urlscan.io logo urlscan.io
SecurityTrails logo

emaholdings.com Open in urlscan Pro
107.155.82.34  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://u31768930.ct.sendgrid.net/ls/click?upn=WN-2F48qtwpJ9C89w1HSa2-2Bzb5VxEDCUSj9urNH1fGsKWVvcnPMBt3y8k8K38idoZtHyL0McW-2Bf0yEW...
Effective URL: https://emaholdings.com/delivery-dispatch-confirmation/
Submission: On January 16 via manual from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 14 HTTP transactions. The main IP is 107.155.82.34, located in Dallas, United States and belongs to HVC-AS, US. The main domain is emaholdings.com.
TLS certificate: Issued by R3 on January 11th 2023. Valid for: 3 months.
This is the only time emaholdings.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

IP Address AS Autonomous System
1 1 167.89.123.122 11377 (SENDGRID)
8 107.155.82.34 29802 (HVC-AS)
2 2606:4700:e2:... 13335 (CLOUDFLAR...)
1 2 23.37.57.200 16625 (AKAMAI-AS)
3 2606:4700::68... 13335 (CLOUDFLAR...)
14 5
1    167.89.123.122 (Chicago, United States)

ASN11377 (SENDGRID, US)
PTR: o16789123x122.outbound-mail.sendgrid.net
u31768930.ct.sendgrid.net
8    107.155.82.34 (Dallas, United States)

ASN29802 (HVC-AS, US)
PTR: 107-155-82-34.static.hvvc.us
emaholdings.com
2    2606:4700:e2::ac40:840f (United States)

ASN13335 (CLOUDFLARENET, US)
use.fontawesome.com
2    23.37.57.200 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-57-200.deploy.static.akamaitechnologies.com
mydhl.express.dhl
3    2606:4700::6810:f34e (United States)

ASN13335 (CLOUDFLARENET, US)
phishercentral-iwk5k.ondigitalocean.app
Apex Domain
Subdomains		 Transfer
8 emaholdings.com
emaholdings.com
2 MB
3 ondigitalocean.app
phishercentral-iwk5k.ondigitalocean.app
354 B
2 express.dhl
mydhl.express.dhl — Cisco Umbrella Rank: 35706
5 KB
2 fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 846
86 KB
1 sendgrid.net
u31768930.ct.sendgrid.net
258 B
14 5
Domain Requested by
8 emaholdings.com emaholdings.com
3 phishercentral-iwk5k.ondigitalocean.app emaholdings.com
2 mydhl.express.dhl 1 redirects emaholdings.com
2 use.fontawesome.com emaholdings.com
use.fontawesome.com
1 u31768930.ct.sendgrid.net 1 redirects
14 5

This site contains no links.

Subject Issuer Validity Valid
emaholdings.com
R3		 2023-01-11 -
2023-04-11		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-06-06 -
2023-06-05		 a year crt.sh
ondigitalocean.app
Cloudflare Inc ECC CA-3		 2022-10-18 -
2023-10-17		 a year crt.sh

This page contains 1 frames:

Primary Page: https://emaholdings.com/delivery-dispatch-confirmation/
Frame ID: 135083D086E15E699DB968594A5CFB26
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

DHL

Page URL History Show full URLs

  1. https://u31768930.ct.sendgrid.net/ls/click?upn=WN-2F48qtwpJ9C89w1HSa2-2Bzb5VxEDCUSj9urNH1fGsKWVvcnPMBt3y8k8K38... HTTP 302
    https://emaholdings.com/delivery-dispatch-confirmation/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

