lieferung-paket-kundin.emporiadr.com
Open in
urlscan Pro
172.105.52.9
Malicious Activity!
Public Scan
URL:
https://lieferung-paket-kundin.emporiadr.com/delivery/checkout/receive
Submission: On July 07 via automatic, source openphish — Scanned from DE
Submission: On July 07 via automatic, source openphish — Scanned from DE
Summary
This website contacted 5 IPs
in 2 countries
across 4 domains to perform 24 HTTP transactions.
The main IP is 172.105.52.9, located in
Mumbai, India and
belongs to LINODE-AP Linode, LLC, US.
The main domain is lieferung-paket-kundin.emporiadr.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on July 7th 2022. Valid for: 3 months.
This is the only time lieferung-paket-kundin.emporiadr.com was scanned on urlscan.io!
TLS certificate: Issued by cPanel, Inc. Certification Authority on July 7th 2022. Valid for: 3 months.
This is the only time lieferung-paket-kundin.emporiadr.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Swiss Post (Transportation)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 14 | 172.105.52.9 172.105.52.9 | 63949 (LINODE-AP...) (LINODE-AP Linode) | |
| 3 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2606:4700::68... 2606:4700::6812:1634 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2606:4700::68... 2606:4700::6810:5814 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 5 | 2606:4700:303... 2606:4700:3034::ac43:9689 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 24 | 5 |
14
172.105.52.9
(Mumbai, India)
ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li2059-9.members.linode.com
ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li2059-9.members.linode.com
| lieferung-paket-kundin.emporiadr.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 14 |
emporiadr.com
lieferung-paket-kundin.emporiadr.com |
664 KB |
| 6 |
fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 1942 ka-f.fontawesome.com — Cisco Umbrella Rank: 4239 |
183 KB |
| 3 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 231 |
69 KB |
| 1 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 429 |
15 KB |
| 24 | 4 |
| Domain | Requested by | |
|---|---|---|
| 14 | lieferung-paket-kundin.emporiadr.com |
lieferung-paket-kundin.emporiadr.com
|
| 5 | ka-f.fontawesome.com |
kit.fontawesome.com
lieferung-paket-kundin.emporiadr.com |
| 3 | cdnjs.cloudflare.com |
lieferung-paket-kundin.emporiadr.com
|
| 1 | cdn.jsdelivr.net |
lieferung-paket-kundin.emporiadr.com
|
| 1 | kit.fontawesome.com |
lieferung-paket-kundin.emporiadr.com
|
| 24 | 5 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| lieferung-paket-kundin.emporiadr.com cPanel, Inc. Certification Authority |
2022-07-07 - 2022-10-05 |
3 months | crt.sh |
| sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-09-21 - 2022-09-20 |
a year | crt.sh |
| *.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-12-01 - 2023-01-01 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://lieferung-paket-kundin.emporiadr.com/delivery/checkout/receive
Frame ID: 9D7476042D3C7D3201834B78DDFF6533
Requests: 24 HTTP requests in this frame
Screenshot
Page Title
delivery details |Detected technologies
Bootstrap
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Laravel
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
Livewire
(Web frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- livewire(?:\.min)?\.js
Axios
(JavaScript libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- /axios(@|/)([\d.]+)(?:/[a-z]+)?/axios(?:.min)?\.js
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- kit\.fontawesome\.com/([0-9a-z]+).js
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jQuery UI
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- ([\d.]+)/jquery-ui(?:\.min)?\.js
- jquery-ui.*\.js
jsDelivr
(CDN)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
24 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
receive
lieferung-paket-kundin.emporiadr.com/delivery/checkout/ |
16 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.css
lieferung-paket-kundin.emporiadr.com/css/ |
195 KB 196 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-ui.min.css
cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/ |
31 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ba5491b11c.js
kit.fontawesome.com/ |
11 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
style.css
lieferung-paket-kundin.emporiadr.com/css/ |
25 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
media.css
lieferung-paket-kundin.emporiadr.com/css/ |
5 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo.svg
lieferung-paket-kundin.emporiadr.com/img/ |
3 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-3.6.0.min.js
lieferung-paket-kundin.emporiadr.com/js/ |
87 KB 88 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
popper.min.js
lieferung-paket-kundin.emporiadr.com/js/ |
