Report - rnjit.com/amex/sar/clients/cc.php

Report Overview

Visited public
2023-12-06 17:10:14
Tags
aramex logistics phishing
URL
rnjit.com/amex/sar/clients/cc.php
Finishing URL
rnjit.com/amex/sar/clients/cc.php
IP / ASN
146.71.124.178
#53850 GORILLASERVERS
Title
Aramex
Phishing - Aramex

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-12-06 06:59:18	897 B	367 kB	104.17.25.14
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-12-06 06:43:40	415 B	32 kB	151.101.2.137
rnjit.com	unknown	unknown	No data	No data	8.9 kB	127 kB	146.71.124.178
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-06 07:50:48	2.2 kB	197 kB	142.250.74.131
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-06 07:08:39	470 B	95 kB	142.250.74.42
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2023-12-06 05:09:53	1.4 kB	56 kB	151.101.129.229

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (6)

	URL	From	Size	First Seen	Last Seen
	rnjit.com/amex/sar/assets/js/script.js	ScriptElement	154 B	2023-03-07	2025-02-19
Pretty URL rnjit.com/amex/sar/assets/js/script.js IP 146.71.124.178 ASN #53850 GORILLASERVERS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-02-19 10:39 Times Seen579 Hash 6a88d53561e8acbb4afe27307d3d4fb9 f1922e8889b32f2c5af762bed4c596687ef28cbb 01066344ed84a8cfc6518af2398dead9ce515b86e710c4ad301049541722ddd9 Loading...

	code.jquery.com/jquery-3.5.1.min.js	ScriptElement	90 kB	2023-03-07	2025-05-11
Pretty URL code.jquery.com/jquery-3.5.1.min.js IP 151.101.2.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 06:35 Times Seen108918 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js	ScriptElement	84 kB	2023-03-07	2025-05-10
Pretty URL cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-10 21:24 Times Seen6147 Hash 7f389f5d2622ce2090eca7c36bcb90bc ab27031159724e2421f6ff5c70f48e657abe9d39 8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01 Loading...

	cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/js/all.min.js	ScriptElement	1.2 MB	2023-03-07	2025-05-08
Pretty URL cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/js/all.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15 Last Seen2025-05-08 07:39 Times Seen847 Hash 5e1e1bd25a94741b7828800b758b88df c4198f8a39a892ba4dfd85b7a228e03b77e36a04 20a3ef6979bbe5e4de1afaecc703e1d34cbc5e3ceab36d378539506327692d72 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery.payment/3.0.0/jquery.payment.min.js	ScriptElement	8.5 kB	2023-03-07	2025-05-07
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery.payment/3.0.0/jquery.payment.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-07 11:08 Times Seen876 Hash ae3f52c2166f5c09f5f3ceeda2c15f01 7d5b0613ee02bc0f39f546443f338c806634c5f6 6c4ba1c662b440b3aefe5e5147ea2df72f80e510e4979c65485a7b0fff894e37 Loading...

	cdn.jsdelivr.net/npm/jquery-simple-upload@1.1.0/simpleUpload.min.js	ScriptElement	13 kB	2023-03-07	2025-02-19
Pretty URL cdn.jsdelivr.net/npm/jquery-simple-upload@1.1.0/simpleUpload.min.js IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2025-02-19 10:39 Times Seen89 Hash 3a064faa5d36d3c72328d35e572aaecc 473040b608b8f212e8fedd314e1855b038b38263 c94328682edabda584a8380131d5cabb0c7dea7a7ae74d18cd0f6e577421c55c Loading...

HTTP Transactions (28)

URL IP Response Size

cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css

151.101.129.229

200 OK

26 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://rnjit.com/amex/sar/clients/cc.php
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (65326)
Size
26 kB (26099 bytes)
Hash
023b3876bb73aa541367fc40a193d2b7
8ed2d6350d23f857d92805737d0f97c675de666b
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

HTTP Headers

GET /npm/bootstrap@4.5.3/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rnjit.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.5.3
x-jsd-version-type: version
etag: W/"27288-jtLWNQ0j+FfZKAVzfQ+XxnXeZms"
content-encoding: br
accept-ranges: bytes
date: Wed, 06 Dec 2023 17:09:57 GMT
age: 22196308
x-served-by: cache-fra-eddf8230071-FRA, cache-bma1626-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 26099
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/js/all.min.js

104.17.25.14

200 OK

362 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/js/all.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rnjit.com/amex/sar/clients/cc.php
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65350)
Size
362 kB (362308 bytes)
Hash
5e1e1bd25a94741b7828800b758b88df
c4198f8a39a892ba4dfd85b7a228e03b77e36a04
20a3ef6979bbe5e4de1afaecc703e1d34cbc5e3ceab36d378539506327692d72

