First a webscan with weaknesses and misconfigurations of the found phishing link with a final F-grade:
https://www.htbridge.com/websec/?id=bfAMqMOeSSL scan report of the phishing link in question: -https://analyse.schillerehms.de etc.
1.
https://ssltools.digicert.com/checker/views/checkInstallation.jsp&
2.
https://www.htbridge.com/ssl/?id=k0QM3CosConclusion: TLSv1.0 Non-compliant with PCI DSS requirements, Non-compliant with HIPAA guidance,
NO SUPPORT OF TLSv1.3
The server does not support TLSv1.3 which is the only version of TLS that currently has no known flaws or exploitable weaknesses.Misconfiguration or weakness
SERVER DOES NOT PROVIDE HSTS
The server does not enforce HTTP Strict Transport Security. We advise to enable it to enforce the user to browse the website in HTTPS.Misconfiguration or weakness
pol