zerophish / console
Register Sign in
URL THREAT INTELLIGENCE · v0.5.0 · OPERATIONAL

The full anatomy of a phishing site,
one URL at a time.

ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.

scan
100 scans / day · free · typical scan 2–4 s ·
try
Result scan 03e30432
Scan another →
CACHED Showing previous scan from 14 d ago. Click Reanalyze to run a fresh scan.
SAFE · HIGH CONFIDENCE

No phishing signals detected

brand Civitai scan id 03e30432 duration 25.69s signals 1 failing / 12
Risk score 0.02
2 / 100 · Low risk
Tags
URL anatomy civitai.com
https :// civitai . com
flagged registered domain path protocol / query
Indicators of compromise 5 · click any row to copy
URL hxxps://civitai[.]com
Host civitai[.]com
Brand Civitai
Screenshot https://cdn.zerophish.ai/88283a09-02bf-44e6-a433-d0279a76a3de.jpg
Scan ID 03e30432-d829-4345-82d6-52ee82edfe84
Detection signals 1 fail · 0 warn · 6 pass
Brand typo-squat detected
No similar legitimate brand within edit-distance 2
critical
Domain age
Awaiting analysis
high
Threat intel blocklists
Awaiting analysis
critical
Credential collection form
No credential collection form on visible content
high
×
Visual similarity to known brand
100% structural similarity to Civitai
high
Favicon impersonation
Favicon matches the registered owner
medium
SSL certificate
Served over HTTPS · valid TLS certificate
low
DNS reputation
Awaiting analysis
medium
showing 8 of 12 ·
Captured page from scan
Captured page
screenshot · captured at scan live page render
Brand impersonation visual + DOM analysis
C
Civitai
100%
Technical profile resolved at scan time
Host civitai.com
Registered domain civitai.com
Scheme https
Content length 848305 B
HTTP 200 · text/html
Analyst summary AI-generated
Initial scan heuristic + LLM

The page presents itself as the legitimate Civitai site (“Civitai | Discover and Create AI Art”) with normal navigation (Home, Models, Images, Videos, Posts, etc.) and standard account access (“Sign In” linking to “/login?returnUrl=/”).

I do not see phishing-specific social-engineering patterns in the provided HTML/OCR: there are no fake security alerts, urgent payment/lockout warnings, or impersonation of another brand. The content appears to be a public community/gallery landing page with creators and featured items.

The URL is directly “https://civitai.com”, matching the brand name shown on the page, and there is no credential-harvesting form present in the supplied snippet.

Overall, the structure and branding are consistent with a real, first-party site, so phishing is unlikely.