What an attacker would serve here instead:

• Fake DPD redelivery fee page (card skimming)
• Credential harvest page
• Fake parcel tracking with malicious download

The victim arrived here via a legitimate DPD-signed email from no-reply@email.dpdgroup.co.uk, authenticated on the real DPD portal, and was silently redirected with no browser warning.