The full anatomy of a phishing site,
one URL at a time.
ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.
Phishing detected
| URL | hxxps://www[.]google[.]com/aclk?sa=L&ai=DChsSEwiGi7uDiZuQAxWImIMHHbwsMY8YACICCAEQARoCZWY&co=1&gclid=EAIaIQobChMIhou7g4mbkAMViJiDBx28LDGPEAAYASAAEgJinvD_BwE&sig=AOD64_1GhQ5IRz-rDhqRfCeqBc1ZZ_xL0w&rct=j&q&adurl&ved=2ahUKEwiRn7WDiZuQAxVzg_0HHVXxKssQ0Qx6BAgzEAQ | |
| Brand | GeoWorld | |
| Screenshot | https://cdn.zerophish.ai/c2e72a09-ec77-491d-88a6-078b48a5d1f4.jpg | |
| Scan ID | 10cd14f7-a150-418e-bdcf-c980369a8a0e |
No detection signals on this scan — it predates the signal pipeline. Re-analyze to capture them.
No brand impersonation signals available.
No technical metadata captured for this scan.
The analyzed page appears to be a phishing site. The first suspicious aspect is the URL, which despite being prefixed with https://www.google.com, is quite long and employs numerous parameters, which is a common technique to obscure the true destination of the link. Furthermore, the HTML content provides several alarming indications. The site mimics a legitimate geolocation service called ‘GeoWorld’, but its actual headquarters and legality are questionable. Notably, the page prompts users to input others’ phone numbers and consent to location tracking, which is a major privacy violation and atypical of legitimate services. They also offer a mysterious subscription service with no clear benefits, and the site’s footer claims a copyright year of 2025, which is a clear falsity. Lastly, the site provides an OCR-extracted text, but it is likely machine-generated with some grammar and punctuations off.