zerophish / console
Register Sign in
URL THREAT INTELLIGENCE · v0.5.0 · OPERATIONAL

The full anatomy of a phishing site,
one URL at a time.

ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.

scan
100 scans / day · free · typical scan 2–4 s ·
try
Result scan 7896793a
Scan another →
CACHED Showing previous scan from 16 d ago. Click Reanalyze to run a fresh scan.
SAFE · HIGH CONFIDENCE

No phishing signals detected

brand Toimistotukku Talka scan id 7896793a duration 6.58s signals 2 failing / 12
Risk score 0.08
8 / 100 · Low risk
Tags
URL anatomy www.talka.com
https :// www . talka . com /
flagged registered domain path protocol / query
Indicators of compromise 6 · click any row to copy
URL hxxps://www[.]talka[.]com/
Host www[.]talka[.]com
Registered domain talka[.]com
Brand Toimistotukku Talka
Screenshot https://cdn.zerophish.ai/e695e367-7b24-4de9-b0cf-bfc89742c192.jpg
Scan ID 7896793a-894e-4f02-8bd4-6c70c03b3515
Detection signals 2 fail · 0 warn · 5 pass
Brand typo-squat detected
No similar legitimate brand within edit-distance 2
critical
Domain age
Awaiting analysis
high
Threat intel blocklists
Awaiting analysis
critical
×
Credential collection form
Credential collection form detected on the page
high
×
Visual similarity to known brand
98% structural similarity to Toimistotukku Talka
high
Favicon impersonation
Favicon matches the registered owner
medium
SSL certificate
Served over HTTPS · valid TLS certificate
low
DNS reputation
Awaiting analysis
medium
showing 8 of 12 ·
Captured page from scan
Captured page
screenshot · captured at scan live page render
Brand impersonation visual + DOM analysis
T
Toimistotukku Talka
98%
Technical profile resolved at scan time
Host www.talka.com
Registered domain talka.com
Scheme https
Content length 607578 B
HTTP 200 · text/html
Analyst summary AI-generated
Initial scan heuristic + LLM

Verdict: legitimate (not phishing)

The page at https://www.talka.com/ presents itself as “Toimistotukku Talka” (Finnish office-supplies/equipment retailer). The HTML title and header content align with this brand, and navigation links remain within the same organization’s site structure.

Brand/identity signals

  • Title shows the business identity: “Toimistotukku Talka | … Teollisuustie 30, Porvoo, Finland”.
  • OCR/visible text repeats the company name and domain context, e.g. “TOIMISTOTUKKU TALKA” and email addresses on the same domain: “@talka.com”.
  • Contact section includes normal business details (phone number, address) and a standard inquiry form.

Phishing / social-engineering checks

  • No credential harvesting login: there is a contact form with fields like “Etunimi / Sukunimi / Yritys / Sähköpostiosoite / Puhelinnumero / Kirjoita viestisi tähän” and a “Lähetä” button, but the page does not contain a password or account-login form.
  • No fake security urgency: the OCR/HTML excerpts show marketing/navigation and a contact workflow, with no messages like account compromise, “verify now”, or time pressure.
  • No mismatched brand or off-domain takeover: primary links include the same host (www.talka.com) and the page identity matches the URL.

Why confidence is high

  • The content is consistent with a real business website (Wix-style layout, clear company identity, and on-brand contact details).
  • The only form present appears to be a general contact/inquiry form, not a credential collection mechanism.

Conclusion

This looks like a legitimate corporate website for Toimistotukku Talka, not a phishing page.