[Phishing Kit] Dissecting the Latest DHL Phishing Kit

Recently, we have found the latest phishing kit targeting DHL. This phishing kit mostly checks for most of the bots’ IPs and, if encountered, redirects them to google.com:

Steals Informations

It asks for the victim’s full name, address, city, postal code, phone number, OS, IP information, and banking details[card number cvv and OTP], then exfiltrates via a telegram bot[ which can be easily configured].


Multilingual Phishing Kit

This is, interestingly, a multilingual phishing kit, and @Junia_Wolf is the creator of this phishing kit.

Credit card validation

While stealing the credit card number, this phishing kit only checks for a 16-digit credit card number validity.
image

Phishing URLs

Here is the list of phishing URLs utilizing this phishing kit mentioned above. [Some of them are still active]

https://tashidelek.drukhost.com/~utpalabhutan/DHL
https://tt.vg/ILrPy
http://xukamel.com.br/hl/billing.php
https://eurodevelopers.pk/.well-known/acme-challenge/89D09QKK/TRAKING46S7Q/
https://renwrent.online/billing.php
http://www.rebrand.ly/e19qqz4/
https://capitalgas.com.br/wp-content/upgrade/vs/
https://xukamel.com.br/hl/
https://arafkid2.crabdance.com/pl/billing.php
http://tashidelek.drukhost.com/~utpalabhutan/DHL/billing.php
https://scandinavian-delivery.yiff.fi/cc/c/billing.php
https://t.ly/GY4id
https://warranty.slumberland.co.th/regform/Include/billing.php
https://wheel.to/KrEWDE/
https://kqq.gna.mybluehost.me/Dhl-cz/
http://urlday.cc/pldhl
https://wascorconstruction.co.za/legan/
https://mydhl-trackingworld.com/
https://edhlexpress-v3eservicescom458109.codeanyapp.com/
http://snip.ly/twulgl/
https://frhb86485flex.ikexpress.com/to/dhbg.php/
http://naomivancartier.com/-/dhlservie/dhl
https://kmyonline.al/
http://rb.gy/adnmcd
https://frhb86258flex.ikexpress.com/dhbg/billing.php
https://naomivancartier.com/-/dhlservie/dhl/
https://pppnr24.ru/passvalid/vs/
http://xukamel.com.br/hl/
https://vps99086.inmotionhosting.com/wp-admin/css/slovakGlobal/globalSk/details.php
https://port-3000-php-blue-cricket-streik75t120727.codeanyapp.com/lu/10/billing.php
https://slovenija-posta.yiff.fi/si/d/billing.php
http://wheel.to/oAfhR6
https://kqq.gna.mybluehost.me/Dhl-cz/billing.php
http://wbze.de/nh3y
https://myblog-7cdf28dh2f.live-website.com/wp-content/sk/sk/billing.php
https://myblog-6tfjlm4isb.live-website.com/no/billing.php
https://port-3000-php-blue-cricket-streik75t120727.codeanyapp.com/10/19/billing.php
https://myblog-mqxfb3ug2s.live-website.com/wp-admin/maint/post/billing.php
https://tashidelek.drukhost.com/~utpalabhutan/DHL/
http://sprl.in/sk-posta
https://verifirds.crabdance.com/no/billing.php
https://rebrand.ly/e19qqz4/
http://oyn.at/fogp/
http://sprl.in/DHL-italy
https://myblog-7cdf28dh2f.live-website.com/wp-content/pl/details.php
https://myblog-ove0svb1w0.live-website.com/en/billing.php
https://ruch-neng-kundench-swiss-hl-dalalhamoud234544741.codeanyapp.com/2024BetaDHL/DHL-version-Beta/details.php
https://sprl.in/Express-pakke
https://urlday.cc/sk88292
https://vps98862.inmotionhosting.com/wp-admin/js/polandService/PLglobal/details.php
http://interlab.com.sg/66/-/billing.php
https://naomivancartier.com/-/dhlservie/dhl/billing.php
https://verifirds.crabdance.com/se/billing.php
https://myblog-zgciplu2m6.live-website.com/DHL-version-24/DHL-version-24/billing.php
https://sk-postsk.crabdance.com/sk/
https://frhb86485flex.ikexpress.com/to/dhbg.php
https://sk-postsk.crabdance.com/sk/billing.php
http://u-rl.li/rrR/
https://www.service-livraisonfrance.com/
https://frhb85889flex.ikexpress.com/dhmix/billing.php
https://slovenija-posta.yiff.fi/si/d/

2 Likes