Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
Informações de Detecção
https://51-83-251-71.cprapid.com/ch/kasse.php?ausecgzvodo5wpzs3omv
Detected Brand
DPD
Country
International
Confidence
100%
HTTP Status
200
Report ID
72e232c1-700…
Analyzed
2026-02-24 04:35
Hashes de Conteúdo (Similaridade HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T132C2227094B5A57F009F72D1A738A705A3C39382CB520BE567FC936D8BCAE84DC23569 |
|
CONTENT
ssdeep
|
384:2x8xw7pvKpJrVUatKroxNaNp8+XxFUHIJO:txbrKr2sRUHF |
Hashes Visuais (Similaridade de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
eb6b199094b66663 |
|
VISUAL
aHash
|
f9a9e1f7ffffff9f |
|
VISUAL
dHash
|
2b23032f3223032b |
|
VISUAL
wHash
|
8981e1df8383c39f |
|
VISUAL
colorHash
|
07600000003 |
|
VISUAL
cropResistant
|
2b23032f3223032b,696969c9692b3734 |
Análise de Código
Risk Score
95/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 OTP Stealer
🎣 Card Stealer
🎣 Banking
🎣 Personal Info
🔬 Threat Analysis Report
• Ameaça: Phishing
• Alvo: Clientes DPD
• Método: Impersonação e roubo de dados baseados em formulários
• Exfil: action.php (provável)
• Indicadores: Domínio suspeito, solicita detalhes do cartão de crédito, javascript ofuscado.
• Risco: Alto
🔐 Credential Harvesting Forms
🔒 Obfuscation Detected
- atob
- eval
- fromCharCode
- unescape
- base64_strings
🎯 Kit Endpoints
- ./app/wp-content/themes/DPD_Login/css/styles.min5b21.css?ver=6.0.2
📡 API Calls Detected
- https://whos.amung.us/stats/
- GET
- POST
📤 Form Action Targets
- action.php
📊 Detalhamento da Pontuação de Risco
Total Risk Score
90/100
Contributing Factors
Suspicious Domain
The domain is not related to DPD and uses a hosting provider often associated with malicious activities.
Requests Sensitive Information
The site directly requests credit card details, a primary indicator of phishing.
Obfuscated Javascript
The presence of obfuscated Javascript (atob, eval, fromCharCode) suggests an attempt to hide malicious code from detection.
🔬 Análise Integral de Ameaças
Tipo de Ameaça
Banking Credential Harvester
Alvo
DPD users (International)
Método de Ataque
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Canal de Exfiltração
HTTP POST to backend
Avaliação de Risco
CRITICAL - Automated credential harvesting with HTTP POST to backend
⚠️ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
- 20 obfuscation techniques
🏢 Análise de Falsificação de Marca
Impersonated Brand
DPD
Official Website
dpd.com
Fake Service
Payment processing for DPD services
⚔️ Metodologia de Ataque
Primary Method: Credential Harvesting
The attacker aims to steal credit card details by mimicking the DPD website. The victim is tricked into entering their sensitive information in a form that submits the data to a malicious server.
Secondary Method: Social Engineering
The attacker leverages the trust in the DPD brand and the checkout process to deceive the user.
🌐 Indicadores de Compromisso de Infraestrutura
Domain Information
Domain
51-83-251-71.cprapid.com
Registered
Unknown
Registrar
Unknown
Status
Unknown
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
DPD
https://9-205-153-237.cprapid.com/parcel/kasse.php?begc1ffqo...
Mar 21, 2026
DPD
https://51-83-251-71.cprapid.com/ch/kasse.php?ausecgzvodo5wp...
Fev 24, 2026
DPD
https://87-106-70-155.cprapid.com/ch/kasse.php?oxhu3iit3l809...
Fev 20, 2026
DPD
https://87-106-70-155.cprapid.com/ch/kasse.php?oxhu3iit3l809...
Fev 19, 2026
DPD
https://74-161-162-114.cprapid.com/pl/kasse.php?token=2a575a...
Fev 12, 2026
Scan History for 51-83-251-71.cprapid.com
Found 3 other scans for this domain
"Nunca pensei que aconteceria comigo"
Isso dizem os 2,3 milhões de vítimas a cada ano. Não espere para ser uma estatística.