HTTP Headers

GET /ajax/libs/font-awesome/5.15.1/js/all.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rnjit.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 06 Dec 2023 17:09:57 GMT
content-type: application/javascript; charset=utf-8
content-length: 362308
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5f7b5b5f-123bd0"
last-modified: Mon, 05 Oct 2020 17:43:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1171386
expires: Mon, 25 Nov 2024 17:09:57 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0h69SYSEn57kHmforvca8pCm0uH98fZDI5DudXWa%2FBRzufe7oJ%2FjadQrL%2FOt0Z3ZCwtcRsutZ%2B2brU%2F8qYx4WnI%2BVNJA4Ng9jGKpSwm80lPQmLqFnrwfQF0bhbJbWXoCP4HYze20"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 831623b84d975688-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/jquery-simple-upload@1.1.0/simpleUpload.min.js

151.101.129.229

200 OK

4.4 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/jquery-simple-upload@1.1.0/simpleUpload.min.js
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://rnjit.com/amex/sar/clients/cc.php
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (12586)
Size
4.4 kB (4392 bytes)
Hash
3a064faa5d36d3c72328d35e572aaecc
473040b608b8f212e8fedd314e1855b038b38263
c94328682edabda584a8380131d5cabb0c7dea7a7ae74d18cd0f6e577421c55c

HTTP Headers

GET /npm/jquery-simple-upload@1.1.0/simpleUpload.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rnjit.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.1.0
x-jsd-version-type: version
etag: W/"329c-RzBAtgi48hLo/t0xThhVsDizgmM"
content-encoding: br
accept-ranges: bytes
date: Wed, 06 Dec 2023 17:09:57 GMT
age: 2475255
x-served-by: cache-fra-etou8220035-FRA, cache-bma1626-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 4392
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.5.1.min.js

151.101.2.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.5.1.min.js
IP
151.101.2.137:443
ASN
#54113 FASTLY

Requested by
https://rnjit.com/amex/sar/clients/cc.php
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65451)
Size
31 kB (30879 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /jquery-3.5.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rnjit.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d84"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 06 Dec 2023 17:09:57 GMT
age: 3427909
x-served-by: cache-lga13628-LGA, cache-bma1658-BMA
x-cache: HIT, HIT
x-cache-hits: 20, 414978
x-timer: S1701882597.185272,VS0,VE0
vary: Accept-Encoding
content-length: 30879
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery.payment/3.0.0/jquery.payment.min.js

104.17.25.14

200 OK

2.4 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery.payment/3.0.0/jquery.payment.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rnjit.com/amex/sar/clients/cc.php
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (8392)
Size
2.4 kB (2420 bytes)
Hash
ae3f52c2166f5c09f5f3ceeda2c15f01
7d5b0613ee02bc0f39f546443f338c806634c5f6
6c4ba1c662b440b3aefe5e5147ea2df72f80e510e4979c65485a7b0fff894e37

HTTP Headers

GET /ajax/libs/jquery.payment/3.0.0/jquery.payment.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rnjit.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 06 Dec 2023 17:09:57 GMT
content-type: application/javascript; charset=utf-8
content-length: 2420
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec3-210b"
last-modified: Mon, 04 May 2020 16:11:47 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1173232
expires: Mon, 25 Nov 2024 17:09:57 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4VtVvEjeRXnQQG%2FrXmf%2FKFYfdTvQAO8l1Esxi3Hgm6FKkgxE8vi7wvDhu%2BA1O26nAzfqKakUvDFuBLiE%2FG%2FVZOCa8ujrGd7xZaGABV8GUnKbCDGZ249%2BWVchrsyVAgbq9GsCY2ry"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 831623b85da65688-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js

151.101.129.229

200 OK

23 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://rnjit.com/amex/sar/clients/cc.php
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (65299)
Size
23 kB (23383 bytes)
Hash
7f389f5d2622ce2090eca7c36bcb90bc
ab27031159724e2421f6ff5c70f48e657abe9d39
8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01

HTTP Headers

GET /npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rnjit.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 4.5.3
x-jsd-version-type: version
etag: W/"148b8-qycDEVlyTiQh9v9ccPSOZXq+nTk"
content-encoding: br
accept-ranges: bytes
date: Wed, 06 Dec 2023 17:09:57 GMT
age: 20024829
x-served-by: cache-fra-eddf8230067-FRA, cache-bma1626-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 23383
X-Firefox-Spdy: h2

rnjit.com/amex/sar/assets/css/style.css

146.71.124.178

200 OK

1.6 kB

URL GET HTTP/2
rnjit.com/amex/sar/assets/css/style.css
IP
146.71.124.178:443
ASN
#53850 GORILLASERVERS

