The full anatomy of a phishing site,
one URL at a time.
ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.
Phishing detected
| URL | hxxps://fm-att[.]50-6-202-102[.]cprapid[.]com/ap?infoPage=99dea78007133396a7b8ed70578ac6ae&gladiator=2i9p4nikt0KGxVVAQX1RSk9Olgo3Lg3w5xmpJ2sTmFE1rFylBa | |
| Brand | AT&T | |
| Screenshot | https://cdn.zerophish.ai/30f1f79f-c5d9-4867-bfed-43a28b9c0d49.jpg | |
| Scan ID | 7c11ed9d-f081-4b16-b609-563d7378b8a8 |
No detection signals on this scan — it predates the signal pipeline. Re-analyze to capture them.
No brand impersonation signals available.
No technical metadata captured for this scan.
The examined website appears to mimic the legitimate AT&T login page, with similar stylistic elements, branding, and offerings. Upon closer scrutiny, the URL does not match AT&T’s legitimate domain. Additionally, the URL contains suspicious parameters which could be used in phishing attacks to capture user data. The OCR-extracted text matches what one might expect from AT&T’s login page, providing further evidence that this is a well-crafted phishing attempt designed to trick AT&T users into inputting their login credentials on a fraudulent site.