emaholdings.com
Open in
urlscan Pro
107.155.82.34
Malicious Activity!
Public Scan
Effective URL: https://emaholdings.com/delivery-dispatch-confirmation/
Submission: On January 16 via manual from IN — Scanned from DE
Summary
TLS certificate: Issued by R3 on January 11th 2023. Valid for: 3 months.
This is the only time emaholdings.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 167.89.123.122 167.89.123.122 | 11377 (SENDGRID) (SENDGRID) | |
8 | 107.155.82.34 107.155.82.34 | 29802 (HVC-AS) (HVC-AS) | |
2 | 2606:4700:e2:... 2606:4700:e2::ac40:840f | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 2 | 23.37.57.200 23.37.57.200 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
3 | 2606:4700::68... 2606:4700::6810:f34e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
14 | 5 |
ASN11377 (SENDGRID, US)
PTR: o16789123x122.outbound-mail.sendgrid.net
u31768930.ct.sendgrid.net |
ASN29802 (HVC-AS, US)
PTR: 107-155-82-34.static.hvvc.us
emaholdings.com |
ASN16625 (AKAMAI-AS, US)
PTR: a23-37-57-200.deploy.static.akamaitechnologies.com
mydhl.express.dhl |
ASN13335 (CLOUDFLARENET, US)
phishercentral-iwk5k.ondigitalocean.app |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
emaholdings.com
emaholdings.com |
2 MB |
3 |
ondigitalocean.app
phishercentral-iwk5k.ondigitalocean.app |
354 B |
2 |
express.dhl
1 redirects
mydhl.express.dhl — Cisco Umbrella Rank: 35706 |
5 KB |
2 |
fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 846 |
86 KB |
1 |
sendgrid.net
1 redirects
u31768930.ct.sendgrid.net |
258 B |
14 | 5 |
Domain | Requested by | |
---|---|---|
8 | emaholdings.com |
emaholdings.com
|
3 | phishercentral-iwk5k.ondigitalocean.app |
emaholdings.com
|
2 | mydhl.express.dhl |
1 redirects
emaholdings.com
|
2 | use.fontawesome.com |
emaholdings.com
use.fontawesome.com |
1 | u31768930.ct.sendgrid.net | 1 redirects |
14 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
emaholdings.com R3 |
2023-01-11 - 2023-04-11 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-06-06 - 2023-06-05 |
a year | crt.sh |
ondigitalocean.app Cloudflare Inc ECC CA-3 |
2022-10-18 - 2023-10-17 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://emaholdings.com/delivery-dispatch-confirmation/
Frame ID: 135083D086E15E699DB968594A5CFB26
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
DHLPage URL History Show full URLs
-
https://u31768930.ct.sendgrid.net/ls/click?upn=WN-2F48qtwpJ9C89w1HSa2-2Bzb5VxEDCUSj9urNH1fGsKWVvcnPMBt3y8k8K38...
HTTP 302
https://emaholdings.com/delivery-dispatch-confirmation/ Page URL
Detected technologies
Vue.js (JavaScript Frameworks) ExpandDetected patterns
- <[^>]+\sdata-v(?:ue)?-
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://u31768930.ct.sendgrid.net/ls/click?upn=WN-2F48qtwpJ9C89w1HSa2-2Bzb5VxEDCUSj9urNH1fGsKWVvcnPMBt3y8k8K38idoZtHyL0McW-2Bf0yEWqkVhnUiRFDZ-2B13Y2-2Bi7vsKZWya69-2Bk-3DU3UJ_g-2BzvdYitVX9I9KoDXjcOMyZ6pxXuv-2BauMKjVGEEHGpkSqlKgirGIC2NoHhuL3hGLoSB246BpuJjpFvgPrCtUFlQdhoMje726egFxCFm-2Flzos0zYvEmZXYFTa4oeYvfPFAEu8Ad0oK0yn5kbSjLjK9C32EWbiMQ4OUItvl6PLfpbYeB05qP-2FaNMi8HWwlKDK-2Bhi1IgxerfStS-2FkdvESNK4Eo-2FEKD3h5v8AX3ieUKUdCaT2jQAStGTsuWpe3V4rIFUAnS80Frb9jRQvFb-2BQoICD0XByog1asSvjt7cuICWpKV7KMaO2xuS2nGmI9ODgqKg1j9io-2BCdib59bLoichEq8pgpX5isrwmN0nKVBKs03QpcQCABNqrpqSFB4foyYpCAi-2FzypYlB6M-2BXgouxm2OhN9LyTJNt2pGTutngzf-2B1aSlHPZH9URWOmnP6sIlP5iaMoSf-2Bszjd-2FB6wsfEU6iudBmLI07Q0gxppp26esKPmFtuACCx8okN-2Fe7yFmnFQhG3CtfUzePjE5whigAjqCjufsjT9CKSAdFBciIebgoo0bGWjDZvW16rOuwoxv-2BBu5-2Fyk4hBlVY7gmJo1EyZRW-2BKIEEJOSbc84JOfmIGNGXIU7wU0qdwnePYj6hpsrfu4PbYF-2Bx7Q7-2BhgBHF-2FV7ashzYBtRUeayWZRtb51oKH5l28DV7eBEVNVAWa3LQg1KFIbh7hZ2lQ2cavUboN1cahw-2BX0xRrZF3DX3v-2B44WV-2BoMPV6qYp-2F30MA85Ab0yGNsua5yABOy0fXBREGhVNd6sGBeNVHLIZtDI4jlszHOv-2BQ-2B7tNblsLrmtFrtz88PA4jJIXh1xV04ert4qAN-2FvpbizDIIBhr0UQ15ZFQC-2F6XmxJPzCej8mRLN4W1vNBOsv9GhtG6YQ
