zerophish / console
Register Sign in
URL THREAT INTELLIGENCE · v0.5.0 · OPERATIONAL

The full anatomy of a phishing site,
one URL at a time.

ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.

scan
100 scans / day · free · typical scan 2–4 s ·
try
Result scan 1ef6d75b
Scan another →
CACHED Showing previous scan from 13 d ago. Click Reanalyze to run a fresh scan.
SAFE · HIGH CONFIDENCE

No phishing signals detected

brand GitLab scan id 1ef6d75b duration 7.86s signals 2 failing / 12
Risk score 0.02
2 / 100 · Low risk
Tags
URL anatomy docs.gitlab.com
https :// docs . gitlab . com /charts/installation/
flagged registered domain path protocol / query
Indicators of compromise 6 · click any row to copy
URL hxxps://docs[.]gitlab[.]com/charts/installation/
Host docs[.]gitlab[.]com
Registered domain gitlab[.]com
Brand GitLab
Screenshot https://cdn.zerophish.ai/80928897-a674-4da2-a877-93ed4f27fd69.jpg
Scan ID 1ef6d75b-c04a-42db-bae4-7030d673677e
Detection signals 2 fail · 0 warn · 5 pass
×
Brand typo-squat detected
gitlab ↔ github · Levenshtein 2 · brand: GitHub
critical
Domain age
Awaiting analysis
high
Threat intel blocklists
Awaiting analysis
critical
Credential collection form
No credential collection form on visible content
high
×
Visual similarity to known brand
100% structural similarity to GitLab
high
Favicon impersonation
Favicon matches the registered owner
medium
SSL certificate
Served over HTTPS · valid TLS certificate
low
DNS reputation
Awaiting analysis
medium
showing 8 of 12 ·
Captured page from scan
Captured page
screenshot · captured at scan live page render
Brand impersonation visual + DOM analysis
G
GitLab
100%
Technical profile resolved at scan time
Host docs.gitlab.com
Registered domain gitlab.com
Scheme https
Content length 65447 B
HTTP 200 · text/html
Analyst summary AI-generated
Initial scan heuristic + LLM

The page is a GitLab documentation site (“Installing GitLab by using Helm”) providing technical instructions for deploying GitLab on Kubernetes using Helm. The URL is on a legitimate GitLab documentation domain (docs.gitlab.com) and the HTML/OCR text show standard GitLab Docs navigation and content rather than any account-recovery or login flow.

Suspicious phishing indicators are not present: there is no credential-collection form (no password/email fields, no login UI), no fake security/urgent warnings, and no mismatched branding or lookalike-payment branding. While the page includes external links and a “Try GitLab for free” CTA, these are typical marketing/navigation elements and not embedded credential harvesting.

Overall, the strong brand consistency (GitLab Docs theme, navigation labels, and the technical Helm/Kubernetes content) combined with the first-party-looking URL structure indicates this is legitimate.