Requested by
https://rnjit.com/amex/sar/clients/cc.php
Certificate
IssuerLet's Encrypt
Subject*.rnjit.com
Fingerprint3B:80:E0:40:2B:3E:1F:D9:27:13:E7:03:9D:04:C2:85:9B:A2:2C:86
ValidityFri, 10 Nov 2023 05:44:38 GMT - Thu, 08 Feb 2024 05:44:37 GMT

File type
ASCII text, with very long lines (7289), with CRLF line terminators
Size
1.6 kB (1629 bytes)
Hash
f95c289a283a592e2d0fc1950b34c1f6
4d28f8212a5f3bfd83c1422b98c4419a9b6e3ecc
9a16ff329ed6f99367ec8e2a1c39dda00337d4db1e2c6ef07d522b38304026c2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /amex/sar/assets/css/style.css HTTP/1.1
Host: rnjit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rnjit.com/amex/sar/clients/cc.php
Cookie: PHPSESSID=053d171670d6310c034b786e87d58cf8
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 13 Dec 2023 17:09:57 GMT
content-type: text/css
last-modified: Wed, 07 Jul 2021 06:39:48 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1629
date: Wed, 06 Dec 2023 17:09:57 GMT
X-Firefox-Spdy: h2

rnjit.com/amex/sar/assets/css/helpers.css

146.71.124.178

200 OK

2.8 kB

URL GET HTTP/2
rnjit.com/amex/sar/assets/css/helpers.css
IP
146.71.124.178:443
ASN
#53850 GORILLASERVERS

Requested by
https://rnjit.com/amex/sar/clients/cc.php
Certificate
IssuerLet's Encrypt
Subject*.rnjit.com
Fingerprint3B:80:E0:40:2B:3E:1F:D9:27:13:E7:03:9D:04:C2:85:9B:A2:2C:86
ValidityFri, 10 Nov 2023 05:44:38 GMT - Thu, 08 Feb 2024 05:44:37 GMT

File type
ASCII text, with very long lines (41750), with CRLF line terminators
Size
2.8 kB (2761 bytes)
Hash
fd877f138d23d5a790645eb95167aec3
ee2f01ca01c5f7e6f674ad79a9fea30f78a66f2c
f839760d1621714efedeb3eb08b25e619812dcc33d77aceb0daf405ac727a765

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /amex/sar/assets/css/helpers.css HTTP/1.1
Host: rnjit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rnjit.com/amex/sar/clients/cc.php
Cookie: PHPSESSID=053d171670d6310c034b786e87d58cf8
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 13 Dec 2023 17:09:57 GMT
content-type: text/css
last-modified: Wed, 07 Jul 2021 06:39:48 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2761
date: Wed, 06 Dec 2023 17:09:57 GMT
X-Firefox-Spdy: h2

rnjit.com/amex/sar/assets/imgs/topmenu.png

146.71.124.178

200 OK

4.5 kB

URL GET HTTP/2
rnjit.com/amex/sar/assets/imgs/topmenu.png
IP
146.71.124.178:443
ASN
#53850 GORILLASERVERS

Requested by
https://rnjit.com/amex/sar/clients/cc.php
Certificate
IssuerLet's Encrypt
Subject*.rnjit.com
Fingerprint3B:80:E0:40:2B:3E:1F:D9:27:13:E7:03:9D:04:C2:85:9B:A2:2C:86
ValidityFri, 10 Nov 2023 05:44:38 GMT - Thu, 08 Feb 2024 05:44:37 GMT

File type
PNG image data, 554 x 22, 8-bit/color RGB, non-interlaced\012- data
Size
4.5 kB (4468 bytes)
Hash
3ef70a29009acd2c53025faf48fdb87f
dea281fdd8d0f1dd0b84ccc5bf9b37f5e6831ed2
8c3d3b6bfcc139819e992b2aadd3b66a38003d7a64a4817e4b252c12730d745e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /amex/sar/assets/imgs/topmenu.png HTTP/1.1
Host: rnjit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rnjit.com/amex/sar/clients/cc.php
Cookie: PHPSESSID=053d171670d6310c034b786e87d58cf8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 13 Dec 2023 17:09:57 GMT
content-type: image/png
last-modified: Wed, 07 Jul 2021 06:39:48 GMT
accept-ranges: bytes
content-length: 4468
date: Wed, 06 Dec 2023 17:09:57 GMT
X-Firefox-Spdy: h2

rnjit.com/amex/sar/assets/imgs/logo.svg

146.71.124.178

200 OK

2.2 kB

URL GET HTTP/2
rnjit.com/amex/sar/assets/imgs/logo.svg
IP
146.71.124.178:443
ASN
#53850 GORILLASERVERS

