x64
Date: Thu, 08 Aug 2024 16:43:45 GMT
Location: /webmail/
Content-Type: text/html
Content-Length: 612

GET crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/assets/js/index.js

188.114.97.1

200 OK

25 kB

URL

crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/assets/js/index.js

IP / ASN

188.114.97.1

#13335 CLOUDFLARENET

Requested byhttps://crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/?info=ZmxvcmVuY2VAd2lsbGlhbXNzdG9yZS5jb20=

Resource Info

File typeASCII text, with very long lines (14329), with CRLF line terminators

First Seen2024-02-29

Last Seen2025-08-01

Times Seen293

Size25 kB (24730 bytes)

MD5a4279d8d402beb941895d3e9c18b738d

SHA16cab01a778966e2d5d1d84659525339d5f70cb88

SHA256e4f1f89acd4984a38721d43081ffb9b10323f1b2d37ae35c9c92eb69ae109d5d

Certificate Info

IssuerGoogle Trust Services

Subjectcrjewellery.co.il

Fingerprint31:40:C3:31:06:8B:22:4E:28:69:AF:42:3B:42:AB:51:81:18:8B:35

ValidityFri, 26 Jul 2024 01:20:19 GMT - Thu, 24 Oct 2024 01:20:18 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/wujdenx/cnpablo/edg/assets/js/index.js HTTP/1.1
Host: crjewellery.co.il
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/?info=ZmxvcmVuY2VAd2lsbGlhbXNzdG9yZS5jb20=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 08 Aug 2024 16:43:44 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding,User-Agent
last-modified: Sun, 21 Jul 2024 22:19:40 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dDAE%2BDpZ%2FblFZrDO0EW5VNEJVBqiNPUgRkWZPCgjCcAYU3jrLBuu%2Fg6HkeTXwH8W%2F28FfOYNZq8TxWLERUwuHcZQNJk5pZUvhihIunznqdTRrGSI45TOuU0yqU1evEmP3FY0DQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8b00f791ff44930a-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://williamsstore.com&size=16

142.250.74.100

200 OK

482 B

URL

t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://williamsstore.com&size=16

IP / ASN

142.250.74.100

#15169 GOOGLE

Requested byhttps://crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/?info=ZmxvcmVuY2VAd2lsbGlhbXNzdG9yZS5jb20=

Resource Info

File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size482 B (482 bytes)

MD5aa19bda155a232930906f139a0c65e45

SHA11201540a0663be268d847e7d25d66c0ec4f3984b

SHA2562ee4cd143dccf05edde0710a1bf4f84d000bfd6f98ebfecaf0db68598f5f0109

Certificate Info

IssuerGoogle Trust Services

Subject*.gstatic.com

FingerprintF2:15:54:4E:F3:58:7F:5A:14:9D:F2:45:37:0E:B1:A6:48:C6:2B:14

ValidityTue, 30 Jul 2024 12:49:30 GMT - Tue, 22 Oct 2024 12:49:29 GMT

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://williamsstore.com&size=16 HTTP/1.1
Host: t3.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://crjewellery.co.il/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-location: https://funsmarttoys.com/wp-content/uploads/2018/09/ms-icon-310x310-66x66.png
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 482
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Aug 2024 16:43:45 GMT
expires: Thu, 15 Aug 2024 16:43:45 GMT
cache-control: public, max-age=604800
last-modified: Wed, 19 Jun 2019 06:20:41 GMT
content-type: image/png
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET mail.williamsstore.com/webmail/

204.9.77.40

200 OK

0 B

URL

mail.williamsstore.com/webmail/

IP / ASN

204.9.77.40

#6461 ZAYO-6461

Requested byhttps://crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/?info=ZmxvcmVuY2VAd2lsbGlhbXNzdG9yZS5jb20=