HTTP 302
https://emaholdings.com/delivery-dispatch-confirmation/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 6- https://mydhl.express.dhl/content/dhl/fr/en/_jcr_content/footer-v2/image.img.png/1625790534535.png HTTP 302
- https://mydhl.express.dhl/fr/en/_jcr_content/footer-v2/image.img.png/1625790534535.png
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
emaholdings.com/delivery-dispatch-confirmation/ Redirect Chain
|
4 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.css
use.fontawesome.com/releases/v5.8.1/css/ |
54 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.b705563f.js
emaholdings.com/delivery-dispatch-confirmation/assets/ |
1 MB 1 MB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.ff2f4dc2.css
emaholdings.com/delivery-dispatch-confirmation/assets/ |
219 KB 220 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Processing.28c1f0e7.js
emaholdings.com/delivery-dispatch-confirmation/assets/ |
17 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rpc.9238ff78.js
emaholdings.com/delivery-dispatch-confirmation/assets/ |
20 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.aa0b1eff.svg
emaholdings.com/delivery-dispatch-confirmation/assets/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1625790534535.png
mydhl.express.dhl/fr/en/_jcr_content/footer-v2/image.img.png/ Redirect Chain
|
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
authorize
phishercentral-iwk5k.ondigitalocean.app/api/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
authorize
phishercentral-iwk5k.ondigitalocean.app/api/ |
17 B 138 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
geolocate
phishercentral-iwk5k.ondigitalocean.app/api/ |
91 B 216 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Home.ff60c209.js
emaholdings.com/delivery-dispatch-confirmation/assets/ |
148 KB 149 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Home.5fd6cff1.css
emaholdings.com/delivery-dispatch-confirmation/assets/ |
114 KB 114 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
134 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
215 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-solid-900.woff2
use.fontawesome.com/releases/v5.8.1/webfonts/ |
73 KB 73 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange object| FontAwesomeConfig object| ___FONT_AWESOME___0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=300; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
emaholdings.com
mydhl.express.dhl
phishercentral-iwk5k.ondigitalocean.app
u31768930.ct.sendgrid.net
use.fontawesome.com
107.155.82.34
167.89.123.122
23.37.57.200
2606:4700::6810:f34e
2606:4700:e2::ac40:840f
0698d34cd612df9472c48afdc6db3828259dbfc3f016089cd82aff2fe0ec522b
0e7b7e3c48b7c2f04b0c8721be7ad8ea34ad9564362cf4a4ba1bc464cf30832a
281ce65e5d6edfb50c5d20ffe9618cf62dc7496cbc44c67197317a6e2d77d624
424ec2029a0e1dd7de25814fe01fb955b4f3b7b5e6b4487bea4e4665167c9b1b
5c4b801e60c49235941cfc562ed465a951c937c668db31e3c1ba152513c672d3
5fd6cff19275745b667a5ab49a3aececc76b54dae7ffef0c42a36d27465db8dc
6abc5a5681842efd192c91c13eef81434564521c2131e66a106c0d8d361a10d1
93ee19994358156fbbe3bcbb748f51b8d5bd6199ff589f8955eaacfa59d5cb2c
a1e2852cf88f5228a63c614de1422f563e81bfe84da680f7bea48abbced3af59
aa0b1eff66ef88df1c7b74ed9bf288e10b1bc3eb8822b92d10d69a84ed6b7a9e
d7765e0eb038320c6a7592e0ecf2ba09a045500bd101100166f2ace45abe4901
d86df284a64828cfa71fea050c3f3aaa00ccdaf13e071e1263c024268ec43872
eeb17a45a48aca1d7adbcf04de155dcd0b47cb36ad036310446bb471fea9aaa3
f18c486a80175cf02fee0e05c2b4acd86c04cdbaecec61c1ef91f920509b5efe
ff2f4dc2d0ca0771696328a219d12a6c76cc2cadd6dbcaffa768052a09158fc8