SafeMode - Analysis: www.maison-orbey.de

EN ES PT

Back to Stats

Visual Capture

Screenshot of www.maison-orbey.de

Detection Info

https://www.maison-orbey.de/wp-content/plugins/xleet/b/g/[email protected]

Detected Brand

DHL

Country

International

Confidence

95%

HTTP Status

200

Report ID

747c0ec1-9bc…

Analyzed

2026-03-17 05:02

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T10251EBA0B3C4665EE8D0418BE1007FD5A3D0D06A837128044E5BAF5FE8CE0F5E9672EE
CONTENT ssdeep	48:fHfaRBRRZGMB+RvR41RrVCVv7kKG6bvtXV26/+SlREaxr9+p3CmXj1a:SjzBmZIukKGOvxVldHHLaPXj1a

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	da5ba5a5276e4a18
VISUAL aHash	ffff000000ffffff
VISUAL dHash	445939051422340c
VISUAL wHash	ffff00000000ffff
VISUAL colorHash	06000038000
VISUAL cropResistant	445939051422340c

Code Analysis

Risk Score 50/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester

🔬 Threat Analysis Report

• Threat: Phishing
• Target: DHL customers
• Method: Impersonation of DHL login page
• Exfil: ./log2345678.php (form action)
• Indicators: Mismatched domain, request for credentials, brand logo.
• Risk: High

🔐 Credential Harvesting Forms

🎯 Kit Endpoints

./log2345678.php

📤 Form Action Targets

./log2345678.php

📊 Risk Score Breakdown

Total Risk Score

90/100

Contributing Factors

Domain Unrelated to Brand

The domain is not a DHL domain.

Requests Credentials

The site asks for email and password, a strong phishing indicator.

Form Action

Form action is a php script, not the legit DHL address.

🔬 Comprehensive Threat Analysis

Threat Type

Credential Harvesting Kit

Target

DHL users (International)

Attack Method

Brand impersonation + credential harvesting forms

Exfiltration Channel

HTTP POST to backend

Risk Assessment

MEDIUM - Automated credential harvesting with HTTP POST to backend

⚠️ Indicators of Compromise

Kit types: Credential Harvester

🏢 Brand Impersonation Analysis

Impersonated Brand

DHL

Official Website

https://www.dhl.com

Fake Service

DHL Login

⚔️ Attack Methodology

Primary Method: Credential Harvesting

The attacker uses a fake login form to steal user credentials. The form submits data to a malicious server (./log2345678.php).

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain

www.maison-orbey.de

Registered

Unknown

Registrar

Unknown

Status

Unknown

🤖 AI-Extracted Threat Intelligence

Scan History for www.maison-orbey.de

Found 10 other scans for this domain

http://www.maison-orbey.de/g/o/ DHL Mar 31, 2026 23:32

https://www.maison-orbey.de/g/o/[email protected] DHL Mar 17, 2026 05:02

https://www.maison-orbey.de/wp-content/plugins/xle... DHL Mar 17, 2026 05:02

https://www.maison-orbey.de/g/o/[email protected] DHL Mar 01, 2026 17:01

https://www.maison-orbey.de/ ? Feb 25, 2026 13:16

http://www.maison-orbey.de/wp-content/plugins/xlee... DHL Feb 09, 2026 11:37

https://www.maison-orbey.de/wp-content/plugins/xle... DHL Jan 26, 2026 04:37

https://www.maison-orbey.de/wp-content/plugins/xle... DHL Jan 24, 2026 23:46

https://www.maison-orbey.de/g/o/ DHL Jan 07, 2026 06:37

https://www.maison-orbey.de/wp-content/plugins/xle... DHL Jan 07, 2026 06:29

😰

"I Never Thought It Would Happen to Me"

That's what 2.3 million victims say every year. Don't wait to become a statistic.