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606766

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectmail.williamsstore.com

FingerprintA4:03:DB:F8:D0:F9:B8:65:04:C5:B9:22:37:C4:AE:01:B5:53:0E:F3

ValiditySun, 14 Jul 2024 07:21:16 GMT - Sat, 12 Oct 2024 07:21:15 GMT

HTTP Headers

GET /webmail/ HTTP/1.1
Host: mail.williamsstore.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://crjewellery.co.il/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Server: IceWarp/14.1.0.9 x64
Date: Thu, 08 Aug 2024 16:43:46 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains;
X-UA-Compatible: IE=edge
Content-Security-Policy: frame-ancestors 'self' *.icewarp.com
Content-type: text/html; charset=UTF-8

GET crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/?info=ZmxvcmVuY2VAd2lsbGlhbXNzdG9yZS5jb20=

188.114.97.1

200 OK

1.2 kB

URL

crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/?info=ZmxvcmVuY2VAd2lsbGlhbXNzdG9yZS5jb20=

IP / ASN

188.114.97.1

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (1345), with no line terminators

First Seen2024-07-31

Last Seen2024-08-19

Times Seen4

Size1.2 kB (1244 bytes)

MD5c0f513a453ad6ed0268643797c367ec9

SHA131ba1b4889b427d4bc06442e3e9255c98345d76a

SHA2569abc6e715bd9c752d38b7935b9c9cb37877ce721d153727cfbe5bcfc46409ac5

Certificate Info

IssuerGoogle Trust Services

Subjectcrjewellery.co.il

Fingerprint31:40:C3:31:06:8B:22:4E:28:69:AF:42:3B:42:AB:51:81:18:8B:35

ValidityFri, 26 Jul 2024 01:20:19 GMT - Thu, 24 Oct 2024 01:20:18 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/wujdenx/cnpablo/edg/?info=ZmxvcmVuY2VAd2lsbGlhbXNzdG9yZS5jb20= HTTP/1.1
Host: crjewellery.co.il
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 08 Aug 2024 16:43:44 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kRinGFIK3BePxyu%2FH4ECDpET%2BEPGdnr0B2Wcv%2BQcFgLWZ9bZr1vx7kxm19jsTBAvWTbJ8noIBIkxABtAZAyiU4m8N0sAiR6%2BfInDF97TNhtWtAz7nk6urrtu%2FR8jsb2I2DxGgw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8b00f78f9c3d9986-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/assets/js/index.js

188.114.97.1

200 OK

25 kB

URL

crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/assets/js/index.js

IP / ASN

188.114.97.1

#13335 CLOUDFLARENET

Requested byhttps://crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/?info=ZmxvcmVuY2VAd2lsbGlhbXNzdG9yZS5jb20=#

Resource Info

File typeASCII text, with very long lines (14329), with CRLF line terminators

First Seen2024-02-29

Last Seen2025-08-01

Times Seen293

Size25 kB (24730 bytes)

MD5a4279d8d402beb941895d3e9c18b738d

SHA16cab01a778966e2d5d1d84659525339d5f70cb88

SHA256e4f1f89acd4984a38721d43081ffb9b10323f1b2d37ae35c9c92eb69ae109d5d

Certificate Info

IssuerGoogle Trust Services

Subjectcrjewellery.co.il

Fingerprint31:40:C3:31:06:8B:22:4E:28:69:AF:42:3B:42:AB:51:81:18:8B:35

ValidityFri, 26 Jul 2024 01:20:19 GMT - Thu, 24 Oct 2024 01:20:18 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/wujdenx/cnpablo/edg/assets/js/index.js HTTP/1.1
Host: crjewellery.co.il
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/?info=ZmxvcmVuY2VAd2lsbGlhbXNzdG9yZS5jb20=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 08 Aug 2024 16:43:44 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding,User-Agent
last-modified: Sun, 21 Jul 2024 22:19:40 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sdV9sYlrz8l3nmuJO%2FbHo7QkNFLeOgeevSHNQEtzkkse%2F2sJOMgB%2BpVfYa6hyNkGsP5hXq7HYOmuly6WAN9cCxAdNWLp7p8zwocATxFStTDU8mPpDgLrYkP%2BltcxqzlLj94naA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8b00f7958e68930a-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://williamsstore.com&size=16

