Back

Fwd: Stand Ihrer eingereichten Rechnung

From: Joel Müller <joel-mueller@gmx.ch>Mar 30, 2026, 7:56 PM1e9f7ddf...254b95
completedSuspicious95%
Suspicious95% confidence

The email impersonates Helsana and uses a reimbursement lure ('CHF 284.50 bereit zur Auszahlung') to drive the recipient to a non-Helsana domain, kandoor.giize.com. That mismatch strongly indicates phishing/brand impersonation. Browser validation of the linked page was blocked by an access-denied screen, so the final payload could not be fully verified; because of that, the case is best classified as Suspicious rather than definitively Malicious. The Helsana links themselves appear benign and likely serve as legitimacy padding.

PhishingBrand ImpersonationLink-Based
URLs analyzed3
Malicious URLs0
Suspicious URLs1
Documents0
Artifacts0
QR codes0

URL Signals

3 analyzed

Suspiciouskandoor.giize.com

https://kandoor.giize.com/index.php

https://kandoor.giize.com/index.php

Benignwww.helsana.ch

https://www.helsana.ch

https://www.helsana.ch

Benignwww.helsana.ch

https://www.helsana.ch/abmelden

https://www.helsana.ch/abmelden

Documents

0 processed

None.

Authentication

spfUnknown
dkimUnknown
dmarcUnknown

Envelope

From

Joel Müller <joel-mueller@gmx.ch>

Reply-To

n/a

Attachments

0