Recently, we have found the latest phishing kit targeting DHL. This phishing kit mostly checks for most of the bots’ IPs and, if encountered, redirects them to google.com:
Steals Informations
It asks for the victim’s full name, address, city, postal code, phone number, OS, IP information, and banking details[card number cvv and OTP], then exfiltrates via a telegram bot[ which can be easily configured].
Multilingual Phishing Kit
This is, interestingly, a multilingual phishing kit, and @Junia_Wolf
is the creator of this phishing kit.
Credit card validation
While stealing the credit card number, this phishing kit only checks for a 16-digit credit card number validity.
Phishing URLs
Here is the list of phishing URLs utilizing this phishing kit mentioned above. [Some of them are still active]
https://tashidelek.drukhost.com/~utpalabhutan/DHL
https://tt.vg/ILrPy
http://xukamel.com.br/hl/billing.php
https://eurodevelopers.pk/.well-known/acme-challenge/89D09QKK/TRAKING46S7Q/
https://renwrent.online/billing.php
http://www.rebrand.ly/e19qqz4/
https://capitalgas.com.br/wp-content/upgrade/vs/
https://xukamel.com.br/hl/
https://arafkid2.crabdance.com/pl/billing.php
http://tashidelek.drukhost.com/~utpalabhutan/DHL/billing.php
https://scandinavian-delivery.yiff.fi/cc/c/billing.php
https://t.ly/GY4id
https://warranty.slumberland.co.th/regform/Include/billing.php
https://wheel.to/KrEWDE/
https://kqq.gna.mybluehost.me/Dhl-cz/
http://urlday.cc/pldhl
https://wascorconstruction.co.za/legan/
https://mydhl-trackingworld.com/
https://edhlexpress-v3eservicescom458109.codeanyapp.com/
http://snip.ly/twulgl/
https://frhb86485flex.ikexpress.com/to/dhbg.php/
http://naomivancartier.com/-/dhlservie/dhl
https://kmyonline.al/
http://rb.gy/adnmcd
https://frhb86258flex.ikexpress.com/dhbg/billing.php
https://naomivancartier.com/-/dhlservie/dhl/
https://pppnr24.ru/passvalid/vs/
http://xukamel.com.br/hl/
https://vps99086.inmotionhosting.com/wp-admin/css/slovakGlobal/globalSk/details.php
https://port-3000-php-blue-cricket-streik75t120727.codeanyapp.com/lu/10/billing.php
https://slovenija-posta.yiff.fi/si/d/billing.php
http://wheel.to/oAfhR6
https://kqq.gna.mybluehost.me/Dhl-cz/billing.php
http://wbze.de/nh3y
https://myblog-7cdf28dh2f.live-website.com/wp-content/sk/sk/billing.php
https://myblog-6tfjlm4isb.live-website.com/no/billing.php
https://port-3000-php-blue-cricket-streik75t120727.codeanyapp.com/10/19/billing.php
https://myblog-mqxfb3ug2s.live-website.com/wp-admin/maint/post/billing.php
https://tashidelek.drukhost.com/~utpalabhutan/DHL/
http://sprl.in/sk-posta
https://verifirds.crabdance.com/no/billing.php
https://rebrand.ly/e19qqz4/
http://oyn.at/fogp/
http://sprl.in/DHL-italy
https://myblog-7cdf28dh2f.live-website.com/wp-content/pl/details.php
https://myblog-ove0svb1w0.live-website.com/en/billing.php
https://ruch-neng-kundench-swiss-hl-dalalhamoud234544741.codeanyapp.com/2024BetaDHL/DHL-version-Beta/details.php
https://sprl.in/Express-pakke
https://urlday.cc/sk88292
https://vps98862.inmotionhosting.com/wp-admin/js/polandService/PLglobal/details.php
http://interlab.com.sg/66/-/billing.php
https://naomivancartier.com/-/dhlservie/dhl/billing.php
https://verifirds.crabdance.com/se/billing.php
https://myblog-zgciplu2m6.live-website.com/DHL-version-24/DHL-version-24/billing.php
https://sk-postsk.crabdance.com/sk/
https://frhb86485flex.ikexpress.com/to/dhbg.php
https://sk-postsk.crabdance.com/sk/billing.php
http://u-rl.li/rrR/
https://www.service-livraisonfrance.com/
https://frhb85889flex.ikexpress.com/dhmix/billing.php
https://slovenija-posta.yiff.fi/si/d/