Report - thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom

Report Overview

Submitted URL
thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom
IP
198.54.116.100
ASN
#22612 NAMECHEAP-NET
Submitted
2024-05-07 12:25:38
Access
public
Website Title
Norway - Track Shipment
Final URL
thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom/
Tags
suspicious
urlquery detections
Suspicious - Anti-debugging code

Detections

urlquery
3
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
code.jquery.com	634	2005-12-10	2012-05-21	2024-05-07	828 B	112 kB	151.101.2.137
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-05-07	437 B	31 kB	142.250.74.138
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-07	454 B	1.6 kB	142.250.74.106
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18	2024-05-06	458 B	146 kB	104.18.11.207
thetimehascome2024.xyz	unknown	2024-02-12	2024-02-12	2024-02-12	3.1 kB	318 kB	198.54.116.100

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom/	198 B	2023-03-10	2024-05-18
Pretty URL thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom/ IP 198.54.116.100 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 11:01:22 Last Seen2024-05-18 19:14:01 Times Seen36 Hash 29ee0f8f9120f3c2513b3a933f2fd86a d1469f5833ed536eea8dd01ca6a3c86c9b776bc3 cbd1c8b34bb0a585c3e01e5e60818c9eb3ff514b0a2db59d8d3549d27660a5ef Loading...

	ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js	86 kB	2023-03-07	2024-05-19
Pretty URL ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js IP 142.250.74.138 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-19 16:33:02 Times Seen394443 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	code.jquery.com/jquery-3.1.1.min.js	87 kB	2023-03-07	2024-05-19
Pretty URL code.jquery.com/jquery-3.1.1.min.js IP 151.101.2.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:34 Last Seen2024-05-19 12:02:01 Times Seen269793 Hash e071abda8fe61194711cfc2ab99fe104 f647a6d37dc4ca055ced3cf64bbc1f490070acba 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf Loading...

	code.jquery.com/jquery-3.3.1.js	272 kB	2023-03-07	2024-05-19
Pretty URL code.jquery.com/jquery-3.3.1.js IP 151.101.2.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-19 16:27:57 Times Seen60702 Hash 6a07da9fae934baf3f749e876bbfdd96 46a436eba01c79acdb225757ed80bf54bad6416b d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad Loading...

	thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom/	4.1 kB	2023-03-10	2024-05-07
Pretty URL thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom/ IP 198.54.116.100 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 11:01:22 Last Seen2024-05-07 14:25:39 Times Seen18 Hash 286e2994b1092cf69dbd648cf58bf9ab 8dbd86597d85beb1f6b91e45424c731130b14114 84d955d6e04bcbb63e9969431b1ba47a4d8fe14a5f6fd2754165f0c891b2fdac Loading...

HTTP Transactions (11)

URL IP Response Size

thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom

198.54.116.100

301 Moved Permanently

795 B

URL User Request GET HTTP/2
thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom
IP
198.54.116.100:443
ASN
#22612 NAMECHEAP-NET

Certificate
IssuerSectigo Limited
Subjectthetimehascome2024.xyz
Fingerprint32:E4:31:CA:37:00:0F:30:CC:60:B5:3B:CF:27:44:12:CC:63:11:88
ValidityMon, 12 Feb 2024 00:00:00 GMT - Wed, 12 Feb 2025 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
795 B (795 bytes)
Hash
5d8d79c3cb9af023240b1be6f5057aaa
df22980677b134e83d878893f7c7984e0d78a240
e8b101a7c7f64aad528cc734513cbeb02243c0af37930dc0f3239749cff184b6

HTTP Headers

GET /02-2024/webmail/dhl/new/dhlcom HTTP/1.1
Host: thetimehascome2024.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
content-type: text/html
content-length: 795
date: Tue, 07 May 2024 12:25:07 GMT
server: LiteSpeed
location: https://thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom/
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.1.1.min.js

151.101.2.137

200 OK

30 kB

URL GET HTTP/2
code.jquery.com/jquery-3.1.1.min.js
IP
151.101.2.137:443
ASN
#54113 FASTLY

Requested by
https://thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (32030)
Size
30 kB (30070 bytes)
Hash
e071abda8fe61194711cfc2ab99fe104
f647a6d37dc4ca055ced3cf64bbc1f490070acba
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

HTTP Headers

GET /jquery-3.1.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thetimehascome2024.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-152b5"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 07 May 2024 12:25:09 GMT
age: 20284110
x-served-by: cache-lga21947-LGA, cache-hel1410029-HEL
x-cache: HIT, HIT
x-cache-hits: 118, 2978
x-timer: S1715084709.105443,VS0,VE0
vary: Accept-Encoding
content-length: 30070
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.3.1.js