Requested by
https://rnjit.com/amex/sar/clients/cc.php
Certificate
IssuerLet's Encrypt
Subject*.rnjit.com
Fingerprint3B:80:E0:40:2B:3E:1F:D9:27:13:E7:03:9D:04:C2:85:9B:A2:2C:86
ValidityFri, 10 Nov 2023 05:44:38 GMT - Thu, 08 Feb 2024 05:44:37 GMT

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
2.2 kB (2157 bytes)
Hash
f484b593c2387746a054f521e313ec93
8448e96f9e03ed3a82de4ac698f1fe78e37ff638
e0447aa04943d0d047baf922ce6f286da4e50d62113aa19505f75705a9a46773

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /amex/sar/assets/imgs/logo.svg HTTP/1.1
Host: rnjit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rnjit.com/amex/sar/clients/cc.php
Cookie: PHPSESSID=053d171670d6310c034b786e87d58cf8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 13 Dec 2023 17:09:57 GMT
content-type: image/svg+xml
last-modified: Wed, 07 Jul 2021 06:39:48 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2157
date: Wed, 06 Dec 2023 17:09:57 GMT
X-Firefox-Spdy: h2

rnjit.com/amex/sar/assets/imgs/mainmenu.png

146.71.124.178

200 OK

6.2 kB

URL GET HTTP/2
rnjit.com/amex/sar/assets/imgs/mainmenu.png
IP
146.71.124.178:443
ASN
#53850 GORILLASERVERS

Requested by
https://rnjit.com/amex/sar/clients/cc.php
Certificate
IssuerLet's Encrypt
Subject*.rnjit.com
Fingerprint3B:80:E0:40:2B:3E:1F:D9:27:13:E7:03:9D:04:C2:85:9B:A2:2C:86
ValidityFri, 10 Nov 2023 05:44:38 GMT - Thu, 08 Feb 2024 05:44:37 GMT

File type
PNG image data, 567 x 55, 8-bit/color RGB, non-interlaced\012- data
Size
6.2 kB (6241 bytes)
Hash
446925ebc565c88f3c939eeb9ef8ac69
d9d06c83a0cb24a01eeb1cd80b2a5c1d24fbb1f5
e68c19ff1d9a5a8afd8484c3f1cfb97cb69afd7f11078bc500d6f8e761f9f66f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /amex/sar/assets/imgs/mainmenu.png HTTP/1.1
Host: rnjit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rnjit.com/amex/sar/clients/cc.php
Cookie: PHPSESSID=053d171670d6310c034b786e87d58cf8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 13 Dec 2023 17:09:57 GMT
content-type: image/png
last-modified: Wed, 07 Jul 2021 06:39:48 GMT
accept-ranges: bytes
content-length: 6241
date: Wed, 06 Dec 2023 17:09:57 GMT
X-Firefox-Spdy: h2

rnjit.com/amex/sar/assets/imgs/mainmenu2.png

146.71.124.178

200 OK

1.3 kB

URL GET HTTP/2
rnjit.com/amex/sar/assets/imgs/mainmenu2.png
IP
146.71.124.178:443
ASN
#53850 GORILLASERVERS

Requested by
https://rnjit.com/amex/sar/clients/cc.php
Certificate
IssuerLet's Encrypt
Subject*.rnjit.com
Fingerprint3B:80:E0:40:2B:3E:1F:D9:27:13:E7:03:9D:04:C2:85:9B:A2:2C:86
ValidityFri, 10 Nov 2023 05:44:38 GMT - Thu, 08 Feb 2024 05:44:37 GMT

File type
PNG image data, 121 x 27, 8-bit/color RGB, non-interlaced\012- data
Size
1.3 kB (1314 bytes)
Hash
e7f1e571847355ec1e022ab1823c447f
12e6454be808dfeb0625af7a88f1381bc4ebdb80
83ba66cd40ebbd3beb61d6e95dfefa745903e5eda8da8134cec74b57f981f498

