URL THREAT INTELLIGENCE · v0.5.0 · OPERATIONAL

The full anatomy of a phishing site,
one URL at a time.

ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.

100 scans / day · free · typical scan 2–4 s ·

try

PHISHING · MEDIUM CONFIDENCE

Phishing detected

brand SUMUP scan id 52f34064 duration — signals 0 failing / 0

Risk score 0.90

90 / 100 · —

Was this verdict correct?

Tags

URL anatomy

https :// .

flagged registered domain path protocol / query

Indicators of compromise 3 · click any row to copy

Defang hxxps://example[.]com

URL	hxxps://rehuay[.]com/it/sumup/web/login[.]php
Brand	SUMUP
Scan ID	52f34064-5e87-41d9-90d5-9ab310cfe2e6

Detection signals 0 fail · 0 warn · 0 pass

No detection signals on this scan — it predates the signal pipeline. Re-analyze to capture them.

Captured page from scan

no screenshot

screenshot · captured at scan live page render

Brand impersonation visual + DOM analysis

No brand impersonation signals available.

Technical profile resolved at scan time

No technical metadata captured for this scan.

Analyst summary AI-generated

Initial scan heuristic + LLM

The URL https://rehuay.com/it/sumup/web/login.php does not match the brand SUMUP indicated in the HTML. A webpage is imitating SUMUP’s login page which is a common technique used in phishing attacks. The form data is also sent to an unexpected URL send.php this might indicate that it is designed to capture and send login credential data for misuse. Therefore, it is assessed with a high phishing risk of 0.9.

The full anatomy of a phishing site, one URL at a time.

Phishing detected

The full anatomy of a phishing site,
one URL at a time.