Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
Informações de Detecção
https://track-dhl-delivery.duckdns.org/track/track.php
Detected Brand
DHL
Country
International
Confiança
96%
HTTP Status
N/A
Report ID
e370a9cc-889…
Analyzed
2026-03-05 12:29
Hashes de Conteúdo (Similaridade HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1884158B443A3D92B44B2D2C9B6B91B5B63C0829CCAE3161163EDC39D0FEEC55FC52140 |
|
CONTENT
ssdeep
|
24:hR/CH4mOLohuxBVLxnjz5EB8p0KKohzohun/ipmHp:T24myoa3LNe8p0ytp |
Hashes Visuais (Similaridade de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b673591c1c535d1c |
|
VISUAL
aHash
|
00e7e7e7dfffffff |
|
VISUAL
dHash
|
2a0c4e0c36240000 |
|
VISUAL
wHash
|
00c3e7e7001b0f0f |
|
VISUAL
colorHash
|
07000038000 |
|
VISUAL
cropResistant
|
2a0c4e0c36240000 |
Análise de Código
Risk Score
81/100
Nível de Ameaça
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
Telegram Exfiltration
🔬 Threat Analysis Report
• Ameaça: Phishing
• Alvo: Clientes DHL
• Método: Impersonação por meio de notificação de entrega falsa
• Exfil: Bot Telegram
• Indicadores: Domínio suspeito, urgência, solicitação de pagamento.
• Risco: Alto
🔒 Obfuscation Detected
- fromCharCode
- js_packer
📡 API Calls Detected
- https://ipwho.is/
🔑 Telegram Bot Tokens (1)
- 8519633985:AAF3...Xkas8_QM
📊 Detalhamento da Pontuação de Risco
Total Risk Score
90/100
Contributing Factors
Suspicious Domain
The domain is not an official DHL domain and uses a free dynamic DNS provider.
Obfuscation
Obfuscation makes it harder to understand what the code is doing.
Form Detected
The page has forms likely designed to collect data.
Telegram Token Found
Indicates data exfiltration to Telegram bot.
Delivery scam
The scam pretends to be a delivery service.
🔬 Análise Integral de Ameaças
Tipo de Ameaça
Credential Harvesting Kit
Alvo
DHL users (International)
Método de Ataque
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Canal de Exfiltração
Telegram Bot (8519633985:AAF3Nyhy5...)
Avaliação de Risco
CRITICAL - Automated credential harvesting with Telegram Bot (8519633985:AAF3Nyhy5...)
⚠️ Indicators of Compromise
- 1 Telegram bot token(s)
- Kit types: Credential Harvester
- 208 obfuscation techniques
🏢 Análise de Falsificação de Marca
Impersonated Brand
DHL
Official Website
https://www.dhl.com/global/en/home.html
Fake Service
DHL delivery service
Fraudulent Claims
⚔️ Metodologia de Ataque
Primary Method: Credential Harvesting
The attacker aims to steal user credentials (username, password) and/or payment information by impersonating a legitimate DHL delivery notification.
Secondary Method: Malware distribution
The 'Continue' button likely redirects to a form to enter credentials and possibly downloads malware or redirects to a different malicious site.
📡 Infraestrutura de Comando e Controle Telegram
Bot Token (Masked)
8519633985:AAF3...Xkas8_QM
Bot ID
8519633985
Group/Chat ID
Unknown
Operator Language
Unknown
💬 Message Templates (3)
| ID | Português | Inglês | Trigger |
|---|---|---|---|
🌐 Indicadores de Compromisso de Infraestrutura
Domain Information
Domínio
track-dhl-delivery.duckdns.org
Registered
None
Registrar
DuckDNS
Estado
Active
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
DHL
http://maurimedis.com/wp-content/languages/themes/dhl/dhl/3/...
Jun 16, 2026
DHL
https://inuclo.com/wp-content/uploads/2026/ini2/DHLnew/?toke...
Abr 14, 2026
DHL
https://inuclo.com/wp-content/uploads/2026/ini2/DHLnew/track...
Abr 14, 2026
DHL
http://pku.fgr.mybluehost.me/e/DHL/track/track.php
Mar 23, 2026
DHL
https://nlb.bbn.mybluehost.me/Multi/2K25-MultiLang/track/tra...
Mar 08, 2026
Scan History for track-dhl-delivery.duckdns.org
Found 4 other scans for this domain
"Nunca pensei que aconteceria comigo"
Isso dizem os 2,3 milhões de vítimas a cada ano. Não espere para ser uma estatística.