14
Requests

93 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

1974 kB
Transfer

2012 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://u31768930.ct.sendgrid.net/ls/click?upn=WN-2F48qtwpJ9C89w1HSa2-2Bzb5VxEDCUSj9urNH1fGsKWVvcnPMBt3y8k8K38idoZtHyL0McW-2Bf0yEWqkVhnUiRFDZ-2B13Y2-2Bi7vsKZWya69-2Bk-3DU3UJ_g-2BzvdYitVX9I9KoDXjcOMyZ6pxXuv-2BauMKjVGEEHGpkSqlKgirGIC2NoHhuL3hGLoSB246BpuJjpFvgPrCtUFlQdhoMje726egFxCFm-2Flzos0zYvEmZXYFTa4oeYvfPFAEu8Ad0oK0yn5kbSjLjK9C32EWbiMQ4OUItvl6PLfpbYeB05qP-2FaNMi8HWwlKDK-2Bhi1IgxerfStS-2FkdvESNK4Eo-2FEKD3h5v8AX3ieUKUdCaT2jQAStGTsuWpe3V4rIFUAnS80Frb9jRQvFb-2BQoICD0XByog1asSvjt7cuICWpKV7KMaO2xuS2nGmI9ODgqKg1j9io-2BCdib59bLoichEq8pgpX5isrwmN0nKVBKs03QpcQCABNqrpqSFB4foyYpCAi-2FzypYlB6M-2BXgouxm2OhN9LyTJNt2pGTutngzf-2B1aSlHPZH9URWOmnP6sIlP5iaMoSf-2Bszjd-2FB6wsfEU6iudBmLI07Q0gxppp26esKPmFtuACCx8okN-2Fe7yFmnFQhG3CtfUzePjE5whigAjqCjufsjT9CKSAdFBciIebgoo0bGWjDZvW16rOuwoxv-2BBu5-2Fyk4hBlVY7gmJo1EyZRW-2BKIEEJOSbc84JOfmIGNGXIU7wU0qdwnePYj6hpsrfu4PbYF-2Bx7Q7-2BhgBHF-2FV7ashzYBtRUeayWZRtb51oKH5l28DV7eBEVNVAWa3LQg1KFIbh7hZ2lQ2cavUboN1cahw-2BX0xRrZF3DX3v-2B44WV-2BoMPV6qYp-2F30MA85Ab0yGNsua5yABOy0fXBREGhVNd6sGBeNVHLIZtDI4jlszHOv-2BQ-2B7tNblsLrmtFrtz88PA4jJIXh1xV04ert4qAN-2FvpbizDIIBhr0UQ15ZFQC-2F6XmxJPzCej8mRLN4W1vNBOsv9GhtG6YQ HTTP 302
    https://emaholdings.com/delivery-dispatch-confirmation/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://mydhl.express.dhl/content/dhl/fr/en/_jcr_content/footer-v2/image.img.png/1625790534535.png HTTP 302
  • https://mydhl.express.dhl/fr/en/_jcr_content/footer-v2/image.img.png/1625790534535.png

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
emaholdings.com/delivery-dispatch-confirmation/
Redirect Chain
  • https://u31768930.ct.sendgrid.net/ls/click?upn=WN-2F48qtwpJ9C89w1HSa2-2Bzb5VxEDCUSj9urNH1fGsKWVvcnPMBt3y8k8K38idoZtHyL0McW-2Bf0yEWqkVhnUiRFDZ-2B13Y2-2Bi7vsKZWya69-2Bk-3DU3UJ_g-2BzvdYitVX9I9KoDXjcOM...
  • https://emaholdings.com/delivery-dispatch-confirmation/
4 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://emaholdings.com/delivery-dispatch-confirmation/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
107.155.82.34 Dallas, United States, ASN29802 (HVC-AS, US),
Reverse DNS
107-155-82-34.static.hvvc.us
Software
Apache /
Resource Hash
6abc5a5681842efd192c91c13eef81434564521c2131e66a106c0d8d361a10d1
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
Keep-Alive
Content-Length
3916
Content-Type
text/html
Date
Mon, 16 Jan 2023 12:15:05 GMT
Keep-Alive
timeout=5, max=100
Last-Modified
Thu, 12 Jan 2023 12:51:00 GMT
Server
Apache
Strict-Transport-Security
max-age=300; includeSubDomains; preload

Redirect headers

Connection
keep-alive
Content-Length
78
Content-Type
text/html; charset=utf-8
Date
Mon, 16 Jan 2023 12:15:02 GMT
Location
https://emaholdings.com/delivery-dispatch-confirmation/
Server
nginx
X-Robots-Tag
noindex, nofollow
all.css
use.fontawesome.com/releases/v5.8.1/css/ 		54 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.8.1/css/all.css
Requested by
Host: emaholdings.com
URL: https://emaholdings.com/delivery-dispatch-confirmation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e2::ac40:840f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eeb17a45a48aca1d7adbcf04de155dcd0b47cb36ad036310446bb471fea9aaa3

