zerophish / console
Register Sign in
URL THREAT INTELLIGENCE · v0.5.0 · OPERATIONAL

The full anatomy of a phishing site,
one URL at a time.

ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.

scan
100 scans / day · free · typical scan 2–4 s ·
try
Result scan 3e07bfc8
Scan another →
CACHED Showing previous scan from 517 d ago. Click Reanalyze to run a fresh scan.
PHISHING · MEDIUM CONFIDENCE

Phishing detected

brand phpList scan id 3e07bfc8 duration signals 0 failing / 0
Risk score 0.85
85 / 100 · —
Tags
URL anatomy
https :// .
flagged registered domain path protocol / query
Indicators of compromise 3 · click any row to copy
URL hxxps://newwebserv561651[.]hosted[.]phplist[.]com/
Brand phpList
Scan ID 3e07bfc8-66b9-41f6-9931-af05b776a64c
Detection signals 0 fail · 0 warn · 0 pass

No detection signals on this scan — it predates the signal pipeline. Re-analyze to capture them.

Captured page from scan
no screenshot
screenshot · captured at scan live page render
Brand impersonation visual + DOM analysis

No brand impersonation signals available.

Technical profile resolved at scan time

No technical metadata captured for this scan.

Analyst summary AI-generated
Initial scan heuristic + LLM

The website is likely to be a phishing site. Although the HTML content does not exhibit any typical phishing social engineering techniques, the URL is highly suspicious. The legitimate URL for phpList is ‘https://www.phplist.com’, however, the examined site’s URL is ‘https://newwebserv561651.hosted.phplist.com/‘ which is different from the legitimate one. Furthermore, the domain name ‘newwebserv561651.hosted.phplist.com’ does not seem to be a domain associated with the official phpList brand. Also, it is unusual for an official site to use an email from different domain ‘@outlook.fr’ for contacting the system administrator.