URL THREAT INTELLIGENCE · v0.5.0 · OPERATIONAL
The full anatomy of a phishing site,
one URL at a time.
ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.
100 scans / day · free
·
typical scan 2–4 s
·
try
PHISHING · MEDIUM CONFIDENCE
Phishing detected
Risk score
0.90
90 / 100 · —
URL anatomy
https
://
.
flagged
registered domain
path
protocol / query
Indicators of compromise
| URL | hxxps://1153002[.]wcomhost[.]com/ | |
| Brand | web.com | |
| Screenshot | https://cdn.zerophish.ai/3a6dbe78-edfe-47b7-b4d2-70498edb72f7.jpg | |
| Scan ID | 3c2627f0-dc39-4bce-8f9a-e63acfca3332 |
Detection signals
No detection signals on this scan — it predates the signal pipeline. Re-analyze to capture them.
Captured page
Brand impersonation
No brand impersonation signals available.
Technical profile
No technical metadata captured for this scan.
Analyst summary
Initial scan
Upon analysis of the webpage, the following points were noteworthy:
- The domain name 1153002.wcomhost.com does not match the identified brand name ‘web.com’ in the HTML content of the webpage, which increases its phishing risk.
- The HTML content of the webpage includes suspicious elements such as an unusual login form requesting the User ID and Password.
- Use of social engineering technique is found in the extracted text which claims that the website is built with ‘web.com AI-powered Website Builder’, presumably as an attempt to convince the user that the webpage is legitimate.
Based on these observations, the site is likely to be a phishing site with a high phishing score of 0.9.