zerophish / console
Register Sign in
URL THREAT INTELLIGENCE · v0.5.0 · OPERATIONAL

The full anatomy of a phishing site,
one URL at a time.

ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.

scan
100 scans / day · free · typical scan 2–4 s ·
try
Result scan 00da3de9
Scan another →
CACHED Showing previous scan from 231 d ago. Click Reanalyze to run a fresh scan.
REVIEW · MEDIUM CONFIDENCE

Review required

brand firebase scan id 00da3de9 duration signals 0 failing / 0
Risk score 0.10
10 / 100 · —
Tags
URL anatomy
https :// .
flagged registered domain path protocol / query
Indicators of compromise 4 · click any row to copy
URL hxxps://amigo-ai-6df06[.]firebaseapp[.]com/__/auth/action?mode=verifyEmail&oobCode=_tPoWvXgMwYkUvjnV3Kv7RTK2g8VfBNfudPnTdhcf0oAAAGaEsmPEw&apiKey=AIzaSyAG1Lkem2Skl8X0R7xEQ7pkwL8M361hcDE&lang=en
Brand firebase
Screenshot https://cdn.zerophish.ai/165bbd0c-2d86-49c5-8e60-31122a37ed2a.jpg
Scan ID 00da3de9-dd93-444b-8ba8-55f0761666d7
Detection signals 0 fail · 0 warn · 0 pass

No detection signals on this scan — it predates the signal pipeline. Re-analyze to capture them.

Captured page from scan
Captured page
screenshot · captured at scan live page render
Brand impersonation visual + DOM analysis

No brand impersonation signals available.

Technical profile resolved at scan time

No technical metadata captured for this scan.

Analyst summary AI-generated
Initial scan heuristic + LLM

The URL and HTML code belong to a service hosted on Firebase, a Google cloud service, which is usually used for legitimate purposes. The HTML code represents a typical page that users see after they have successfully verified their email address. No domain mismatch has been found which is usually a symptom of phishing websites. Hence, it is very unlikely that this is a phishing website.