EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Captura Visual

Screenshot of www.maison-orbey.de

Información de Detección

https://www.maison-orbey.de/g/o/[email protected]
Detected Brand
DHL
Country
International
Confianza
95%
HTTP Status
200
Report ID
b4248253-211…
Analyzed
2026-03-01 17:01

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T16951DBA0B3C46A5E94D0458BE1007FD5A3D0D0AA837139045E5BAF5FECCD0F5A9672EE
CONTENT ssdeep
48:fHfaRBRRZGMB+Rv441RrVCVv7kKG6bvtXV26/+SlRdaxrbEnCMj1a:SjzBmwIukKGOvxVldHI18j1a

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
da4ba5a5276e4a58
VISUAL aHash
ffff000000ffffff
VISUAL dHash
c4d939851422340c
VISUAL wHash
ffff00000000ffff
VISUAL colorHash
06000038000
VISUAL cropResistant
c4d939851422340c

Análisis de Código

Risk Score 50/100
Nivel de Amenaza ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester

🔬 Threat Analysis Report

• Amenaza: Phishing
• Objetivo: Clientes de DHL
• Método: Robo de credenciales
• Exfil: ./log1234567.php
• Indicadores: Dominio no coincidente, acción de formulario sospechosa, suplantación.
• Riesgo: Alto

🔐 Credential Harvesting Forms

🎯 Kit Endpoints

  • ./log1234567.php

📤 Form Action Targets

  • ./log1234567.php

📊 Desglose de Puntuación de Riesgo

Total Risk Score
90/100

Contributing Factors

Domain unrelated to brand
The domain 'www.maison-orbey.de' does not correspond to the official DHL website.
Suspicious Form Action
The form action points to a potentially malicious PHP script.
Impersonation
The website attempts to impersonate DHL.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza
Credential Harvesting Kit
Objetivo
DHL users (International)
Método de Ataque
Brand impersonation + credential harvesting forms
Canal de Exfiltración
HTTP POST to backend
Evaluación de Riesgo
MEDIUM - Automated credential harvesting with HTTP POST to backend

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester

🏢 Análisis de Suplantación de Marca

Impersonated Brand
DHL
Official Website
https://www.dhl.com
Fake Service
DHL Login

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The attacker sets up a fake login page that closely resembles DHL's legitimate login page to trick users into entering their credentials.

🌐 Indicadores de Compromiso de Infraestructura

Domain Information

Dominio
www.maison-orbey.de
Registered
Unknown
Registrar
Unknown
Estado
Unknown

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
DHL
https://ski.tv-merklingen.de/wp-content/desk/preview/docs/ve...
Abr 23, 2026
 Screenshot
DHL
https://www.maison-orbey.de/g/o/[email protected]
Mar 17, 2026
 Screenshot
DHL
https://akpp-volkswagen.ru/css/GlobalSources/?email=3mail@b....
Mar 17, 2026
 Screenshot
DHL
https://cocorost-556.jp/mail/GlobalSources/?email=3mail@slur...
Feb 09, 2026
 Screenshot
DHL
https://cocorost-556.jp/jo/GlobalSources/[email protected]
Feb 06, 2026

Scan History for www.maison-orbey.de

Found 10 other scans for this domain

😰
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.