142.250.74.100

200 OK

482 B

URL

t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://williamsstore.com&size=16

IP / ASN

142.250.74.100

#15169 GOOGLE

Requested byhttps://crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/?info=ZmxvcmVuY2VAd2lsbGlhbXNzdG9yZS5jb20=

Resource Info

File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size482 B (482 bytes)

MD5aa19bda155a232930906f139a0c65e45

SHA11201540a0663be268d847e7d25d66c0ec4f3984b

SHA2562ee4cd143dccf05edde0710a1bf4f84d000bfd6f98ebfecaf0db68598f5f0109

Certificate Info

IssuerGoogle Trust Services

Subject*.gstatic.com

FingerprintF2:15:54:4E:F3:58:7F:5A:14:9D:F2:45:37:0E:B1:A6:48:C6:2B:14

ValidityTue, 30 Jul 2024 12:49:30 GMT - Tue, 22 Oct 2024 12:49:29 GMT

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://williamsstore.com&size=16 HTTP/1.1
Host: t3.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://crjewellery.co.il/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
content-location: https://funsmarttoys.com/wp-content/uploads/2018/09/ms-icon-310x310-66x66.png
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 482
date: Thu, 08 Aug 2024 16:43:45 GMT
expires: Thu, 15 Aug 2024 16:43:45 GMT
cache-control: public, max-age=604800
last-modified: Wed, 19 Jun 2019 06:20:41 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg?info=ZmxvcmVuY2VAd2lsbGlhbXNzdG9yZS5jb20=

188.114.97.1

301 Moved Permanently

1.2 kB

URL

crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg?info=ZmxvcmVuY2VAd2lsbGlhbXNzdG9yZS5jb20=

IP / ASN

188.114.97.1

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606766

Size1.2 kB (1244 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectcrjewellery.co.il

Fingerprint31:40:C3:31:06:8B:22:4E:28:69:AF:42:3B:42:AB:51:81:18:8B:35

ValidityFri, 26 Jul 2024 01:20:19 GMT - Thu, 24 Oct 2024 01:20:18 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/wujdenx/cnpablo/edg?info=ZmxvcmVuY2VAd2lsbGlhbXNzdG9yZS5jb20= HTTP/1.1
Host: crjewellery.co.il
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Thu, 08 Aug 2024 16:43:43 GMT
content-type: text/html; charset=iso-8859-1
location: https://crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/?info=ZmxvcmVuY2VAd2lsbGlhbXNzdG9yZS5jb20=
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NBjhM7SkYebhhoPFFkXbAWxUlcqUMpa2R4PFqf6X6YbsxGci4FZ0pG98GcMpJUk1GUoRCRXJSqqePxfUa1EMWvdYNAZSgJMkZjQw695SM3B%2FNzzPVM5b5eJnl6UhAJIgHKtaPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8b00f78d58149986-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/?info=ZmxvcmVuY2VAd2lsbGlhbXNzdG9yZS5jb20=

188.114.97.1

200 OK

1.2 kB

URL

crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/?info=ZmxvcmVuY2VAd2lsbGlhbXNzdG9yZS5jb20=

IP / ASN

188.114.97.1

#13335 CLOUDFLARENET

Requested byhttps://crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/?info=ZmxvcmVuY2VAd2lsbGlhbXNzdG9yZS5jb20=

Resource Info

File typeHTML document, ASCII text, with very long lines (1345), with no line terminators

First Seen2024-07-31

Last Seen2024-08-19

Times Seen4

Size1.2 kB (1244 bytes)

