EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

Screenshot of site-1enk6s1fm.godaddysites.com

Detection Info

https://site-1enk6s1fm.godaddysites.com/
Detected Brand
BT/EE
Country
UK
Confidence
100%
HTTP Status
200
Report ID
51d225ff-e1dā€¦
Analyzed
2026-02-01 17:29

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1A232134622083965C2F3489994507684B387DF4FC9618B7086BC5E3F1FD2AA2A795F3F
CONTENT ssdeep
192:cQO0YOryHjbI1jetPCZw7yBNQ6VyNU4JQMdBCWvoacsLjwpcBlb5h1oQ46X8Yz+h:2OryZdiy3Bg6BR+FhoQ

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
d2a5528dad5aad52
VISUAL aHash
e7e7e7fffffcfcfc
VISUAL dHash
4d4d4d000c000808
VISUAL wHash
e0e0e680f3f0f0f0
VISUAL colorHash
070000004c0
VISUAL cropResistant
4d4d4d000c000808,455105f4b4a44145,c9c8b0b09088aa8e

Code Analysis

Risk Score 76/100
Threat Level ALTO
āš ļø Phishing Confirmed
šŸŽ£ Credential Harvester šŸŽ£ OTP Stealer šŸŽ£ Banking šŸŽ£ Personal Info

šŸ”¬ Threat Analysis Report

ā€¢ Threat: Phishing
ā€¢ Target: BT/EE customers
ā€¢ Method: Impersonation via free hosting.
ā€¢ Exfil: Unknown (likely credentials)
ā€¢ Indicators: Free hosting, brand logos, call to action to view bill
ā€¢ Risk: HIGH

šŸ”’ Obfuscation Detected

  • fromCharCode
  • unicode_escape

šŸŽÆ Kit Endpoints

  • //img1.wsimg.com/isteam/ip/7a17d71d-8d60-4865-9278-d2e9a6eb3bfb/BT%20%26%20EE%20NEW%20LOGO.jpeg/:/rs=w:120,h:120,m
  • //img1.wsimg.com/isteam/ip/7a17d71d-8d60-4865-9278-d2e9a6eb3bfb/BT%20%26%20EE%20NEW%20LOGO.jpeg/:/rs=w:72,h:72,m
  • //img1.wsimg.com/isteam/ip/7a17d71d-8d60-4865-9278-d2e9a6eb3bfb/BT%20%26%20EE%20NEW%20LOGO.jpeg/:/rs=w:60,h:60,m
  • //img1.wsimg.com/isteam/ip/7a17d71d-8d60-4865-9278-d2e9a6eb3bfb/BT%20%26%20EE%20NEW%20LOGO.jpeg/:/rs=w:180,h:180,m
  • //img1.wsimg.com/isteam/ip/7a17d71d-8d60-4865-9278-d2e9a6eb3bfb/BT%20%26%20EE%20NEW%20LOGO.jpeg/:/rs=w:57,h:57,m
  • //img1.wsimg.com/isteam/ip/7a17d71d-8d60-4865-9278-d2e9a6eb3bfb/BT%20%26%20EE%20NEW%20LOGO.jpeg/:/rs=w:144,h:144,m
  • //img1.wsimg.com/isteam/ip/7a17d71d-8d60-4865-9278-d2e9a6eb3bfb/BT%20%26%20EE%20NEW%20LOGO.jpeg/:/rs=w:152,h:152,m
  • //img1.wsimg.com/isteam/ip/7a17d71d-8d60-4865-9278-d2e9a6eb3bfb/BT%20%26%20EE%20NEW%20LOGO.jpeg/:/rs=w:114,h:114,m
  • //img1.wsimg.com/isteam/ip/7a17d71d-8d60-4865-9278-d2e9a6eb3bfb/BT%20%26%20EE%20NEW%20LOGO.jpeg/:/rs=h:182,cg:true,m/qt=q:100/ll

šŸ“Š Risk Score Breakdown

Total Risk Score
90/100

Contributing Factors

Free Hosting
The site is hosted on godaddysites.com, a free hosting service.
Brand Impersonation
The site uses the BT/EE logo and branding to impersonate the legitimate company.
Suspicious Content
The call to action 'Log in to view your bill' is a phishing trigger

šŸ”¬ Comprehensive Threat Analysis

Threat Type
Banking Credential Harvester
Target
BT/EE users (UK)
Attack Method
Brand impersonation + obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

āš ļø Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
  • 16 obfuscation techniques

šŸ¢ Brand Impersonation Analysis

Impersonated Brand
BT/EE
Official Website
https://www.bt.com or https://www.ee.co.uk
Fake Service
Viewing your bill

Fraudulent Claims

āš”ļø Attack Methodology

Primary Method: Credential Harvesting

The attacker is likely attempting to steal login credentials. A user clicking on the call to action may be redirected to a fake login page.

šŸŒ Infrastructure Indicators of Compromise

Domain Information

Domain
site-1enk6s1fm.godaddysites.com
Registered
2013-11-18
Registrar
GoDaddy.com, LLC
Status
active

šŸ¤– AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
EE (BT Broadband)
http://site-1enk6s1fm.godaddysites.com
Feb 01, 2026
 Screenshot
BT/EE/O2
https://site-1enk6s1fm.godaddysites.com/
Feb 01, 2026
 Screenshot
EE (BT)
http://www.site-z09d9cvco.godaddysites.com/
Feb 01, 2026

Scan History for site-1enk6s1fm.godaddysites.com

Found 7 other scans for this domain

šŸ˜°
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.