EN ES PT
Back to Stats

Visual Capture

Screenshot of site-dofdieajj.godaddysites.com

Detection Info

https://site-dofdieajj.godaddysites.com/
Detected Brand
Zimbra
Country
International
Confidence
100%
HTTP Status
200
Report ID
562a9764-b97…
Analyzed
2026-01-31 22:49

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T138E2B49B214816E5C2F38FD8D8102A90B146EA9FC9714370C2BC4D3A5BD25A5B78DF7E
CONTENT ssdeep
384:KCJgoaOtuVF0cRXgjRUhx2Mu8wzzbO0vsFiYK/M74UZh3gl4oyA14yDwSs1:0acmjbhscY7UUjJojDwx

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
d2ad5a52a55a8d27
VISUAL aHash
e7ffffe7e7fcfcfc
VISUAL dHash
0e0e160c0c000800
VISUAL wHash
00c3e7c3c3e4e4fc
VISUAL colorHash
070000001c0
VISUAL cropResistant
0e0e160c0c000800,8988d09094d4c882

Code Analysis

Risk Score 100/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Credential Phishing
• Target: Zimbra users
• Method: Impersonation through a fake login page hosted on free hosting.
• Exfil: Form submission.
• Indicators: Free hosting, Zimbra logo, login form.
• Risk: High

🔒 Obfuscation Detected

  • fromCharCode
  • base64_strings

📡 API Calls Detected

  • GET
  • POST

📊 Risk Score Breakdown

Total Risk Score
90/100

Contributing Factors

Free Hosting
The domain is hosted on godaddysites.com, a free hosting provider, commonly used for phishing.
Brand Impersonation
The page attempts to mimic the Zimbra login page.
Forms requesting sensitive info
The presence of a login form requesting email and password is a major red flag.

🔬 Comprehensive Threat Analysis

Threat Type
Banking Credential Harvester
Target
Zimbra users (International)
Attack Method
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
  • 9 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand
Zimbra
Official Website
null
Fake Service
Zimbra webmail

⚔️ Attack Methodology

Primary Method: Credential Harvesting

The attacker uses a fake login page to trick users into entering their Zimbra account credentials.

Secondary Method: Obfuscation

Use of Javascript obfuscation to hide and/or alter the exfiltration code.

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain
site-dofdieajj.godaddysites.com
Registered
None
Registrar
None
Status
None

🤖 AI-Extracted Threat Intelligence

Scan History for site-dofdieajj.godaddysites.com

Found 1 other scan for this domain

😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.