EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Captura Visual

Screenshot of www.maison-orbey.de

Información de Detección

https://www.maison-orbey.de/wp-content/plugins/xleet/b/g/index2.php
Detected Brand
DHL
Country
International
Confidence
95%
HTTP Status
N/A
Report ID
9ec8ea7f-0de…
Analyzed
2026-01-26 04:37

Análisis de Código

Risk Score 80/100
Threat Level ALTO
⚠️ Phishing Confirmed

🔬 Threat Analysis Report

• Amenaza: Kit de phishing para robo de credenciales
• Objetivo: Usuarios de DHL internacionalmente
• Método: Formulario falso que roba contraseñas
• Exfil: Desconocido, probablemente enviado al servidor del atacante
• Indicadores: Dominio no relacionado, imita la marca DHL, formulario de inicio de sesión presente
• Riesgo: ALTO - Robo inmediato de credenciales

📊 Desglose de Puntuación de Riesgo

Total Risk Score
80/100

Contributing Factors

Brand Impersonation
Impersonates DHL, a global logistics brand, to deceive victims into entering credentials.
Credential Harvesting
Contains a password form field, indicating an attempt to harvest user credentials.
Compromised Domain
Uses a legitimate but compromised domain (maison-orbey.de) to host phishing content, increasing trustworthiness.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza
Unknown Threat
Objetivo
DHL users (International)
Método de Ataque
Brand impersonation
Canal de Exfiltración
Unknown
Evaluación de Riesgo
LOW - Automated credential harvesting with Unknown

🏢 Análisis de Suplantación de Marca

Impersonated Brand
DHL
Official Website
https://www.dhl.com
Fake Service
DHL account login portal

⚔️ Metodología de Ataque

Primary Method: Account Takeover

The phishing page impersonates DHL and presents a login form to harvest victim credentials. Once submitted, the credentials are likely exfiltrated to an attacker-controlled server for unauthorized access to DHL accounts.

Secondary Method: Credential Theft

The harvested credentials can be used for further attacks, such as accessing linked services, stealing personal data, or conducting fraudulent transactions.

🌐 Indicadores de Compromiso de Infraestructura

Domain Information

Domain
www.maison-orbey.de
Registered
Unknown
Registrar
Unknown
Status
Age unknown

📊 Diagrama de Flujo de Ataque

┌──────────────────────────────────────────────────────────┐
│ 1. VICTIM RECEIVES PHISHING EMAIL                         │
│    - Email mimics DHL branding                           │
│    - Contains link to fake login page                    │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 2. FAKE LOGIN PAGE DISPLAYED                             │
│    - Victim enters Banking credentials                   │
│    - Form appears legitimate (DHL branding)              │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 3. CREDENTIAL CAPTURE                                    │
│    - Input data collected by attacker                    │
│    - Victim redirected to error page                     │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 4. DATA EXFILTRATION                                     │
│    - Stolen credentials sent via HTTP POST               │
│    - Standard form submission to attacker server         │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 5. ACCOUNT TAKEOVER                                      │
│    - Attacker uses credentials to access victim's bank   │
│    - Unauthorized transactions initiated                 │
└──────────────────────────────────────────────────────────┘

🤖 AI-Extracted Threat Intelligence

📊 Attack Flow

┌──────────────────────────────────────────────────────────┐
│ 1. VICTIM RECEIVES PHISHING EMAIL                         │
│    - Email mimics DHL branding                           │
│    - Contains link to fake login page                    │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 2. FAKE LOGIN PAGE DISPLAYED                             │
│    - Victim enters Banking credentials                   │
│    - Form appears legitimate (DHL branding)              │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 3. CREDENTIAL CAPTURE                                    │
│    - Input data collected by attacker                    │
│    - Victim redirected to error page                     │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 4. DATA EXFILTRATION                                     │
│    - Stolen credentials sent via HTTP POST               │
│    - Standard form submission to attacker server         │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 5. ACCOUNT TAKEOVER                                      │
│    - Attacker uses credentials to access victim's bank   │
│    - Unauthorized transactions initiated                 │
└──────────────────────────────────────────────────────────┘

Scan History for www.maison-orbey.de

Found 10 other scans for this domain

😰
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.