151.101.2.137

200 OK

80 kB

URL GET HTTP/2
code.jquery.com/jquery-3.3.1.js
IP
151.101.2.137:443
ASN
#54113 FASTLY

Requested by
https://thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
80 kB (80268 bytes)
Hash
6a07da9fae934baf3f749e876bbfdd96
46a436eba01c79acdb225757ed80bf54bad6416b
d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad

HTTP Headers

GET /jquery-3.3.1.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thetimehascome2024.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-42587"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 07 May 2024 12:25:09 GMT
age: 20284058
x-served-by: cache-lga21980-LGA, cache-hel1410029-HEL
x-cache: HIT, HIT
x-cache-hits: 99, 610
x-timer: S1715084709.106248,VS0,VE0
vary: Accept-Encoding
content-length: 80268
X-Firefox-Spdy: h2

thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom/assets/banner.png

198.54.116.100

200 OK

2.0 kB

URL GET HTTP/2
thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom/assets/banner.png
IP
198.54.116.100:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom/
Certificate
IssuerSectigo Limited
Subjectthetimehascome2024.xyz
Fingerprint32:E4:31:CA:37:00:0F:30:CC:60:B5:3B:CF:27:44:12:CC:63:11:88
ValidityMon, 12 Feb 2024 00:00:00 GMT - Wed, 12 Feb 2025 23:59:59 GMT

File type
PNG image data, 214 x 20, 8-bit/color RGBA, non-interlaced
Size
2.0 kB (1998 bytes)
Hash
5d14ab93691604e826e1319d53599eb9
78724360e9d25da584445b851e37bca05abe6b85
3f0c62b5ccdcdbf3b3ae3885f1e6959e2d937eba9b29dea9a6bdb98788041756

HTTP Headers

GET /02-2024/webmail/dhl/new/dhlcom/assets/banner.png HTTP/1.1
Host: thetimehascome2024.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 14 May 2024 12:25:09 GMT
content-type: image/png
last-modified: Sun, 31 Oct 2021 21:45:50 GMT
etag: "7ce-617f0e8e-0;;;"
accept-ranges: bytes
content-length: 1998
date: Tue, 07 May 2024 12:25:09 GMT
server: LiteSpeed
x-robots-tag: noindex, nofollow
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom/assets/logo.svg

198.54.116.100

200 OK

648 B

URL GET HTTP/2
thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom/assets/logo.svg
IP
198.54.116.100:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom/
Certificate
IssuerSectigo Limited
Subjectthetimehascome2024.xyz
Fingerprint32:E4:31:CA:37:00:0F:30:CC:60:B5:3B:CF:27:44:12:CC:63:11:88
ValidityMon, 12 Feb 2024 00:00:00 GMT - Wed, 12 Feb 2025 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
648 B (648 bytes)
Hash
3fecc9db35d5d2a9e6e71ab4b02d22e5
628ba2f505b480097445aaf08649a08242bd6847
362bcaa42090e36611031bec6bdaa0600375ef847092cca195c58d3bae9b4419

HTTP Headers

GET /02-2024/webmail/dhl/new/dhlcom/assets/logo.svg HTTP/1.1
Host: thetimehascome2024.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 14 May 2024 12:25:09 GMT
content-type: image/svg+xml
last-modified: Sun, 31 Oct 2021 21:47:04 GMT
etag: "643-617f0ed8-0;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 648
date: Tue, 07 May 2024 12:25:09 GMT
server: LiteSpeed
x-robots-tag: noindex, nofollow
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

142.250.74.138

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
JavaScript source, ASCII text, with very long lines (32065)
Size
30 kB (30028 bytes)
Hash
2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

HTTP Headers

GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thetimehascome2024.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30028
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 23:24:47 GMT
expires: Fri, 02 May 2025 23:24:47 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 392422
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Archivo+Narrow&display=swap

142.250.74.106

200 OK

969 B

URL GET HTTP/2
fonts.googleapis.com/css?family=Archivo+Narrow&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
969 B (969 bytes)
Hash
6c639d1c0abfdd9b82b74227d814eb94
5619d4a9134fadc454a014eb54bb2dcf653fec32
bc272878b7dd7fe77d5d06156ffbd61a7e437b826062e4c0a9883129e884e35e

HTTP Headers

GET /css?family=Archivo+Narrow&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thetimehascome2024.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 07 May 2024 12:25:09 GMT
date: Tue, 07 May 2024 12:25:09 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom/assets/favicon.ico