MD5c0f513a453ad6ed0268643797c367ec9

SHA131ba1b4889b427d4bc06442e3e9255c98345d76a

SHA2569abc6e715bd9c752d38b7935b9c9cb37877ce721d153727cfbe5bcfc46409ac5

Certificate Info

IssuerGoogle Trust Services

Subjectcrjewellery.co.il

Fingerprint31:40:C3:31:06:8B:22:4E:28:69:AF:42:3B:42:AB:51:81:18:8B:35

ValidityFri, 26 Jul 2024 01:20:19 GMT - Thu, 24 Oct 2024 01:20:18 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/wujdenx/cnpablo/edg/?info=ZmxvcmVuY2VAd2lsbGlhbXNzdG9yZS5jb20= HTTP/1.1
Host: crjewellery.co.il
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/?info=ZmxvcmVuY2VAd2lsbGlhbXNzdG9yZS5jb20=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 08 Aug 2024 16:43:44 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M8PwpXhkSXX01sbgNb%2BqlpEipVohL6h0xh6acxrpfiXpbDUWEeZP9MmBAnRb2IcJR5vrOdP1mSRo6chb1ISo5rFUxFlIUKsLq8mlQ1yYdS7yMZrJfuy0zt7Jp71nXrNGJS2i%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8b00f793db2f930a-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

POST crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/assets/php/policy.php

188.114.97.1

200 OK

238 B

URL

crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/assets/php/policy.php

IP / ASN

188.114.97.1

#13335 CLOUDFLARENET

Requested byhttps://crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/?info=ZmxvcmVuY2VAd2lsbGlhbXNzdG9yZS5jb20=

Resource Info

File typetroff or preprocessor input, ASCII text, with no line terminators

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size238 B (238 bytes)

MD5c23262f161e8af53eaac839e974787b7

SHA1873893cb7002586f30eda8a670ed70f2236179e1

SHA256b2565d6a4c5f7f6c77d2aad553dd071afb1cc832798168622152a627ed7f5032

Certificate Info

IssuerGoogle Trust Services

Subjectcrjewellery.co.il

Fingerprint31:40:C3:31:06:8B:22:4E:28:69:AF:42:3B:42:AB:51:81:18:8B:35

ValidityFri, 26 Jul 2024 01:20:19 GMT - Thu, 24 Oct 2024 01:20:18 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /wp-content/plugins/wujdenx/cnpablo/edg/assets/php/policy.php HTTP/1.1
Host: crjewellery.co.il
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/?info=ZmxvcmVuY2VAd2lsbGlhbXNzdG9yZS5jb20=
Content-Type: application/json
Content-Length: 56
Origin: https://crjewellery.co.il
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 08 Aug 2024 16:43:45 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Accept-Encoding,User-Agent
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Origin, Content-Type, X-Auth-Token
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fA3LR6%2BofZjaHbhJEMK%2B1s38sDqK80qqcYBjMOM40xigr4q7GV3Gf7OcgW8pDHjdcHcoBDaM5qnzXJnrTCuyFTtCXtKajg0OXCpKyEtCgO3Iql9LmjMuTYBVr5wSsX%2FpdNvpWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8b00f793db47930a-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

POST crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/assets/php/policy.php

0.0.0.0

0 B

URL

crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/assets/php/policy.php

IP / ASN

0.0.0.0

Requested byhttps://crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/?info=ZmxvcmVuY2VAd2lsbGlhbXNzdG9yZS5jb20=#

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606766

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectcrjewellery.co.il

Fingerprint31:40:C3:31:06:8B:22:4E:28:69:AF:42:3B:42:AB:51:81:18:8B:35

ValidityFri, 26 Jul 2024 01:20:19 GMT - Thu, 24 Oct 2024 01:20:18 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /wp-content/plugins/wujdenx/cnpablo/edg/assets/php/policy.php HTTP/1.1
Host: crjewellery.co.il
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://crjewellery.co.il/wp-content/plugins/wujdenx/cnpablo/edg/?info=ZmxvcmVuY2VAd2lsbGlhbXNzdG9yZS5jb20=
Content-Type: application/json
Content-Length: 56
Origin: https://crjewellery.co.il
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache