Overview

URLgame.hicage.com/aramex-ch-com/aramex/ar/index.php
IP 118.27.125.213 (Japan)
ASN#7506 GMO Internet,Inc
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-09-21 20:17:38 UTC
StatusLoading report..
IDS alerts0
Blocklist alert9
urlquery alerts No alerts detected
Tags None

Domain Summary (10)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-21 04:20:37 UTC 34.117.237.239
ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-21 15:45:34 UTC 93.184.220.29
img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-21 14:38:57 UTC 34.120.237.76
ocsp.pki.goog (2) 175 2017-06-14 07:23:31 UTC 2022-09-21 04:20:12 UTC 142.250.74.3
fonts.gstatic.com (1) 0 2014-08-29 13:43:22 UTC 2022-09-21 04:18:17 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-21 16:01:18 UTC 143.204.55.35
r3.o.lencr.org (5) 344 2020-12-02 08:52:13 UTC 2022-09-21 04:18:22 UTC 23.36.77.32
game.hicage.com (11) 0 2019-12-12 04:02:18 UTC 2022-09-21 14:26:46 UTC 118.27.125.213 Unknown ranking
content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-21 04:18:32 UTC 143.204.55.35
push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-21 04:20:37 UTC 35.81.125.88

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-09-21 2 game.hicage.com/aramex-ch-com/aramex/ar/index.php Aramex

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-21 2 game.hicage.com/aramex-ch-com/aramex/ar/files/js/modernizr.min.js Phishing
2022-09-21 2 game.hicage.com/aramex-ch-com/aramex/ar/files/js/jquery.js Phishing
2022-09-21 2 game.hicage.com/aramex-ch-com/aramex/ar/files/js/jquery.ccvalid.js Phishing
2022-09-21 2 game.hicage.com/aramex-ch-com/aramex/ar/files/js/jquery.mask.js Phishing
2022-09-21 2 game.hicage.com/aramex-ch-com/aramex/ar/files/img/aramex-logo.svg Phishing
2022-09-21 2 game.hicage.com/aramex-ch-com/aramex/ar/index.php Phishing
2022-09-21 2 game.hicage.com/aramex-ch-com/aramex/ar/files/js/vendors.js Phishing
2022-09-21 2 game.hicage.com/aramex-ch-com/aramex/ar/files/img/ar.ico Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 118.27.125.213
Date UQ / IDS / BL URL IP
2023-01-20 08:25:33 +0000 2 - 0 - 7 game.hicage.com/aramex-ch-com/aramex/ar/picku (...) 118.27.125.213
2023-01-17 09:32:29 +0000 0 - 1 - 0 nanbyo.jp/syukai-2/ 118.27.125.213
2022-11-25 15:33:38 +0000 0 - 0 - 1 sirop.jp/ 118.27.125.213
2022-10-06 10:10:17 +0000 0 - 0 - 9 game.hicage.com/aramex-ch-com/aramex/ar/index.php 118.27.125.213
2022-09-21 20:17:38 +0000 0 - 0 - 9 game.hicage.com/aramex-ch-com/aramex/ar/index.php 118.27.125.213


Last 5 reports on ASN: GMO Internet,Inc
Date UQ / IDS / BL URL IP
2023-01-28 09:35:48 +0000 0 - 3 - 0 lbsjapon.biz/ 157.7.107.67
2023-01-28 09:35:07 +0000 0 - 3 - 0 xn--1lqt7w0xb2ri17bk4az12n3gs.com/task/py/bmi.exe 157.7.156.160
2023-01-28 09:15:53 +0000 0 - 0 - 1 studioadig.com/papu/microsoft_excel_2020/sour (...) 150.95.255.38
2023-01-28 03:32:18 +0000 8 - 0 - 2 www.binaryranking.net/dhl/GlobalSources/ 118.27.125.202
2023-01-28 02:36:56 +0000 0 - 1 - 0 www.nurisen.jp/ 157.7.44.223


Last 5 reports on domain: hicage.com
Date UQ / IDS / BL URL IP
2023-01-20 08:25:33 +0000 2 - 0 - 7 game.hicage.com/aramex-ch-com/aramex/ar/picku (...) 118.27.125.213
2022-10-06 10:10:17 +0000 0 - 0 - 9 game.hicage.com/aramex-ch-com/aramex/ar/index.php 118.27.125.213
2022-09-21 20:17:38 +0000 0 - 0 - 9 game.hicage.com/aramex-ch-com/aramex/ar/index.php 118.27.125.213
2022-09-07 22:28:03 +0000 0 - 0 - 7 game.hicage.com/aramex-ch-com/aramex/ar/picku (...) 118.27.125.213
2022-09-05 16:45:04 +0000 0 - 0 - 9 game.hicage.com/aramex-ch-com/aramex/ar/index.php 118.27.125.213


Last 3 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-10-06 10:10:17 +0000 0 - 0 - 9 game.hicage.com/aramex-ch-com/aramex/ar/index.php 118.27.125.213
2022-09-04 12:06:06 +0000 0 - 0 - 9 mixup201104.com/aramex-confirmation.com.a/ara (...) 157.7.107.176
2022-09-13 08:09:50 +0000 0 - 0 - 8 crm.uof.ac.ae/aramex/aramex/ar/index.php 216.137.184.7

JavaScript

Executed Scripts (10)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (31)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Length, Backoff, Retry-After, Content-Type
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 21 Sep 2022 20:13:43 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: O_zkQPvH7G5LeYvdL0Bgm8PXkC9aYN0yV-TQXC6gqc8lN46sQTkYmA==
Age: 224


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    804f8bbb7f556d51a5f52d5ebd5b6eef
Sha1:   922cd7e06df278615a04abb81d811d14596c8180
Sha256: ef4804d381a34ab67873a7755621081c49c646310e085a9b2356ae07098f6021
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "35BAAAE7B3CE3110EBB2B075881CFAB55ECF3EAB57D834283FD18AC691B41FA2"
Last-Modified: Tue, 20 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4462
Expires: Wed, 21 Sep 2022 21:31:49 GMT
Date: Wed, 21 Sep 2022 20:17:27 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         143.204.55.35
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 21 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: -GJmudIASUF_SbXsRhjj7EXn8ez6Y74Ok3dcuXtqrMMtocv6vJKqQg==
age: 56534
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 21 Sep 2022 20:17:27 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 21 Sep 2022 20:03:22 GMT
Cache-Control: max-age=3600
Expires: Wed, 21 Sep 2022 20:55:20 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: XHMigHVKnwEtaD5mMBDoLHVhklJCfrVAkFrzi_b1SxIABYJN94dF2A==
Age: 845


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C271C0440BC77A1D915456F27BAD6226C712EDAEB01BD0A2B1F514CAB5FEEA33"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21572
Expires: Thu, 22 Sep 2022 02:16:59 GMT
Date: Wed, 21 Sep 2022 20:17:27 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5390
Cache-Control: 'max-age=158059'
Date: Wed, 21 Sep 2022 20:17:27 GMT
Last-Modified: Wed, 21 Sep 2022 18:47:37 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8+u6jFQtY/MRer5aGi5Q0g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         35.81.125.88
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: tGPjbGcHzrfJsqS18Rq8sDJa0qA=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2596
Expires: Wed, 21 Sep 2022 21:00:45 GMT
Date: Wed, 21 Sep 2022 20:17:29 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2596
Expires: Wed, 21 Sep 2022 21:00:45 GMT
Date: Wed, 21 Sep 2022 20:17:29 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2596
Expires: Wed, 21 Sep 2022 21:00:45 GMT
Date: Wed, 21 Sep 2022 20:17:29 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c2e0de8-088f-449b-a3cb-bbb83e3883a6.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11832
x-amzn-requestid: 75065a71-5f2d-4987-915b-9bddc772c76a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YugI_EsLIAMFdmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e09f-1248d25405209da3353d4a4a;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:35:27 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: gLh2EBTPdXvFtZuYKH1NVZebvnz4Rhs-f_rZPtfJpIWNemEk0upeOQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 22:07:08 GMT
age: 79821
etag: "8b91bc3069a3217bc719c27959d578b353b5d9dc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11832
Md5:    2ed7323b395e757f7766ea0045efdaca
Sha1:   8b91bc3069a3217bc719c27959d578b353b5d9dc
Sha256: 8daf8cb1464daa5f72bc4f1049adb4aba00b2c2dec11cb3ade3454ec2ebbfb63
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1874c3ef-e614-4fd9-9d88-b87eac5ea0e6.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9201
x-amzn-requestid: 6dbfae76-f9ab-4f31-9b62-bcf5d9ce4515
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YxzxlEYcoAMFaQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a333d-7d147481402cc46a751b72ed;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 21:40:13 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JEb0g486u6AjYFbf8rSbreKjh0m1GsAGbvykHl0oahmVN2ciqe5FOw==
via: 1.1 7dcaa43cd0535d889b549e6a30a57aa0.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 22:14:57 GMT
etag: "1eef1ab0099d09d1cf965b6e7b55fe2aa4e18e54"
age: 79352
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9201
Md5:    a692964324dbb9c460a1b855808d02e6
Sha1:   1eef1ab0099d09d1cf965b6e7b55fe2aa4e18e54
Sha256: 3fa9e780d62fffb635064aeed542c8e04923ff943c6080476836fab6c24e2426
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc349860f-d61d-42ea-8638-7ebcefe23e00.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12545
x-amzn-requestid: 6720348a-0245-486b-a978-2df18eb4bd43
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yl7YKHayIAMFo1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6325729a-2601f775219651777cba839c;Sampled=0
x-amzn-remapped-date: Sat, 17 Sep 2022 07:09:14 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: NdQpOGtyA7AxpmkvFf3K3IrkgSku9QQzQ4BvpoRfTv16Kj1Gr6n7oA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 07:34:13 GMT
age: 45796
etag: "9b17ad091f936a8dd50126ce9ad5f9a7fd7d55f8"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12545
Md5:    1976af26c5d4a671c8298bffafc90ce3
Sha1:   9b17ad091f936a8dd50126ce9ad5f9a7fd7d55f8
Sha256: 2349b9e1233d43cf8d0ff273f8bf6147dda00314fd631a81cb278ce0b8e32684
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb19a7100-8d4f-4c0a-8865-191670cb2db4.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6667
x-amzn-requestid: 1798057c-208d-471e-8d5c-602631418afd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yxy1nHvsoAMF23A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a31bd-121c21f710767cde77a06945;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 21:33:49 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vdjC0dj8L5qN-SdmlBD_TD0T0hdFtWzmnC9_AdJVP5qTi9dWz6_K9g==
via: 1.1 e71753cf85369390852fdcb22bf59aa8.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 21:40:13 GMT
age: 81436
etag: "65886e11d9f792452cceea23444722ff4028b081"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6667
Md5:    9c4ba493d60a12accc1dc9c3299fa01d
Sha1:   65886e11d9f792452cceea23444722ff4028b081
Sha256: b287b0bf2b3dc834a657dc98a9eef006577554306fa481bbc9de5a16943129f1
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f06ad5e-83fd-449e-b227-1b9d5389e57d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10244
x-amzn-requestid: 71f08b9e-e977-48de-ad60-5192a43db517
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYwBkGqjIAMFz0Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63202d3d-0af3334d085ca4a764e31bb5;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 07:11:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 7FaZfI_iYUANPdxGBld5NfneWwKJeX2nYA_gmvF9NjML5YOVhZIIoA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 19:20:13 GMT
age: 3436
etag: "b1cd04a66852694284eeef16a1cde38896e33c03"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10244
Md5:    14e6ddceb639a5f4875aecb796f95c79
Sha1:   b1cd04a66852694284eeef16a1cde38896e33c03
Sha256: 4c0657a00d7fb4caefa64c28340cad94a306cc393cffe692fcc69c65a80f2391
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6be1360-d048-4319-9cac-dfebe92db87f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9271
x-amzn-requestid: b8139dfc-8f24-41e0-9948-56bad215416c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yx0Q-EkZoAMF_sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a3406-4365026f7f832cee0c12e4d7;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 21:43:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QhTzqhSMCDgWwTSsmfM_3jBwV-g0fVABMLy-gwrjoxaoE4VomNqahg==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 22:38:46 GMT
age: 77923
etag: "4183102af1963e1edb3aa572c43aeda7d855e9f5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9271
Md5:    267173c6b4e4e6ae4a84dc08df92f82f
Sha1:   4183102af1963e1edb3aa572c43aeda7d855e9f5
Sha256: 20487bb2e59f2e6afcaaac3e3c4f1dfec9a8ef761403a44f7f92a6b57d143714
                                        
                                            GET /aramex-ch-com/aramex/ar/pickup.php?info=Global& HTTP/1.1 
Host: game.hicage.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=baei6ed5h7ddg8ckk8aeunn9jj
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

search
                                         118.27.125.213
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Wed, 21 Sep 2022 20:17:32 GMT
content-length: 26973
server: Apache
x-powered-by: PHP/7.1.33
vary: Range,Accept-Encoding
accept-ranges: none
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (14750)
Size:   26973
Md5:    26187a2917b3a8fa6ad58474cbc7129c
Sha1:   8e545550ccfd8707ed6cbc171960c5bd278e684d
Sha256: 53a2229f9cf3ea60ee4cf0351d354b1ead1b2165655a2ec80342810af406d4e2
                                        