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /amex/sar/assets/imgs/mainmenu2.png HTTP/1.1
Host: rnjit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rnjit.com/amex/sar/clients/cc.php
Cookie: PHPSESSID=053d171670d6310c034b786e87d58cf8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 13 Dec 2023 17:09:57 GMT
content-type: image/png
last-modified: Wed, 07 Jul 2021 06:39:48 GMT
accept-ranges: bytes
content-length: 1314
date: Wed, 06 Dec 2023 17:09:57 GMT
X-Firefox-Spdy: h2

rnjit.com/amex/sar/assets/imgs/mainmenu3.png

146.71.124.178

200 OK

555 B

URL GET HTTP/2
rnjit.com/amex/sar/assets/imgs/mainmenu3.png
IP
146.71.124.178:443
ASN
#53850 GORILLASERVERS

Requested by
https://rnjit.com/amex/sar/clients/cc.php
Certificate
IssuerLet's Encrypt
Subject*.rnjit.com
Fingerprint3B:80:E0:40:2B:3E:1F:D9:27:13:E7:03:9D:04:C2:85:9B:A2:2C:86
ValidityFri, 10 Nov 2023 05:44:38 GMT - Thu, 08 Feb 2024 05:44:37 GMT

File type
PNG image data, 59 x 27, 8-bit/color RGB, non-interlaced\012- data
Size
555 B (555 bytes)
Hash
ecb62a581aa254b40678909053bf6605
5dba8a58bae8d2c57632308cc65ce7a16ed6375d
37b9f4c09ef8153cbcfe9e4e65df5eefba1fd1274d700af4e33370b4a2b7cbec

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /amex/sar/assets/imgs/mainmenu3.png HTTP/1.1
Host: rnjit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rnjit.com/amex/sar/clients/cc.php
Cookie: PHPSESSID=053d171670d6310c034b786e87d58cf8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 13 Dec 2023 17:09:57 GMT
content-type: image/png
last-modified: Wed, 07 Jul 2021 06:39:48 GMT
accept-ranges: bytes
content-length: 555
date: Wed, 06 Dec 2023 17:09:57 GMT
X-Firefox-Spdy: h2

rnjit.com/amex/sar/assets/imgs/phone.png

146.71.124.178

200 OK

1.3 kB

URL GET HTTP/2
rnjit.com/amex/sar/assets/imgs/phone.png
IP
146.71.124.178:443
ASN
#53850 GORILLASERVERS

Requested by
https://rnjit.com/amex/sar/clients/cc.php
Certificate
IssuerLet's Encrypt
Subject*.rnjit.com
Fingerprint3B:80:E0:40:2B:3E:1F:D9:27:13:E7:03:9D:04:C2:85:9B:A2:2C:86
ValidityFri, 10 Nov 2023 05:44:38 GMT - Thu, 08 Feb 2024 05:44:37 GMT

File type
PNG image data, 34 x 32, 8-bit/color RGB, non-interlaced\012- data
Size
1.3 kB (1321 bytes)
Hash
7964408e598865be67b2956fff074fee
97617244b54f4676a400ab2e4e2c5de3b612940b
2b86d8e4382ccf265ba1868a89cdc559e41468d9c501d56691e4b88bf90d2f0d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /amex/sar/assets/imgs/phone.png HTTP/1.1
Host: rnjit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rnjit.com/amex/sar/clients/cc.php
Cookie: PHPSESSID=053d171670d6310c034b786e87d58cf8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 13 Dec 2023 17:09:57 GMT
content-type: image/png
last-modified: Wed, 07 Jul 2021 06:39:48 GMT
accept-ranges: bytes
content-length: 1321
date: Wed, 06 Dec 2023 17:09:57 GMT
X-Firefox-Spdy: h2

rnjit.com/amex/sar/clients/cc.php

146.71.124.178

200 OK

2.5 kB

URL User Request GET HTTP/2
rnjit.com/amex/sar/clients/cc.php
IP
146.71.124.178:443
ASN
#53850 GORILLASERVERS

Certificate
IssuerLet's Encrypt
Subject*.rnjit.com
Fingerprint3B:80:E0:40:2B:3E:1F:D9:27:13:E7:03:9D:04:C2:85:9B:A2:2C:86
ValidityFri, 10 Nov 2023 05:44:38 GMT - Thu, 08 Feb 2024 05:44:37 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
2.5 kB (2484 bytes)
Hash
1da8dcb90828c2484e9649230f28454d
d28f6a74cd87a1a71ff01744ac2c8fbeb02aea4d
82f2640848b1d79bc75c27351befab43e34a53a5d379c278dac6910dea1fa963

HTTP Headers

GET /amex/sar/clients/cc.php HTTP/1.1
Host: rnjit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-powered-by: PHP/7.2.34
set-cookie: PHPSESSID=053d171670d6310c034b786e87d58cf8; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
content-encoding: br
vary: Accept-Encoding
date: Wed, 06 Dec 2023 17:09:56 GMT
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

rnjit.com/amex/sar/assets/imgs/network.png

146.71.124.178

200 OK

1.6 kB

URL GET HTTP/2
rnjit.com/amex/sar/assets/imgs/network.png
IP
146.71.124.178:443
ASN
#53850 GORILLASERVERS

