SafeMode - Analysis: dhl-presentation.com

Captura Visual

Información de Detección

https://dhl-presentation.com/setup/

Detected Brand

DHL

Country

International

Confianza

100%

HTTP Status

200

Report ID

17e31285-9ed…

Analyzed

2026-01-26 00:11

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T19B22953023441E3E5A2BC698F6A4B31E619BE388D62F915CE2AF027557C7D82DC375D8
CONTENT ssdeep	192:HSB6lsI1nqPDSMsP2F+7eezgXRwXCCY/1Y2hCYOSsNu:HSUls5L+gXRwXCCYtYXYr

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	9b4d34326d98c667
VISUAL aHash	000c3c3c203c1c00
VISUAL dHash	0448405042793902
VISUAL wHash	103c3c3c3c3c3c30
VISUAL colorHash	38006000018
VISUAL cropResistant	0448405042793902

Análisis de Código

Risk Score 76/100

Nivel de Amenaza ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Amenaza: Phishing de DHL dirigido al acceso de cuentas.
• Objetivo: Usuarios de DHL.
• Método: Solicitud falsa de licencia y ruta de acceso.
• Exfil: Probablemente credenciales y potencialmente otros datos a un punto final desconocido.
• Indicadores: URL del sitio web no oficial, dominio reciente, ofuscación detectada y detección de envío de formularios javascript.
• Riesgo: ALTO - Robo de credenciales.

🔒 Obfuscation Detected

fromCharCode
unicode_escape

🎯 Kit Endpoints

/login

📡 API Calls Detected

https://t.me/zephyrscamasupportbot

📊 Desglose de Puntuación de Riesgo

Total Risk Score

100/100

Contributing Factors

Active Phishing Kit

Detected Credential Harvester, OTP Stealer, and Personal Info harvesting kits targeting DHL users.

High Obfuscation

17 obfuscation techniques detected in JavaScript files, indicating evasion of static analysis.

Brand Impersonation

Domain and content impersonate DHL, a high-value logistics brand, increasing trust exploitation.

Suspicious Form Fields

Form fields labeled 'Votre licence' and 'Chemin d'accès' suggest credential harvesting for unauthorized access.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza

Banking Credential Harvester

Objetivo

DHL users (International)

Método de Ataque

Brand impersonation + obfuscated JavaScript

Canal de Exfiltración

Unknown

Evaluación de Riesgo

HIGH - Automated credential harvesting with Unknown

⚠️ Indicators of Compromise

Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
17 obfuscation techniques

🏢 Análisis de Suplantación de Marca

Impersonated Brand

DHL

Official Website

https://www.dhl.com

Fake Service

Account verification or license validation

Fraudulent Claims

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The phishing kit captures user credentials through fake form fields ('Votre licence', 'Chemin d accès'). Data is likely exfiltrated via HTTP POST requests to a command-and-control server.

Secondary Method: OTP Stealer

The kit includes functionality to intercept one-time passwords (OTPs), enabling attackers to bypass multi-factor authentication on compromised accounts.