                                            GET /aramex-ch-com/aramex/ar/files/js/modernizr.min.js HTTP/1.1 
Host: game.hicage.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://game.hicage.com/aramex-ch-com/aramex/ar/pickup.php?info=Global&
Cookie: PHPSESSID=baei6ed5h7ddg8ckk8aeunn9jj
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         118.27.125.213
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 21 Sep 2022 20:17:33 GMT
content-length: 1788
server: Apache
last-modified: Tue, 27 Oct 2020 19:56:30 GMT
accept-ranges: none
vary: Range,Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (3807), with no line terminators
Size:   1788
Md5:    aee093ddb1cc21a44d2c75dd2fa5b278
Sha1:   f9f2b3d3544b6991bc60e4bf882bf214f58e9c1d
Sha256: d9ea7b73f9c0bcac680cb64b1f234e75453983a407825a6213330cea8b89d6a7

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /aramex-ch-com/aramex/ar/files/js/jquery.js HTTP/1.1 
Host: game.hicage.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://game.hicage.com/aramex-ch-com/aramex/ar/pickup.php?info=Global&
Cookie: PHPSESSID=baei6ed5h7ddg8ckk8aeunn9jj
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         118.27.125.213
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 21 Sep 2022 20:17:33 GMT
content-length: 30248
server: Apache
last-modified: Sun, 06 May 2018 01:07:02 GMT
accept-ranges: none
vary: Range,Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   30248
Md5:    863a1ad55c010457822334c94889c6db
Sha1:   393769fda37eb9f5394bcbc50180cf11f1c6537f
Sha256: 5ea43fe3744481e74f9b5bb243bbc718c66cd15264590473016be8c73035deae

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /aramex-ch-com/aramex/ar/files/js/jquery.ccvalid.js HTTP/1.1 
Host: game.hicage.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://game.hicage.com/aramex-ch-com/aramex/ar/pickup.php?info=Global&
Cookie: PHPSESSID=baei6ed5h7ddg8ckk8aeunn9jj
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         118.27.125.213
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 21 Sep 2022 20:17:33 GMT
content-length: 1912
server: Apache
last-modified: Sun, 06 May 2018 01:05:52 GMT
accept-ranges: none
vary: Range,Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   1912
Md5:    e7154602fbef27a9d416b1711cf9849d
Sha1:   3a35474195add5e93c102b5ae2e6c1c7e434c972
Sha256: 131c7ec52ccf9733edf5a7a3c7a2101ecc73e2a3f6a2cc6461d49f8ae407cab1

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /aramex-ch-com/aramex/ar/files/js/jquery.mask.js HTTP/1.1 
Host: game.hicage.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://game.hicage.com/aramex-ch-com/aramex/ar/pickup.php?info=Global&
Cookie: PHPSESSID=baei6ed5h7ddg8ckk8aeunn9jj
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         118.27.125.213
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 21 Sep 2022 20:17:33 GMT
content-length: 4948
server: Apache
last-modified: Sat, 30 Jan 2016 22:57:28 GMT
accept-ranges: none
vary: Range,Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   4948
Md5:    72561daefcabe07fcd6e4a000ce2b1f9
Sha1:   29f4b8a00c67c6d29e8beb9cbe1fcc040bfc4bf5
Sha256: 3a19e4fd29ca6cd5ba35dd0f38915107a432a326280051d32ca2b16af7d668b7

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /aramex-ch-com/aramex/ar/files/img/aramex-logo.svg HTTP/1.1 
Host: game.hicage.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://game.hicage.com/aramex-ch-com/aramex/ar/pickup.php?info=Global&
Cookie: PHPSESSID=baei6ed5h7ddg8ckk8aeunn9jj
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         118.27.125.213
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Wed, 21 Sep 2022 20:17:33 GMT
content-length: 2271
server: Apache
last-modified: Sat, 26 Dec 2020 13:56:34 GMT
accept-ranges: none
vary: Range,Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size:   2271
Md5:    dd25558ab621ee9ab36eb6c303c29eef
Sha1:   ce091b5d5112fbb3cdf514e4de4d1728417dbb10
Sha256: aa13167dcadff8442230bf3ca6f287a4a997929833e0c3d6d35ec009491b5b1b

