The full anatomy of a phishing site,
one URL at a time.
ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.
No phishing signals detected
| URL | hxxps://www[.]20min[.]ch/ | |
| Host | www[.]20min[.]ch | |
| Registered domain | 20min[.]ch | |
| Brand | 20 Minuten | |
| Screenshot | https://cdn.zerophish.ai/33ed1556-350b-4a79-a7b9-1a2d11a3884b.jpg | |
| Scan ID | 956ff8be-de74-45ab-a9ff-471d16720673 |
| Host | www.20min.ch |
| Registered domain | 20min.ch |
| Scheme | https |
| Content length | 1115768 B |
| HTTP | 200 · text/html |
| JARM | 7937937937937938c28c28c28c2602366908fabef72f2cf3a79c7f9d962e4a |
| Redirect hops | 1 |
The page presents itself as a German/Swiss news portal (“20 Minuten: Aktuelle Nachrichten, Schlagzeilen - News von Jetzt”) with navigation links like “News,” “Video,” “Wetter,” and sections such as “WM 2026.”
Suspicious phishing techniques are not evident in the provided HTML/OCR: there is no login or password/credential input, no urgent account-verification or security-warning copy, and no request to submit personal or payment information. The content shown is typical of a legitimate publisher site (news ticker headlines, video listings, and site services such as “E-Paper,” “RSS Feed,” and “Impressum & Team”).
The URL uses the site’s own domain, https://www.20min.ch/, matching the brand name indicated by the logo path in the HTML (“/logos/20min-logo-light-mode.svg”). There are no signals of a mismatched domain, deceptive redirects, or favicon/visual impersonation.
Overall, the evidence strongly supports that this is a legitimate media website rather than a phishing page.