Requested by
https://rnjit.com/amex/sar/clients/cc.php
Certificate
IssuerLet's Encrypt
Subject*.rnjit.com
Fingerprint3B:80:E0:40:2B:3E:1F:D9:27:13:E7:03:9D:04:C2:85:9B:A2:2C:86
ValidityFri, 10 Nov 2023 05:44:38 GMT - Thu, 08 Feb 2024 05:44:37 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced\012- data
Size
1.6 kB (1602 bytes)
Hash
c7c5c44612b5193951c42ead1f686cd4
eba3e12a93320c4751bdf8db1f01b2b9aaed6d98
2827052ff2f39ff8dc865661f7ed2a528636e3c10cbd39a819716214ffb0dfa7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /amex/sar/assets/imgs/network.png HTTP/1.1
Host: rnjit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rnjit.com/amex/sar/clients/cc.php
Cookie: PHPSESSID=053d171670d6310c034b786e87d58cf8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 13 Dec 2023 17:09:57 GMT
content-type: image/png
last-modified: Wed, 07 Jul 2021 06:39:48 GMT
accept-ranges: bytes
content-length: 1602
date: Wed, 06 Dec 2023 17:09:57 GMT
X-Firefox-Spdy: h2

rnjit.com/amex/sar/assets/imgs/a.png

146.71.124.178

200 OK

677 B

URL GET HTTP/2
rnjit.com/amex/sar/assets/imgs/a.png
IP
146.71.124.178:443
ASN
#53850 GORILLASERVERS

Requested by
https://rnjit.com/amex/sar/clients/cc.php
Certificate
IssuerLet's Encrypt
Subject*.rnjit.com
Fingerprint3B:80:E0:40:2B:3E:1F:D9:27:13:E7:03:9D:04:C2:85:9B:A2:2C:86
ValidityFri, 10 Nov 2023 05:44:38 GMT - Thu, 08 Feb 2024 05:44:37 GMT

File type
PNG image data, 42 x 25, 8-bit/color RGBA, non-interlaced\012- data
Size
677 B (677 bytes)
Hash
9f6f7e9e5648010f14d43d89b8119767
a98ce94f89f151b331b7a7a244ed63ce99199e8b
f1e8231c6f3bf3a4cbfc92a5f8beaff846a3014c21fe8396ed212bb0d0244db9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /amex/sar/assets/imgs/a.png HTTP/1.1
Host: rnjit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rnjit.com/amex/sar/clients/cc.php
Cookie: PHPSESSID=053d171670d6310c034b786e87d58cf8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 13 Dec 2023 17:09:57 GMT
content-type: image/png
last-modified: Wed, 07 Jul 2021 06:39:48 GMT
accept-ranges: bytes
content-length: 677
date: Wed, 06 Dec 2023 17:09:57 GMT
X-Firefox-Spdy: h2

rnjit.com/amex/sar/assets/js/script.js

146.71.124.178

200 OK

154 B

URL GET HTTP/2
rnjit.com/amex/sar/assets/js/script.js
IP
146.71.124.178:443
ASN
#53850 GORILLASERVERS

Requested by
https://rnjit.com/amex/sar/clients/cc.php
Certificate
IssuerLet's Encrypt
Subject*.rnjit.com
Fingerprint3B:80:E0:40:2B:3E:1F:D9:27:13:E7:03:9D:04:C2:85:9B:A2:2C:86
ValidityFri, 10 Nov 2023 05:44:38 GMT - Thu, 08 Feb 2024 05:44:37 GMT

File type
ASCII text, with CRLF line terminators
Size
154 B (154 bytes)
Hash
6a88d53561e8acbb4afe27307d3d4fb9
f1922e8889b32f2c5af762bed4c596687ef28cbb
01066344ed84a8cfc6518af2398dead9ce515b86e710c4ad301049541722ddd9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /amex/sar/assets/js/script.js HTTP/1.1
Host: rnjit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rnjit.com/amex/sar/clients/cc.php
Cookie: PHPSESSID=053d171670d6310c034b786e87d58cf8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 13 Dec 2023 17:09:57 GMT
content-type: application/javascript
last-modified: Wed, 07 Jul 2021 06:39:48 GMT
accept-ranges: bytes
content-length: 154
date: Wed, 06 Dec 2023 17:09:57 GMT
X-Firefox-Spdy: h2

rnjit.com/amex/sar/assets/imgs/search.png

146.71.124.178

200 OK

797 B

URL GET HTTP/2
rnjit.com/amex/sar/assets/imgs/search.png
IP
146.71.124.178:443
ASN
#53850 GORILLASERVERS