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /aramex-ch-com/aramex/ar/index.php HTTP/1.1 
Host: game.hicage.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         118.27.125.213
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
date: Wed, 21 Sep 2022 20:17:31 GMT
location: pickup.php?info=Global&
server: Apache
x-powered-by: PHP/7.1.33
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=baei6ed5h7ddg8ckk8aeunn9jj; path=/
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  gzip compressed data, from Unix\012- data
Size:   40606
Md5:    cf25e97e7e547dec6931ac0453475c66
Sha1:   91b08ff9cd223bf82c8cc82e308b60e42a84b0b1
Sha256: ee48cf822fcc1d6c94173173597537237b2df81ddcae272c8275208077ce10df

Alerts:
  Blocklists:
    - openphish: Aramex
    - fortinet: Phishing
                                        
                                            GET /aramex-ch-com/aramex/ar/files/css/project.css HTTP/1.1 
Host: game.hicage.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://game.hicage.com/aramex-ch-com/aramex/ar/pickup.php?info=Global&
Cookie: PHPSESSID=baei6ed5h7ddg8ckk8aeunn9jj
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         118.27.125.213
HTTP/2 200 OK
content-type: text/css
                                        
date: Wed, 21 Sep 2022 20:17:33 GMT
server: Apache
last-modified: Mon, 08 Feb 2021 16:38:38 GMT
accept-ranges: none
vary: Range,Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   190874
Md5:    bbca12c40ba007af240856a693c30718
Sha1:   36f13860547a5773e665bbaa2458933b0973f60b
Sha256: 1de1897762ae5cf5ffa74babe7809daf99aeb8b8d3bae2fd7a6b14dc69cce736
                                        
                                            GET /aramex-ch-com/aramex/ar/files/js/vendors.js HTTP/1.1 
Host: game.hicage.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://game.hicage.com/aramex-ch-com/aramex/ar/pickup.php?info=Global&
Cookie: PHPSESSID=baei6ed5h7ddg8ckk8aeunn9jj
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         118.27.125.213
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 21 Sep 2022 20:17:33 GMT
server: Apache
last-modified: Sat, 26 Dec 2020 13:56:34 GMT
accept-ranges: none
vary: Range,Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   102010
Md5:    d0243adb764a9e3a978adb6275f4cb79
Sha1:   209a4ec315659bca02d8199e5b0bc24a232c7225
Sha256: ab9d2d07b44ec62112602775c26c1f77bd858a21005b5e1b016d152fd6d5fd16

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 20:17:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://game.hicage.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 20 Sep 2022 08:31:01 GMT
expires: Wed, 20 Sep 2023 08:31:01 GMT
cache-control: public, max-age=31536000
age: 128793
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size:   44856
Md5:    565ce506190ad3af920b40baf1794cec
Sha1:   ad3cba5d06100e09449a864d3b5e58403b478b3d
Sha256: 8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 20:17:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /aramex-ch-com/aramex/ar/files/img/ar.ico HTTP/1.1 
Host: game.hicage.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://game.hicage.com/aramex-ch-com/aramex/ar/pickup.php?info=Global&
Cookie: PHPSESSID=baei6ed5h7ddg8ckk8aeunn9jj
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         118.27.125.213
HTTP/2 200 OK
content-type: image/vnd.microsoft.icon
                                        
date: Wed, 21 Sep 2022 20:17:34 GMT
content-length: 3197
server: Apache
last-modified: Thu, 04 Mar 2021 13:43:44 GMT
accept-ranges: none
vary: Range,Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon, -31x-31, 8 bits/pixel\012- data
Size:   3197
Md5:    c428433ea5d4d13ed8e339809d7869cc
Sha1:   10590794a43168e9cc9b5b2c8e4e64aa8fec94fe
Sha256: 84862b6c133ef95d5663b68026ec497e05fe4817b6d76e23bf78cbaa59bbcb37

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /aramex-ch-com/aramex/ar/files/img/rolling.png HTTP/1.1 
Host: game.hicage.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://game.hicage.com/aramex-ch-com/aramex/ar/pickup.php?info=Global&
Cookie: PHPSESSID=baei6ed5h7ddg8ckk8aeunn9jj
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         118.27.125.213
HTTP/2 200 OK
content-type: image/png
                                        
date: Wed, 21 Sep 2022 20:17:34 GMT
server: Apache
last-modified: Thu, 04 Mar 2021 14:58:42 GMT
accept-ranges: none
vary: Range,Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---