zerophish / console
Register Sign in
URL THREAT INTELLIGENCE · v0.5.0 · OPERATIONAL

The full anatomy of a phishing site,
one URL at a time.

ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.

scan
100 scans / day · free · typical scan 2–4 s ·
try
Result scan 94336fbb
Scan another →
CACHED Showing previous scan from 461 d ago. Click Reanalyze to run a fresh scan.
PHISHING · MEDIUM CONFIDENCE

Phishing detected

brand usaa scan id 94336fbb duration signals 0 failing / 0
Risk score 0.85
85 / 100 · —
Tags
URL anatomy
https :// .
flagged registered domain path protocol / query
Indicators of compromise 4 · click any row to copy
URL hxxps://usaa-checklist[.]help/secure-message
Brand usaa
Screenshot https://cdn.zerophish.ai/de7d2144-57eb-4962-b3e3-9dde5045dd17.jpg
Scan ID 94336fbb-444c-430b-b7b9-319da638632e
Detection signals 0 fail · 0 warn · 0 pass

No detection signals on this scan — it predates the signal pipeline. Re-analyze to capture them.

Captured page from scan
Captured page
screenshot · captured at scan live page render
Brand impersonation visual + DOM analysis

No brand impersonation signals available.

Technical profile resolved at scan time

No technical metadata captured for this scan.

Analyst summary AI-generated
Initial scan heuristic + LLM

The URL contains a brand name, ‘usaa’, but the domain does not match the official domain for the company (usaa.com). The subdomain ‘usaa-checklist’ and the domain ‘help/secure-message’ appear to be engineered to entice users to trust the site. The site displays a ‘403 Forbidden’ message, which could be an attempt to fake an error to avoid being flagged as phishing. The HTML shows a plain ‘403 Forbidden’ page with no costumed branding elements, which is another suspicious sign. Overall, the site is highly suspect.