Requested by
https://rnjit.com/amex/sar/clients/cc.php
Certificate
IssuerLet's Encrypt
Subject*.rnjit.com
Fingerprint3B:80:E0:40:2B:3E:1F:D9:27:13:E7:03:9D:04:C2:85:9B:A2:2C:86
ValidityFri, 10 Nov 2023 05:44:38 GMT - Thu, 08 Feb 2024 05:44:37 GMT

File type
PNG image data, 192 x 48, 8-bit/color RGB, non-interlaced\012- data
Size
797 B (797 bytes)
Hash
ed8818b1da63299fa85d652952749ca2
9b8a7e28d1f5b1289951a712a754dd719b463772
26672ffc5edf4c733fafc6988864f8ad7c85ecf1bb296ac493ce1928e15f682f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /amex/sar/assets/imgs/search.png HTTP/1.1
Host: rnjit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rnjit.com/amex/sar/clients/cc.php
Cookie: PHPSESSID=053d171670d6310c034b786e87d58cf8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 13 Dec 2023 17:09:57 GMT
content-type: image/png
last-modified: Wed, 07 Jul 2021 06:39:48 GMT
accept-ranges: bytes
content-length: 797
date: Wed, 06 Dec 2023 17:09:57 GMT
X-Firefox-Spdy: h2

rnjit.com/amex/sar/assets/imgs/b.png

146.71.124.178

200 OK

643 B

URL GET HTTP/2
rnjit.com/amex/sar/assets/imgs/b.png
IP
146.71.124.178:443
ASN
#53850 GORILLASERVERS

Requested by
https://rnjit.com/amex/sar/clients/cc.php
Certificate
IssuerLet's Encrypt
Subject*.rnjit.com
Fingerprint3B:80:E0:40:2B:3E:1F:D9:27:13:E7:03:9D:04:C2:85:9B:A2:2C:86
ValidityFri, 10 Nov 2023 05:44:38 GMT - Thu, 08 Feb 2024 05:44:37 GMT

File type
PNG image data, 42 x 25, 8-bit/color RGBA, non-interlaced\012- data
Size
643 B (643 bytes)
Hash
0b26f7938650cb2a84556610eaf87937
f3cacc72714c070c36ae4326ec861116418c2915
58ead390cc509331a0ef667a2ed6df336c32af6d03f3c4342d84412f776188ef

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /amex/sar/assets/imgs/b.png HTTP/1.1
Host: rnjit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rnjit.com/amex/sar/clients/cc.php
Cookie: PHPSESSID=053d171670d6310c034b786e87d58cf8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 13 Dec 2023 17:09:57 GMT
content-type: image/png
last-modified: Wed, 07 Jul 2021 06:39:48 GMT
accept-ranges: bytes
content-length: 643
date: Wed, 06 Dec 2023 17:09:57 GMT
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.131

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://rnjit.com/amex/sar/clients/cc.php
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0\012- data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rnjit.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 23:53:42 GMT
expires: Tue, 03 Dec 2024 23:53:42 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
age: 148575
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.131

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://rnjit.com/amex/sar/clients/cc.php
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0\012- data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rnjit.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 23:53:42 GMT
expires: Tue, 03 Dec 2024 23:53:42 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
age: 148575
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.131

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://rnjit.com/amex/sar/clients/cc.php
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0\012- data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rnjit.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 23:53:42 GMT
expires: Tue, 03 Dec 2024 23:53:42 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
age: 148575
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.131

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://rnjit.com/amex/sar/clients/cc.php
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0\012- data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rnjit.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 23:53:42 GMT
expires: Tue, 03 Dec 2024 23:53:42 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
age: 148575
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;600;700&display=swap

142.250.74.42

200 OK

95 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;600;700&display=swap
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://rnjit.com/amex/sar/clients/cc.php
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
gzip compressed data, max compression\012- data
Size
95 kB (94645 bytes)
Hash
8bf6b58c21cfa997a4be602fd5f3aa5d
0959273aa951135ba2db3055063f4b8e6e7342a5
f43db2776b562b0152fd6e10edd92f59bae0943b1eee95486069644364a07f0f