Request headers

Referer
https://emaholdings.com/
Origin
https://emaholdings.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Mon, 16 Jan 2023 12:15:05 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
JV8FMYCYFAF66PMS
age
10576
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
SpJKvTVPT+idUY1paJxb7V68QbNj/HzkrvNrvskk3NMTyOmDM12ogtk+l8LRO6iAM0sDaRKGPEX4Ldd8t0pptbsJxqcIF6aG5cZmJbbE/98=
last-modified
Wed, 30 Jun 2021 15:46:39 GMT
server
cloudflare
etag
W/"e4c542a7f6bf6f74fdd8cdf6e8096396"
access-control-max-age
3000
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DgJzCF0zzyofJq1g4TdrvLpmWnQKzgG7fAzzTce6Vi25POtnKE4J4DDfhOvRAVN91KW4dfR4hmDJwEthOvkrwalkUbCA31ZlMSP2ZleQlp3S%2BSyCewny4Li6B1oHxS8fqlxkKNI0%2F16TCD496rEWXCGC"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=31556926
cf-ray
78a6c64bcd3d68f8-FRA
index.b705563f.js
emaholdings.com/delivery-dispatch-confirmation/assets/ 		1 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://emaholdings.com/delivery-dispatch-confirmation/assets/index.b705563f.js
Requested by
Host: emaholdings.com
URL: https://emaholdings.com/delivery-dispatch-confirmation/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
107.155.82.34 Dallas, United States, ASN29802 (HVC-AS, US),
Reverse DNS
107-155-82-34.static.hvvc.us
Software
Apache /
Resource Hash
0e7b7e3c48b7c2f04b0c8721be7ad8ea34ad9564362cf4a4ba1bc464cf30832a
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains; preload

Request headers

Referer
https://emaholdings.com/delivery-dispatch-confirmation/
Origin
https://emaholdings.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date
Mon, 16 Jan 2023 12:15:05 GMT
Strict-Transport-Security
max-age=300; includeSubDomains; preload
Last-Modified
Thu, 12 Jan 2023 12:51:00 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
1390174
index.ff2f4dc2.css
emaholdings.com/delivery-dispatch-confirmation/assets/ 		219 KB
220 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://emaholdings.com/delivery-dispatch-confirmation/assets/index.ff2f4dc2.css
Requested by
Host: emaholdings.com
URL: https://emaholdings.com/delivery-dispatch-confirmation/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
107.155.82.34 Dallas, United States, ASN29802 (HVC-AS, US),
Reverse DNS
107-155-82-34.static.hvvc.us
Software
Apache /
Resource Hash
ff2f4dc2d0ca0771696328a219d12a6c76cc2cadd6dbcaffa768052a09158fc8
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://emaholdings.com/delivery-dispatch-confirmation/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date
Mon, 16 Jan 2023 12:15:05 GMT
Strict-Transport-Security
max-age=300; includeSubDomains; preload
Last-Modified
Thu, 12 Jan 2023 12:51:00 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
224693
Processing.28c1f0e7.js
emaholdings.com/delivery-dispatch-confirmation/assets/ 		17 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://emaholdings.com/delivery-dispatch-confirmation/assets/Processing.28c1f0e7.js
Requested by
Host: emaholdings.com
URL: https://emaholdings.com/delivery-dispatch-confirmation/assets/index.b705563f.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
107.155.82.34 Dallas, United States, ASN29802 (HVC-AS, US),
Reverse DNS
107-155-82-34.static.hvvc.us
Software
Apache /
Resource Hash
424ec2029a0e1dd7de25814fe01fb955b4f3b7b5e6b4487bea4e4665167c9b1b
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains; preload

Request headers

Referer
Origin
https://emaholdings.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date
Mon, 16 Jan 2023 12:15:06 GMT
Strict-Transport-Security
max-age=300; includeSubDomains; preload
Last-Modified
Thu, 12 Jan 2023 12:51:00 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
17610
rpc.9238ff78.js
emaholdings.com/delivery-dispatch-confirmation/assets/ 		20 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://emaholdings.com/delivery-dispatch-confirmation/assets/rpc.9238ff78.js
Requested by
Host: emaholdings.com
URL: https://emaholdings.com/delivery-dispatch-confirmation/assets/index.b705563f.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
107.155.82.34 Dallas, United States, ASN29802 (HVC-AS, US),
Reverse DNS
107-155-82-34.static.hvvc.us
Software
Apache /
Resource Hash
0698d34cd612df9472c48afdc6db3828259dbfc3f016089cd82aff2fe0ec522b
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains; preload

