zerophish / console
Register Sign in
URL THREAT INTELLIGENCE · v0.5.0 · OPERATIONAL

The full anatomy of a phishing site,
one URL at a time.

ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.

scan
100 scans / day · free · typical scan 2–4 s ·
try
Result scan 9735f3b9
Scan another →
CACHED Showing previous scan from 16 d ago. Click Reanalyze to run a fresh scan.
SAFE · MEDIUM CONFIDENCE

No phishing signals detected

brand Unknown scan id 9735f3b9 duration 13.25s signals 0 failing / 12
Risk score 0.12
12 / 100 · Low risk
Tags
URL anatomy designmd.ai
https :// designmd . ai /cli
flagged registered domain path protocol / query
Indicators of compromise 4 · click any row to copy
URL hxxps://designmd[.]ai/cli
Host designmd[.]ai
Screenshot https://cdn.zerophish.ai/851ea688-a441-4c6f-b4ae-b60e16af5694.jpg
Scan ID 9735f3b9-b3dc-485c-8c6f-3d035532ca83
Detection signals 0 fail · 0 warn · 7 pass
Brand typo-squat detected
No similar legitimate brand within edit-distance 2
critical
Domain age
Awaiting analysis
high
Threat intel blocklists
Awaiting analysis
critical
Credential collection form
No credential collection form on visible content
high
Visual similarity to known brand
Brand presentation matches the registered owner
high
Favicon impersonation
Favicon matches the registered owner
medium
SSL certificate
Served over HTTPS · valid TLS certificate
low
DNS reputation
Awaiting analysis
medium
showing 8 of 12 ·
Captured page from scan
Captured page
screenshot · captured at scan live page render
Brand impersonation visual + DOM analysis

No brand impersonation signals available.

Technical profile resolved at scan time
Host designmd.ai
Registered domain designmd.ai
Scheme https
Content length 70857 B
HTTP 200 · text/html
Analyst summary AI-generated
Initial scan heuristic + LLM

What the page is presenting

The page at https://designmd.ai/cli displays a bot/security interstitial titled “Just a moment…” and “Performing security verification”. It instructs the user that a security service is checking whether they are a legitimate browser.

Suspicious elements checked

  • No credential/credential-harvesting form found: The HTML and OCR text only show verification messaging (e.g., “This website uses a security service to protect against malicious bots. This page is displayed while the website verifies you are not a bot.”) and do not include login, password, or payment fields.
  • No fake security warnings beyond the generic challenge: The messaging is specifically framed as a bot check, not an account-compromise alert (no “your account will be suspended” or “confirm credentials to avoid locking”).
  • No brand impersonation cues: There is no indication the page is impersonating a third-party brand like PayPal/Microsoft/Apple. The only brand-like reference is the security provider footer.
  • Cloudflare challenge indicators present: Footer text says “Performance and Security by Cloudflare” and links point to cloudflare.com, consistent with a legitimate anti-bot challenge page.

URL vs claimed brand

The page identifies designmd.ai (via the visible heading) and the security provider Cloudflare in the footer. The URL domain (designmd.ai) matches the site identity shown. There is no conflicting domain/brand pairing typical of phishing (e.g., PayPal content on a non-paypal.com domain).

Conclusion

This page appears to be a legitimate Cloudflare security verification interstitial rather than a phishing form. While bot challenges can be abused, the provided content contains no credential collection and shows standard challenge wording and Cloudflare attribution.