URL THREAT INTELLIGENCE · v0.5.0 · OPERATIONAL
The full anatomy of a phishing site,
one URL at a time.
ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.
100 scans / day · free
·
typical scan 2–4 s
·
try
PHISHING · HIGH CONFIDENCE
Phishing detected
Risk score
0.90
90 / 100 · High risk
URL anatomy
https
://
oiutlookingpageaccu
.
weebly
.
com
/
flagged
registered domain
path
protocol / query
Why this verdict
Credential collection form
Credential collection form detected on the page
↑ risk
Email-auth posture (SPF/DMARC)
DMARC p=none (monitoring only) — domain can still be spoofed in mail
↑ risk
Brand typo-squat detected
No similar legitimate brand within edit-distance 2
↓ risk
Visual similarity to known brand
Brand presentation matches the registered owner
↓ risk
Favicon impersonation
Favicon matches the registered owner
↓ risk
SSL certificate
Served over HTTPS · valid TLS certificate
↓ risk
Brand-in-subdomain attack
No known brand label in subdomain
↓ risk
Homoglyph attack
ASCII only · no mixed-script characters detected
↓ risk
enrichment used:
dns
network
jarm
asn
Indicators of compromise
| URL | hxxps://oiutlookingpageaccu[.]weebly[.]com/ | |
| Host | oiutlookingpageaccu[.]weebly[.]com | |
| Registered domain | weebly[.]com | |
| Screenshot | https://cdn.zerophish.ai/6bc45aeb-859e-4e6c-a7d9-de9eb64c659f.jpg | |
| Scan ID | 18b52d74-ca81-4a14-8dac-318499035c2f |
Detection signals
Brand typo-squat detected
No similar legitimate brand within edit-distance 2
critical
Domain age
Awaiting analysis
high
Threat intel blocklists
Awaiting analysis
critical
Credential collection form
Credential collection form detected on the page
high
Visual similarity to known brand
Brand presentation matches the registered owner
high
Favicon impersonation
Favicon matches the registered owner
medium
SSL certificate
Served over HTTPS · valid TLS certificate
low
DNS reputation
Awaiting analysis
medium
showing 8 of 20 ·
Captured page
Brand impersonation
No brand impersonation signals available.
Technical profile
| Host | oiutlookingpageaccu.weebly.com |
| Registered domain | weebly.com |
| Scheme | https |
| Content length | 71871 B |
| HTTP | 200 · text/html |
| DMARC policy | p=none |
| SPF policy | soft |
| MX records | present |
Analyst summary
Initial scan
Verdict: Phishing
This page presents a generic “로그인” (login) form that collects email and password (“이메일 ”, “비밀번호 ”, “サインイン”). The URL is a random-looking subdomain on Weebly—oiutlookingpageaccu.weebly.com—which does not match any legitimate brand domain for which a login form would be expected.
Suspicious elements observed
- Credential harvesting form: A form is present with required fields for email and password, which is explicitly credential collection.
- No trustworthy brand identity: The only visible branding is Korean/Japanese navigation text (“우편”, “Search by typing & pressing enter”, “YOUR CART”). There is no recognizable company name (e.g., PayPal) shown in the provided HTML/text.
-
Phishing-style hosting on an unrelated domain: The form posts to
https://oiutlookingpageaccu.weebly.com/ajax/apps/formSubmitAjax.phpon the same unusual domain, rather than to any official authentication endpoint.
Brand & domain relationship
- Identified brand: none.
- Because no specific brand is identified in the page content, there is no legitimate first-party domain to verify against. However, the combination of a credential-collection login form and an unrelated, dynamically hosted Weebly subdomain is a strong phishing signal.
Conclusion
Given the presence of an email/password login form on an unrelated Weebly subdomain with no credible brand context, this strongly indicates credential phishing.