HTTP Headers

GET /css2?family=Open+Sans:wght@300;400;600;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rnjit.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 06 Dec 2023 17:09:57 GMT
date: Wed, 06 Dec 2023 17:09:57 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

rnjit.com/amex/sar/assets/imgs/favicon.png

146.71.124.178

200 OK

718 B

URL GET HTTP/3
rnjit.com/amex/sar/assets/imgs/favicon.png
IP
146.71.124.178:443
ASN
#53850 GORILLASERVERS

Requested by
https://rnjit.com/amex/sar/clients/cc.php
Certificate
IssuerLet's Encrypt
Subject*.rnjit.com
Fingerprint3B:80:E0:40:2B:3E:1F:D9:27:13:E7:03:9D:04:C2:85:9B:A2:2C:86
ValidityFri, 10 Nov 2023 05:44:38 GMT - Thu, 08 Feb 2024 05:44:37 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced\012- data
Size
718 B (718 bytes)
Hash
2dc777904165e907c02ab1e8fa3c42d6
6b513d18501ba24de29260bed510d7d6afd78c95
5fa76f1ba64ba48d615506cbf91f9134a2b4c53914d30f9d79aca3244df528e3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /amex/sar/assets/imgs/favicon.png HTTP/1.1
Host: rnjit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rnjit.com/amex/sar/clients/cc.php
Cookie: PHPSESSID=053d171670d6310c034b786e87d58cf8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Wed, 13 Dec 2023 17:09:57 GMT
content-type: image/png
last-modified: Wed, 07 Jul 2021 06:39:48 GMT
accept-ranges: bytes
content-length: 718
date: Wed, 06 Dec 2023 17:09:57 GMT

rnjit.com/amex/sar/assets/imgs/map.png

146.71.124.178

200 OK

94 kB

URL GET HTTP/3
rnjit.com/amex/sar/assets/imgs/map.png
IP
146.71.124.178:443
ASN
#53850 GORILLASERVERS

Requested by
https://rnjit.com/amex/sar/clients/cc.php
Certificate
IssuerLet's Encrypt
Subject*.rnjit.com
Fingerprint3B:80:E0:40:2B:3E:1F:D9:27:13:E7:03:9D:04:C2:85:9B:A2:2C:86
ValidityFri, 10 Nov 2023 05:44:38 GMT - Thu, 08 Feb 2024 05:44:37 GMT

File type
PNG image data, 1169 x 637, 8-bit grayscale, non-interlaced\012- data
Size
94 kB (93866 bytes)
Hash
38aaa3e2ec305c8ab2933bfcf0221be0
e0e3e79d9f9b51bea13bd81f5f712a4cf662a86b
e5d820987db3c395fa069e88ddaec100f7ad679ea9d425a9c0f24ad1a01d8bee

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /amex/sar/assets/imgs/map.png HTTP/1.1
Host: rnjit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rnjit.com/amex/sar/assets/css/style.css
Cookie: PHPSESSID=053d171670d6310c034b786e87d58cf8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Wed, 13 Dec 2023 17:09:57 GMT
content-type: image/png
last-modified: Wed, 07 Jul 2021 06:39:48 GMT
accept-ranges: bytes
content-length: 93866
date: Wed, 06 Dec 2023 17:09:57 GMT
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

rnjit.com/amex/sar/assets/imgs/email.png

146.71.124.178

200 OK

424 B

URL GET HTTP/2
rnjit.com/amex/sar/assets/imgs/email.png
IP
146.71.124.178:443
ASN
#53850 GORILLASERVERS

Requested by
https://rnjit.com/amex/sar/clients/cc.php
Certificate
IssuerLet's Encrypt
Subject*.rnjit.com
Fingerprint3B:80:E0:40:2B:3E:1F:D9:27:13:E7:03:9D:04:C2:85:9B:A2:2C:86
ValidityFri, 10 Nov 2023 05:44:38 GMT - Thu, 08 Feb 2024 05:44:37 GMT

File type
PNG image data, 20 x 15, 8-bit/color RGB, non-interlaced\012- data
Size
424 B (424 bytes)
Hash
b2245712114ee87eeefa6de2438809cc
615c626ab84d3aecb1862540ddce141d8db4ef9b
559a944338db2f3adee6be15854629b7d9042928ab9034f48438385a4d70018a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /amex/sar/assets/imgs/email.png HTTP/1.1
Host: rnjit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rnjit.com/amex/sar/clients/cc.php
Cookie: PHPSESSID=053d171670d6310c034b786e87d58cf8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 13 Dec 2023 17:09:57 GMT
content-type: image/png
last-modified: Wed, 07 Jul 2021 06:39:48 GMT
accept-ranges: bytes
content-length: 424
date: Wed, 06 Dec 2023 17:09:57 GMT
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (28)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type