URL THREAT INTELLIGENCE · v0.5.0 · OPERATIONAL

The full anatomy of a phishing site,
one URL at a time.

ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.

100 scans / day · free · typical scan 2–4 s ·

try

REVIEW · MEDIUM CONFIDENCE

Review required

brand Google scan id 0dff2cd8 duration — signals 0 failing / 0

Risk score 0.00

0 / 100 · —

Was this verdict correct?

Tags

URL anatomy

https :// .

flagged registered domain path protocol / query

Indicators of compromise 3 · click any row to copy

Defang hxxps://example[.]com

URL	hxxp://cashback[.]governofederal[.]ru/inicio[.]php
Brand	Google
Scan ID	0dff2cd8-34fd-4737-8646-6c8a509ce5fb

Detection signals 0 fail · 0 warn · 0 pass

No detection signals on this scan — it predates the signal pipeline. Re-analyze to capture them.

Captured page from scan

no screenshot

screenshot · captured at scan live page render

Brand impersonation visual + DOM analysis

No brand impersonation signals available.

Technical profile resolved at scan time

No technical metadata captured for this scan.

Analyst summary AI-generated

Initial scan heuristic + LLM

The HTML given shows elements of the Google home page, including the Google logo, Gmail and Images links, and a search bar. This suggests that the site is attempting to mimic Google’s interface, a common phishing technique. However, the URL does not match Google’s domain (google.com), and instead links to a ‘.ru’ site. This mismatch between the visual branding and the URL suggests that the site might be a phishing attempt.

The full anatomy of a phishing site, one URL at a time.

Review required

The full anatomy of a phishing site,
one URL at a time.