Phishing Analysis: DP World

Captura Visual

Información de Detección

https://signin.broker/JxcO4CqSIq8qMA

Detected Brand

DP World

Country

International

Confidence

100%

HTTP Status

200

Report ID

5ce16ec9-dbe…

Analyzed

2026-02-13 11:58

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1BDD1F17150509D3B4283C7D4B3B96B4F3394C34AEA87565A67F4C39C1EE3E56CC1A226
CONTENT ssdeep	96:nIpkCGTHRPypyz97krwkMCFs39TbJG9KjsWsjOq0U2gs0sjOjOVJQ6Q6ynQjNsjp:9LVk8AS9TbJG9aEDOVJQyyQjs

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	9c497326cc99d9e4
VISUAL aHash	18001818191f0f9f
VISUAL dHash	7161713331727d38
VISUAL wHash	191818181f1f1fff
VISUAL colorHash	07000000180
VISUAL cropResistant	7161713331727d38

Análisis de Código

Risk Score 70/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Personal Info

🔬 Threat Analysis Report

• Amenaza: Phishing de credenciales
• Objetivo: Empleados o usuarios de DP World
• Método: Imitación de la página de inicio de sesión de DP World.
• Exfil: Credenciales (correo electrónico y contraseña)
• Indicadores: Dominio no coincide, formulario de inicio de sesión.
• Riesgo: ALTO

🎯 Kit Endpoints

https://passwordreset.microsoftonline.com/?ru=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000001-0000-cff1-ce00-235124959787&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=d98292e6-fa3f-ce32-2214-21bc5137cc6d&protectedtoken=true&domain_hint=dpworld.com&nonce=899971296027.ec82d3ed-b372-7cd6-3e42-fcfc13352e79&state=anVyZ2VuLnZhbnJhbnNiZWVja0BkcHdvcmxkLmJl#
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000001-0000-cff1-ce00-452161560138&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=d98292e6-fa3f-ce32-2918-21bc5137cc6d&protectedtoken=true&domain_hint=dpworld.com&nonce=594197104122.ec82d3ed-b372-7cd6-3e42-fcfc13352e79&state=anVyZ2VuLnZhbnJhbnNiZWVja0BkcHdvcmxkLmJl#
https://login.microsoftonline.com/common/login#
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000001-0000-cff1-ce00-104867788808&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=d98292e6-fa3f-ce32-7034-21bc5137cc6d&protectedtoken=true&domain_hint=dpworld.com&nonce=455431941823.ec82d3ed-b372-7cd6-3e42-fcfc13352e79&state=anVyZ2VuLnZhbnJhbnNiZWVja0BkcHdvcmxkLmJl#

📊 Desglose de Puntuación de Riesgo

Total Risk Score

90/100

Contributing Factors

Domain Mismatch

The domain signin.broker is not associated with DP World.

Impersonation

The page tries to impersonate a sign-in page to collect login data.

Login Form

The form is designed to steal the credentials of the user.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza

Two-Factor Authentication Stealer

Objetivo

DP World users (International)

Método de Ataque

Brand impersonation

Canal de Exfiltración

Form submission (backend endpoint not detected - likely JavaScript-based)

Evaluación de Riesgo

HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

Kit types: Credential Harvester, OTP Stealer, Personal Info

🏢 Análisis de Suplantación de Marca

Impersonated Brand

DP World

Official Website

dpworld.com

Fake Service

Sign-in Service

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The attacker attempts to steal user credentials by creating a fake login page that mimics a legitimate one. The user is tricked into entering their email and password, which the attacker then captures.