SafeMode - Analysis: www.maison-orbey.de

EN ES PT

Back to Stats

Captura Visual

Screenshot of www.maison-orbey.de

Información de Detección

https://www.maison-orbey.de/wp-content/plugins/xleet/b/g/[email protected]

Detected Brand

DHL

Country

International

Confidence

95%

HTTP Status

200

Report ID

747c0ec1-9bc…

Analyzed

2026-03-17 05:02

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T10251EBA0B3C4665EE8D0418BE1007FD5A3D0D06A837128044E5BAF5FE8CE0F5E9672EE
CONTENT ssdeep	48:fHfaRBRRZGMB+RvR41RrVCVv7kKG6bvtXV26/+SlREaxr9+p3CmXj1a:SjzBmZIukKGOvxVldHHLaPXj1a

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	da5ba5a5276e4a18
VISUAL aHash	ffff000000ffffff
VISUAL dHash	445939051422340c
VISUAL wHash	ffff00000000ffff
VISUAL colorHash	06000038000
VISUAL cropResistant	445939051422340c

Análisis de Código

Risk Score 50/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester

🔬 Threat Analysis Report

• Amenaza: Phishing
• Objetivo: Clientes de DHL
• Método: Impersonación de la página de inicio de sesión de DHL
• Exfil: ./log2345678.php (form action)
• Indicadores: Dominio no coincidente, solicitud de credenciales, logotipo de la marca.
• Riesgo: Alto

🔐 Credential Harvesting Forms

🎯 Kit Endpoints

./log2345678.php

📤 Form Action Targets

./log2345678.php

📊 Desglose de Puntuación de Riesgo

Total Risk Score

90/100

Contributing Factors

Domain Unrelated to Brand

The domain is not a DHL domain.

Requests Credentials

The site asks for email and password, a strong phishing indicator.

Form Action

Form action is a php script, not the legit DHL address.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza

Credential Harvesting Kit

Objetivo

DHL users (International)

Método de Ataque

Brand impersonation + credential harvesting forms

Canal de Exfiltración

HTTP POST to backend

Evaluación de Riesgo

MEDIUM - Automated credential harvesting with HTTP POST to backend

⚠️ Indicators of Compromise

Kit types: Credential Harvester

🏢 Análisis de Suplantación de Marca

Impersonated Brand

DHL

Official Website

https://www.dhl.com

Fake Service

DHL Login

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The attacker uses a fake login form to steal user credentials. The form submits data to a malicious server (./log2345678.php).

🌐 Indicadores de Compromiso de Infraestructura

Domain Information

Domain

www.maison-orbey.de

Registered

Unknown

Registrar

Unknown

Status

Unknown

🤖 AI-Extracted Threat Intelligence

Scan History for www.maison-orbey.de

Found 10 other scans for this domain

http://www.maison-orbey.de/g/o/ DHL Mar 31, 2026 23:32

https://www.maison-orbey.de/g/o/[email protected] DHL Mar 17, 2026 05:02

https://www.maison-orbey.de/wp-content/plugins/xle... DHL Mar 17, 2026 05:02

https://www.maison-orbey.de/g/o/[email protected] DHL Mar 01, 2026 17:01

https://www.maison-orbey.de/ ? Feb 25, 2026 13:16

http://www.maison-orbey.de/wp-content/plugins/xlee... DHL Feb 09, 2026 11:37

https://www.maison-orbey.de/wp-content/plugins/xle... DHL Ene 26, 2026 04:37

https://www.maison-orbey.de/wp-content/plugins/xle... DHL Ene 24, 2026 23:46

https://www.maison-orbey.de/g/o/ DHL Ene 07, 2026 06:37

https://www.maison-orbey.de/wp-content/plugins/xle... DHL Ene 07, 2026 06:29

😰

"Nunca pensé que me pasaría a mí"

Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.