Request headers

Referer
Origin
https://emaholdings.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date
Mon, 16 Jan 2023 12:15:06 GMT
Strict-Transport-Security
max-age=300; includeSubDomains; preload
Last-Modified
Thu, 12 Jan 2023 12:51:00 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
20716
logo.aa0b1eff.svg
emaholdings.com/delivery-dispatch-confirmation/assets/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://emaholdings.com/delivery-dispatch-confirmation/assets/logo.aa0b1eff.svg
Requested by
Host: emaholdings.com
URL: https://emaholdings.com/delivery-dispatch-confirmation/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
107.155.82.34 Dallas, United States, ASN29802 (HVC-AS, US),
Reverse DNS
107-155-82-34.static.hvvc.us
Software
Apache /
Resource Hash
aa0b1eff66ef88df1c7b74ed9bf288e10b1bc3eb8822b92d10d69a84ed6b7a9e
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://emaholdings.com/delivery-dispatch-confirmation/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date
Mon, 16 Jan 2023 12:15:06 GMT
Strict-Transport-Security
max-age=300; includeSubDomains; preload
Last-Modified
Thu, 12 Jan 2023 12:51:00 GMT
Server
Apache
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
1332
1625790534535.png
mydhl.express.dhl/fr/en/_jcr_content/footer-v2/image.img.png/
Redirect Chain
  • https://mydhl.express.dhl/content/dhl/fr/en/_jcr_content/footer-v2/image.img.png/1625790534535.png
  • https://mydhl.express.dhl/fr/en/_jcr_content/footer-v2/image.img.png/1625790534535.png
4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mydhl.express.dhl/fr/en/_jcr_content/footer-v2/image.img.png/1625790534535.png
Requested by
Host: emaholdings.com
URL: https://emaholdings.com/delivery-dispatch-confirmation/
Protocol
H2
Server
23.37.57.200 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-57-200.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
5c4b801e60c49235941cfc562ed465a951c937c668db31e3c1ba152513c672d3
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.dhl.com ws: https: http:
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://emaholdings.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.dhl.com ws: https: http:
strict-transport-security
max-age=31536000 ; includeSubDomains
date
Mon, 16 Jan 2023 12:15:06 GMT
last-modified
Sat, 14 Jan 2023 01:08:16 GMT
server
nginx
x-akamai-tls
tls1.2
etag
W/"f26-5f22efc22f7e6"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=10800, public
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
3878
expires
Sat, 14 Jan 2023 04:08:16 GMT

Redirect headers

dc-name
CBJ
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.dhl.com ws: https: http:
strict-transport-security
max-age=31536000 ; includeSubDomains
date
Mon, 16 Jan 2023 12:15:06 GMT
x-akamai-tls
tls1.2
server
nginx
content-type
text/html
location
https://mydhl.express.dhl/fr/en/_jcr_content/footer-v2/image.img.png/1625790534535.png
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
138
authorize
phishercentral-iwk5k.ondigitalocean.app/api/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://phishercentral-iwk5k.ondigitalocean.app/api/authorize
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://emaholdings.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
cache-control
private
cf-cache-status
DYNAMIC
cf-ray
78a6c653dfa9927f-FRA
date
Mon, 16 Jan 2023 12:15:06 GMT
server
cloudflare
vary
Access-Control-Request-Headers
x-do-app-origin
6999346e-d02c-4687-8131-88eb158cb15e
x-do-orig-status
204
x-powered-by
Express
authorize
phishercentral-iwk5k.ondigitalocean.app/api/ 		17 B
138 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://phishercentral-iwk5k.ondigitalocean.app/api/authorize
Requested by
Host: emaholdings.com
URL: https://emaholdings.com/delivery-dispatch-confirmation/assets/rpc.9238ff78.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
d86df284a64828cfa71fea050c3f3aaa00ccdaf13e071e1263c024268ec43872

Request headers

Accept
application/json, text/plain, */*
Referer
https://emaholdings.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 16 Jan 2023 12:15:06 GMT
cf-cache-status
DYNAMIC
server
cloudflare
x-do-app-origin
6999346e-d02c-4687-8131-88eb158cb15e
x-do-orig-status
200
x-powered-by
Express
etag
W/"11-PCh8S7PN2iF9/4VRmOcMW4yWzy0"
vary
X-HTTP-Method-Override, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
private
cf-ray
78a6c654282a927f-FRA
content-length
17
geolocate
phishercentral-iwk5k.ondigitalocean.app/api/ 		91 B
216 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://phishercentral-iwk5k.ondigitalocean.app/api/geolocate
Requested by
Host: emaholdings.com
URL: https://emaholdings.com/delivery-dispatch-confirmation/assets/rpc.9238ff78.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
d7765e0eb038320c6a7592e0ecf2ba09a045500bd101100166f2ace45abe4901