21 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.min.js
lieferung-paket-kundin.emporiadr.com/js/ |
62 KB 62 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.validate.min.js
lieferung-paket-kundin.emporiadr.com/js/ |
23 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
additional-methods.js
cdn.jsdelivr.net/npm/jquery-validation@1.19.3/dist/ |
51 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
axios.min.js
cdnjs.cloudflare.com/ajax/libs/axios/0.24.0/ |
17 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
script.js
lieferung-paket-kundin.emporiadr.com/js/ |
142 B 217 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
counter.js
lieferung-paket-kundin.emporiadr.com/js/ |
5 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-ui.min.js
cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/ |
248 KB 56 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
livewire.js
lieferung-paket-kundin.emporiadr.com/vendor/livewire/ |
156 KB 157 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
free.min.css
ka-f.fontawesome.com/releases/v6.1.1/css/ |
99 KB 21 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v6.1.1/css/ |
26 KB 5 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
free-v5-font-face.min.css
ka-f.fontawesome.com/releases/v6.1.1/css/ |
823 B 739 B |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v6.1.1/css/ |
2 KB 1008 B |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
frutiger_regular.ttf
lieferung-paket-kundin.emporiadr.com/fonts/ |
36 KB 36 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
frutiger_bold.ttf
lieferung-paket-kundin.emporiadr.com/fonts/ |
35 KB 35 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
free-fa-solid-900.woff2
ka-f.fontawesome.com/releases/v6.1.1/webfonts/ |
151 KB 151 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Swiss Post (Transportation)19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| FontAwesomeKitConfig function| $ function| jQuery function| Popper object| bootstrap function| axios object| Livewire object| livewire string| livewire_app_url string| livewire_token function| deferLoadingAlpine2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| lieferung-paket-kundin.emporiadr.com/ | Name: XSRF-TOKEN Value: eyJpdiI6ImMxWllMQVRySUptYW8wNmgrU0Q4WWc9PSIsInZhbHVlIjoidG1EUnlKYzVtVm1JMDJlUkRaTWVFenlYZk1KNGZ0bWZEVndJbWlxWG1JWTBUb3Q2MUEvUkIwcXpDTFplMEg1R2Q1R2lxcGJTV0JzamY2bzh6NjBrSVNvTktHdkhNd3hYMjQzdkJYQVdXZ0tCM1JMZlpLSkFXM1hIeXdKMVZoQ20iLCJtYWMiOiJiZDE0YjdiOTU3NGE2OGRjZmJhZGIwNTAxODU2NWVhNTM0YWFiMzMxNTg2OGQxNjRlN2Y1ZGE1ZGRmNTZhNGU0IiwidGFnIjoiIn0%3D |
|
| lieferung-paket-kundin.emporiadr.com/ | Name: laravel_session Value: eyJpdiI6IkpuN0w2ZkRoV1J4VmtjbGNQb2RDR3c9PSIsInZhbHVlIjoiUVdleWN1Q3hYWE1Ka2NVcExudTgxKzdQdVpIMEQwRTJBd2Jybyswb1FYVWtFSDJqMmlyRTFWQy9wSWhsYUs4cnRPTGdmZ3ZIR3hIaVhjVHpnc1hMZU1xVGwzR2VJLzZGaDA5SWZ6YkQ1a2NVRkkzb21EZUhRYkQ2c1RIVXZIdjIiLCJtYWMiOiIwMWU5YmY5OTRiMGMwMjM5Yzc3Zjc5MzE0ZDIzYjllOTU0Y2ZhYThlZGZkNTY4ODdhODBjY2I0NDNkMWMyNTNhIiwidGFnIjoiIn0%3D |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
cdnjs.cloudflare.com
ka-f.fontawesome.com
kit.fontawesome.com
lieferung-paket-kundin.emporiadr.com
172.105.52.9
2606:4700:3034::ac43:9689
2606:4700::6810:5814
2606:4700::6811:180e
2606:4700::6812:1634
0281802cc2ff5e8b90c99ba9ad7368b961d1260e4337b5a98b4c2127ff2e7c11
0d0e4356efe672de14390e7ccabe085867edeedd0de3ed53b1f9630c83102ab0
11b77c55feeef9515846e545d400b3ac6fe5fa72acc4f4ef3536815ab931aea2
1b89c653011c414bf5b9e166440c8c92b74c2a31431633b0fd1a07797702882c
22b33536f2585278142eda58b643514bb8c42924183053e5512e2c958a7119d5
28ce75d953678c4942df47a11707a15e3c756021cf89090e3e6aa7ad6b6971c3
34b8d08084f0fafcde91f5c2e8b4b852e135c646a6ec25d1ec207d2e01896166
50e497b00818378dcffe856b994f89947b620c66163768879c9b8a63d583f898
55aea5fc13079612cca693c3e10a13491034799a449b261fc56ea4c0f9ed6735
61bc05483ccc3ca099da0b327dc0b554e0b978107d5e21fd141e1419b24412fb
66909991487a411a536c226f3d2bd04b86d8ccd973b74ebe8773ae0c3809e191
6fd6d75d8052df6156a783b08cbc9338247b21b1ddfa3dd1df0738c8b3f8056d
8e1067bd02326817437ccaabc56bbdd261b5874d6d2cdd9d3974765ec6f9160e
a077714458698c2b217b2656e483a4055c3af9eef97e0cc26536c171c32359b2
ac1c8f94750b39b12327a5d0c56fdf946dabfb6d91e5d2a202879ff9a5d67e29
aed6ac78b8249a9c7cff0030f3b921ee9f771cb1684164f3e679e1023a4d5c69
af24b8992585daf5e60bfd165cf968a5d7e46098e809f272bfd3378f67325177
b8be8fbaff6d829178d12cb3364335db4f7b82e7a40221d56364d08b294b8a0d
bdb6555be3041a9a8cfcc4eb73472e4c8d5ecdaef1fc9348046f2e55744ec271
c8c014c730b7402f4a0d8b695c135278ce4d8eb3ee419c31939195c3cecfbeb5
d00b137617ca412b948102cd10f2c393fc78cbce53bf505fdeb161dd0e8e8157
edd03b96ae4ff7886406c59d7dfeeaa1b624a7da297bf2f92d0cb6b7f9633cba
fe28dc38bc057f6eb11180235bbe458b3295a39b674d889075d3d9a0b5071d9f
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e