Phishing Analysis: DP World

Captura Visual

Informações de Detecção

https://signin.broker/JxcO4CqSIq8qMA

Detected Brand

DP World

Country

International

Confidence

100%

HTTP Status

200

Report ID

5ce16ec9-dbe…

Analyzed

2026-02-13 11:58

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1BDD1F17150509D3B4283C7D4B3B96B4F3394C34AEA87565A67F4C39C1EE3E56CC1A226
CONTENT ssdeep	96:nIpkCGTHRPypyz97krwkMCFs39TbJG9KjsWsjOq0U2gs0sjOjOVJQ6Q6ynQjNsjp:9LVk8AS9TbJG9aEDOVJQyyQjs

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	9c497326cc99d9e4
VISUAL aHash	18001818191f0f9f
VISUAL dHash	7161713331727d38
VISUAL wHash	191818181f1f1fff
VISUAL colorHash	07000000180
VISUAL cropResistant	7161713331727d38

Análise de Código

Risk Score 70/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Personal Info

🔬 Threat Analysis Report

• Ameaça: Phishing de credenciais
• Alvo: Funcionários ou usuários da DP World
• Método: Imitação da página de login da DP World.
• Exfil: Credenciais (e-mail e senha)
• Indicadores: Domínio incompatível, formulário de login.
• Risco: ALTO

🎯 Kit Endpoints

https://passwordreset.microsoftonline.com/?ru=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000001-0000-cff1-ce00-235124959787&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=d98292e6-fa3f-ce32-2214-21bc5137cc6d&protectedtoken=true&domain_hint=dpworld.com&nonce=899971296027.ec82d3ed-b372-7cd6-3e42-fcfc13352e79&state=anVyZ2VuLnZhbnJhbnNiZWVja0BkcHdvcmxkLmJl#
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000001-0000-cff1-ce00-452161560138&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=d98292e6-fa3f-ce32-2918-21bc5137cc6d&protectedtoken=true&domain_hint=dpworld.com&nonce=594197104122.ec82d3ed-b372-7cd6-3e42-fcfc13352e79&state=anVyZ2VuLnZhbnJhbnNiZWVja0BkcHdvcmxkLmJl#
https://login.microsoftonline.com/common/login#
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000001-0000-cff1-ce00-104867788808&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=d98292e6-fa3f-ce32-7034-21bc5137cc6d&protectedtoken=true&domain_hint=dpworld.com&nonce=455431941823.ec82d3ed-b372-7cd6-3e42-fcfc13352e79&state=anVyZ2VuLnZhbnJhbnNiZWVja0BkcHdvcmxkLmJl#

📊 Detalhamento da Pontuação de Risco

Total Risk Score

90/100

Contributing Factors

Domain Mismatch

The domain signin.broker is not associated with DP World.

Impersonation

The page tries to impersonate a sign-in page to collect login data.

Login Form

The form is designed to steal the credentials of the user.

🔬 Análise Integral de Ameaças

Tipo de Ameaça

Two-Factor Authentication Stealer

Alvo

DP World users (International)

Método de Ataque

Brand impersonation

Canal de Exfiltração

Form submission (backend endpoint not detected - likely JavaScript-based)

Avaliação de Risco

HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

Kit types: Credential Harvester, OTP Stealer, Personal Info

🏢 Análise de Falsificação de Marca

Impersonated Brand

DP World

Official Website

dpworld.com

Fake Service

Sign-in Service

⚔️ Metodologia de Ataque

Primary Method: Credential Harvesting

The attacker attempts to steal user credentials by creating a fake login page that mimics a legitimate one. The user is tricked into entering their email and password, which the attacker then captures.