Request headers

Accept
application/json, text/plain, */*
Referer
https://emaholdings.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Mon, 16 Jan 2023 12:15:06 GMT
content-encoding
br
cf-cache-status
MISS
server
cloudflare
x-do-app-origin
6999346e-d02c-4687-8131-88eb158cb15e
x-do-orig-status
200
x-powered-by
Express
etag
W/"5b-gOTNL0nt6A3rkTgpd2o7Ir90cWE"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
private
cf-ray
78a6c653dfaa927f-FRA
Home.ff60c209.js
emaholdings.com/delivery-dispatch-confirmation/assets/ 		148 KB
149 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://emaholdings.com/delivery-dispatch-confirmation/assets/Home.ff60c209.js
Requested by
Host: emaholdings.com
URL: https://emaholdings.com/delivery-dispatch-confirmation/assets/index.b705563f.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
107.155.82.34 Dallas, United States, ASN29802 (HVC-AS, US),
Reverse DNS
107-155-82-34.static.hvvc.us
Software
Apache /
Resource Hash
a1e2852cf88f5228a63c614de1422f563e81bfe84da680f7bea48abbced3af59
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains; preload

Request headers

Referer
Origin
https://emaholdings.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date
Mon, 16 Jan 2023 12:15:07 GMT
Strict-Transport-Security
max-age=300; includeSubDomains; preload
Last-Modified
Thu, 12 Jan 2023 12:51:00 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
151990
Home.5fd6cff1.css
emaholdings.com/delivery-dispatch-confirmation/assets/ 		114 KB
114 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://emaholdings.com/delivery-dispatch-confirmation/assets/Home.5fd6cff1.css
Requested by
Host: emaholdings.com
URL: https://emaholdings.com/delivery-dispatch-confirmation/assets/index.b705563f.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
107.155.82.34 Dallas, United States, ASN29802 (HVC-AS, US),
Reverse DNS
107-155-82-34.static.hvvc.us
Software
Apache /
Resource Hash
5fd6cff19275745b667a5ab49a3aececc76b54dae7ffef0c42a36d27465db8dc
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://emaholdings.com/delivery-dispatch-confirmation/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date
Mon, 16 Jan 2023 12:15:07 GMT
Strict-Transport-Security
max-age=300; includeSubDomains; preload
Last-Modified
Thu, 12 Jan 2023 12:51:00 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
116622
truncated
/ 		134 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
93ee19994358156fbbe3bcbb748f51b8d5bd6199ff589f8955eaacfa59d5cb2c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
281ce65e5d6edfb50c5d20ffe9618cf62dc7496cbc44c67197317a6e2d77d624

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/svg+xml
fa-solid-900.woff2
use.fontawesome.com/releases/v5.8.1/webfonts/ 		73 KB
73 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.8.1/webfonts/fa-solid-900.woff2
Requested by
Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.8.1/css/all.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e2::ac40:840f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f18c486a80175cf02fee0e05c2b4acd86c04cdbaecec61c1ef91f920509b5efe

Request headers

Referer
https://use.fontawesome.com/releases/v5.8.1/css/all.css
Origin
https://emaholdings.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Mon, 16 Jan 2023 12:15:08 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
19NDSC99RWBHN58D
age
2172
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
74256
x-amz-id-2
Z4z8T87yGQu9tYqvVcZPiATF/85W5wwwty/a6mMDg9fSZ2QOBm0OclCppe81AVmqjITd4l6GD7A=
last-modified
Wed, 30 Jun 2021 15:47:00 GMT
server
cloudflare
etag
"418dad87601f9c8abd0e5798c0dc1feb"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
font/woff2
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JaoBG%2FHroO7q1T2j4lSGjqTcgd9dVvB2Lzmg%2F435D8LUalI9w5ULIzDpZXwVNcC3DnukLtF5EkuhIrEMmWk5d%2FvJq20SIq8tFDHRmBb%2F%2BfyC2LTiDvkxfgqnfFLlK8Tr5IF%2Ft0Iby3%2B9SpnYOHw3Txqu"}],"group":"cf-nel","max_age":604800}
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
78a6c65b2f7768f8-FRA

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange object| FontAwesomeConfig object| ___FONT_AWESOME___

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=300; includeSubDomains; preload