EN ES PT
Back to Stats

Captura Visual

Screenshot of site-dofdieajj.godaddysites.com

Informações de Detecção

https://site-dofdieajj.godaddysites.com/
Detected Brand
Zimbra
Country
International
Confiança
100%
HTTP Status
200
Report ID
562a9764-b97…
Analyzed
2026-01-31 22:49

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T138E2B49B214816E5C2F38FD8D8102A90B146EA9FC9714370C2BC4D3A5BD25A5B78DF7E
CONTENT ssdeep
384:KCJgoaOtuVF0cRXgjRUhx2Mu8wzzbO0vsFiYK/M74UZh3gl4oyA14yDwSs1:0acmjbhscY7UUjJojDwx

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
d2ad5a52a55a8d27
VISUAL aHash
e7ffffe7e7fcfcfc
VISUAL dHash
0e0e160c0c000800
VISUAL wHash
00c3e7c3c3e4e4fc
VISUAL colorHash
070000001c0
VISUAL cropResistant
0e0e160c0c000800,8988d09094d4c882

Análise de Código

Risk Score 100/100
Nível de Ameaça ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Ameaça: Phishing de credenciais
• Alvo: Usuários do Zimbra
• Método: Personificação através de uma página de login falsa hospedada em hospedagem gratuita.
• Exfil: Envio de formulário.
• Indicadores: Hospedagem gratuita, logotipo do Zimbra, formulário de login.
• Risco: Alto

🔒 Obfuscation Detected

  • fromCharCode
  • base64_strings

📡 API Calls Detected

  • GET
  • POST

📊 Detalhamento da Pontuação de Risco

Total Risk Score
90/100

Contributing Factors

Free Hosting
The domain is hosted on godaddysites.com, a free hosting provider, commonly used for phishing.
Brand Impersonation
The page attempts to mimic the Zimbra login page.
Forms requesting sensitive info
The presence of a login form requesting email and password is a major red flag.

🔬 Análise Integral de Ameaças

Tipo de Ameaça
Banking Credential Harvester
Alvo
Zimbra users (International)
Método de Ataque
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Canal de Exfiltração
Form submission (backend endpoint not detected - likely JavaScript-based)
Avaliação de Risco
CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
  • 9 obfuscation techniques

🏢 Análise de Falsificação de Marca

Impersonated Brand
Zimbra
Official Website
null
Fake Service
Zimbra webmail

⚔️ Metodologia de Ataque

Primary Method: Credential Harvesting

The attacker uses a fake login page to trick users into entering their Zimbra account credentials.

Secondary Method: Obfuscation

Use of Javascript obfuscation to hide and/or alter the exfiltration code.

🌐 Indicadores de Compromisso de Infraestrutura

Domain Information

Domínio
site-dofdieajj.godaddysites.com
Registered
None
Registrar
None
Estado
None

🤖 AI-Extracted Threat Intelligence

Scan History for site-dofdieajj.godaddysites.com

Found 1 other scan for this domain

😰
"Nunca pensei que aconteceria comigo"
Isso dizem os 2,3 milhões de vítimas a cada ano. Não espere para ser uma estatística.