Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
https://www.maison-orbey.de/wp-content/plugins/xleet/b/g/index2.php
Detected Brand
DHL
Country
International
Confidence
95%
HTTP Status
N/A
Report ID
9ec8ea7f-0deβ¦
Analyzed
2026-01-26 04:37
Code Analysis
Risk Score
80/100
Threat Level
ALTO
β οΈ Phishing Confirmed
π¬ Threat Analysis Report
β’ Threat: Credential harvesting phishing kit
β’ Target: DHL users internationally
β’ Method: Fake login form stealing passwords
β’ Exfil: Unknown, likely sent to attacker's server
β’ Indicators: Unrelated domain, mimics DHL branding, login form present
β’ Risk: HIGH - Immediate credential theft
π Risk Score Breakdown
Total Risk Score
80/100
Contributing Factors
Brand Impersonation
Impersonates DHL, a global logistics brand, to deceive victims into entering credentials.
Credential Harvesting
Contains a password form field, indicating an attempt to harvest user credentials.
Compromised Domain
Uses a legitimate but compromised domain (maison-orbey.de) to host phishing content, increasing trustworthiness.
π¬ Comprehensive Threat Analysis
Threat Type
Unknown Threat
Target
DHL users (International)
Attack Method
Brand impersonation
Exfiltration Channel
Unknown
Risk Assessment
LOW - Automated credential harvesting with Unknown
π’ Brand Impersonation Analysis
Impersonated Brand
DHL
Official Website
https://www.dhl.com
Fake Service
DHL account login portal
βοΈ Attack Methodology
Primary Method: Account Takeover
The phishing page impersonates DHL and presents a login form to harvest victim credentials. Once submitted, the credentials are likely exfiltrated to an attacker-controlled server for unauthorized access to DHL accounts.
Secondary Method: Credential Theft
The harvested credentials can be used for further attacks, such as accessing linked services, stealing personal data, or conducting fraudulent transactions.
π Infrastructure Indicators of Compromise
Domain Information
Domain
www.maison-orbey.de
Registered
Unknown
Registrar
Unknown
Status
Age unknown
π Attack Flow Diagram
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β 1. VICTIM RECEIVES PHISHING EMAIL β
β - Email mimics DHL branding β
β - Contains link to fake login page β
ββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β 2. FAKE LOGIN PAGE DISPLAYED β
β - Victim enters Banking credentials β
β - Form appears legitimate (DHL branding) β
ββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β 3. CREDENTIAL CAPTURE β
β - Input data collected by attacker β
β - Victim redirected to error page β
ββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β 4. DATA EXFILTRATION β
β - Stolen credentials sent via HTTP POST β
β - Standard form submission to attacker server β
ββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β 5. ACCOUNT TAKEOVER β
β - Attacker uses credentials to access victim's bank β
β - Unauthorized transactions initiated β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
π€ AI-Extracted Threat Intelligence
π Attack Flow
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β 1. VICTIM RECEIVES PHISHING EMAIL β
β - Email mimics DHL branding β
β - Contains link to fake login page β
ββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β 2. FAKE LOGIN PAGE DISPLAYED β
β - Victim enters Banking credentials β
β - Form appears legitimate (DHL branding) β
ββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β 3. CREDENTIAL CAPTURE β
β - Input data collected by attacker β
β - Victim redirected to error page β
ββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β 4. DATA EXFILTRATION β
β - Stolen credentials sent via HTTP POST β
β - Standard form submission to attacker server β
ββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β 5. ACCOUNT TAKEOVER β
β - Attacker uses credentials to access victim's bank β
β - Unauthorized transactions initiated β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Scan History for www.maison-orbey.de
Found 10 other scans for this domain
-
http://www.maison-orbey.de/g/o/
https://www.maison-orbey.de/wp-content/plugins/xle...
https://www.maison-orbey.de/g/o/[email protected]
https://www.maison-orbey.de/wp-content/plugins/xle...
https://www.maison-orbey.de/g/o/[email protected]
https://www.maison-orbey.de/
http://www.maison-orbey.de/wp-content/plugins/xlee...
https://www.maison-orbey.de/wp-content/plugins/xle...
https://www.maison-orbey.de/g/o/
https://www.maison-orbey.de/wp-content/plugins/xle...
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.