198.54.116.100

200 OK

1.2 kB

URL GET HTTP/2
thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom/assets/favicon.ico
IP
198.54.116.100:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom/
Certificate
IssuerSectigo Limited
Subjectthetimehascome2024.xyz
Fingerprint32:E4:31:CA:37:00:0F:30:CC:60:B5:3B:CF:27:44:12:CC:63:11:88
ValidityMon, 12 Feb 2024 00:00:00 GMT - Wed, 12 Feb 2025 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
d8106bf3a1d00ab43b01e6e3c92500eb
202b5e8654ab1b28351378293bca3b9d844cc29b
9ada5709e264c31b04a05bd85448a9bd5e91925e8d83df5cef0762ec97cc283e

HTTP Headers

GET /02-2024/webmail/dhl/new/dhlcom/assets/favicon.ico HTTP/1.1
Host: thetimehascome2024.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 14 May 2024 12:25:09 GMT
content-type: image/x-icon
last-modified: Sun, 31 Oct 2021 21:32:00 GMT
etag: "47e-617f0b50-0;;;"
accept-ranges: bytes
content-length: 1150
date: Tue, 07 May 2024 12:25:09 GMT
server: LiteSpeed
x-robots-tag: noindex, nofollow
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom/assets/background.jpg

198.54.116.100

200 OK

291 kB

URL GET HTTP/2
thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom/assets/background.jpg
IP
198.54.116.100:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom/
Certificate
IssuerSectigo Limited
Subjectthetimehascome2024.xyz
Fingerprint32:E4:31:CA:37:00:0F:30:CC:60:B5:3B:CF:27:44:12:CC:63:11:88
ValidityMon, 12 Feb 2024 00:00:00 GMT - Wed, 12 Feb 2025 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 1063x709, components 3
Size
291 kB (291328 bytes)
Hash
0a3d668d56764fa444e586f0a5d039a0
79014b20ad1775376770932b89772866b482f6df
b7a0f7ee8323598d2c9a8b5a12b876d68bbcf149d021d5bd949bfa6f3b75d08b

HTTP Headers

GET /02-2024/webmail/dhl/new/dhlcom/assets/background.jpg HTTP/1.1
Host: thetimehascome2024.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 14 May 2024 12:25:09 GMT
content-type: image/jpeg
last-modified: Sun, 31 Oct 2021 22:05:24 GMT
etag: "47200-617f1324-0;;;"
accept-ranges: bytes
content-length: 291328
date: Tue, 07 May 2024 12:25:09 GMT
server: LiteSpeed
x-robots-tag: noindex, nofollow
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom/

198.54.116.100

200 OK

20 kB

URL User Request GET HTTP/2
thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom/
IP
198.54.116.100:443
ASN
#22612 NAMECHEAP-NET

Certificate
IssuerSectigo Limited
Subjectthetimehascome2024.xyz
Fingerprint32:E4:31:CA:37:00:0F:30:CC:60:B5:3B:CF:27:44:12:CC:63:11:88
ValidityMon, 12 Feb 2024 00:00:00 GMT - Wed, 12 Feb 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (445), with CRLF line terminators
Size
20 kB (20380 bytes)
Hash
42cc1a4d41e6a1388d21d2bda81f4131
64aa8090f13e7ea55a9f6be4abd8e59a4795c874
effd56bc7e5b8ae80be3ae7c7e4b49305d820d491114622f19e4f755db18e494

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code

HTTP Headers

GET /02-2024/webmail/dhl/new/dhlcom/ HTTP/1.1
Host: thetimehascome2024.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-powered-by: PHP/8.0.30
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
expires: Thu, 06 Jun 2024 12:25:08 GMT
content-encoding: br
vary: Accept-Encoding
date: Tue, 07 May 2024 12:25:08 GMT
server: LiteSpeed
x-robots-tag: noindex, nofollow
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

104.18.11.207

200 OK

145 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
IP
104.18.11.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thetimehascome2024.xyz/02-2024/webmail/dhl/new/dhlcom/
Certificate
IssuerGoogle Trust Services LLC
Subjectbootstrapcdn.com
Fingerprint57:B4:25:B9:9C:88:A1:A3:3D:F7:31:74:02:E4:D1:E0:0A:F5:11:63
ValidityWed, 27 Mar 2024 00:22:09 GMT - Tue, 25 Jun 2024 00:22:08 GMT

File type
ASCII text, with very long lines (65325)
Size
145 kB (144877 bytes)
Hash
450fc463b8b1a349df717056fbb3e078
895125a4522a3b10ee7ada06ee6503587cbf95c5
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d

HTTP Headers

GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thetimehascome2024.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 12:25:09 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"450fc463b8b1a349df717056fbb3e078"
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 10/31/2023 18:48:44
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 752
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 6f2d14e9436097e66447b103aa0360de
cdn-cache: HIT
cf-cache-status: HIT
age: 582409
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 880130e76c6956c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (11)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2