URL THREAT INTELLIGENCE · v0.5.0 · OPERATIONAL

The full anatomy of a phishing site,
one URL at a time.

ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.

100 scans / day · free · typical scan 2–4 s ·

try

SAFE · LOW CONFIDENCE

No phishing signals detected

brand Unknown scan id 9d450054 duration 7.49s signals 0 failing / 12

Risk score 0.15

15 / 100 · Low risk

Was this verdict correct?

Tags

URL anatomy mobimera.com

https :// mobimera . com /click ? key=7bc438a073a94ad7b5b61c48eb812a04&SUB_ID_SHORT=68a5102528243b3f39c6f5bb9918c454&COST_CPA=2.000000&CAMPAIGN_ID=1419454&PLACEMENT_ID=26582443&PUBLISHER_ID=2000617&ZONE_ID=4941353&REMOTE_LANGUAGE_CODE=en&BROWSER_NAME=Mobile%20Safari&USER_OS=iOS&USER_OS_VER=26.5&DEVICE_BRAND=Apple&DEVICE_MODEL=iPhone&USER_CARRIER=Cloudflare%20Warp&LANDING_ID=6658783&BANNER_ID=3759950&PRELAND_ID=&REMOTE_COUNTRY=Switzerland&REMOTE_IP=104.28.221.246&USERAGENT=Mozilla%2F5.0%20%28iPhone%3B%20CPU%20iPhone%20OS%2018_7%20like%20Mac%20OS%20X%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F26.5%20Mobile%2F15E148%20Safari%2F604.1&USER_CITY=Zurich&COUNTRY_CODE=CH&__bjs=eyJiIjp7ImpzIjoxLCJjIjoxLCJjbiI6MSwibSI6MSwiZG0iOjAsIm1jZiI6MCwiYmEiOjEsIm1wNGEiOjEsIm1wNHQiOjAsIm10Ijo1LCJ0eiI6LTEyMCwidWEiOiJNb3ppbGxhLzUuMCAoaVBob25lOyBDUFUgaVBob25lIE9TIDE4XzcgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzI2LjUgTW9iaWxlLzE1RTE0OCBTYWZhcmkvNjA0LjEiLCJwIjoiaVBob25lIiwicnRjIjoxLCJzIjoxLCJ2IjowfSwiYSI6eyJjMSI6MCwidyI6MCwiY3ciOjAsImFlIjowLCJ0cyI6MSwic2kiOjB9LCJ3ZyI6eyJ2IjoiQXBwbGUgSW5jLiIsInIiOiJBcHBsZSBHUFUiLCJlIjowfSwicyI6eyJwciI6MywidyI6NDMwLCJoIjo5MzIsIml3Ijo0MzAsImloIjo3NzUsIm93Ijo0MzAsIm9oIjo5MzIsImF3Ijo0MzAsImFoIjo5MzIsImNkIjoyNCwicGQiOjI0fSwibiI6eyJlIjoxfSwiaCI6eyJoYyI6NCwia2wiOiIwIn0sIm0iOnsiYSI6MSwiZyI6MSwibSI6MX0sInQiOnsiZSI6MSwicCI6NSwicGUiOjF9LCJzdCI6eyJsIjoxLCJzIjoxLCJpIjoxfSwibnciOm51bGwsImYiOjAsIm13IjoxfQ==&__originalReferer=https%3A%2F%2Fgmc-infotainment-system-reset.pages.dev%2F

flagged registered domain path protocol / query

Indicators of compromise 4 · click any row to copy

Defang hxxps://example[.]com

URL	hxxps://mobimera[.]com/click?key=7bc438a073a94ad7b5b61c48eb812a04&SUB_ID_SHORT=68a5102528243b3f39c6f5bb9918c454&COST_CPA=2[.]000000&CAMPAIGN_ID=1419454&PLACEMENT_ID=26582443&PUBLISHER_ID=2000617&ZONE_ID=4941353&REMOTE_LANGUAGE_CODE=en&BROWSER_NAME=Mobile%20Safari&USER_OS=iOS&USER_OS_VER=26[.]5&DEVICE_BRAND=Apple&DEVICE_MODEL=iPhone&USER_CARRIER=Cloudflare%20Warp&LANDING_ID=6658783&BANNER_ID=3759950&PRELAND_ID=&REMOTE_COUNTRY=Switzerland&REMOTE_IP=104[.]28[.]221[.]246&USERAGENT=Mozilla%2F5[.]0%20%28iPhone%3B%20CPU%20iPhone%20OS%2018_7%20like%20Mac%20OS%20X%29%20AppleWebKit%2F605[.]1[.]15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F26[.]5%20Mobile%2F15E148%20Safari%2F604[.]1&USER_CITY=Zurich&COUNTRY_CODE=CH&__bjs=eyJiIjp7ImpzIjoxLCJjIjoxLCJjbiI6MSwibSI6MSwiZG0iOjAsIm1jZiI6MCwiYmEiOjEsIm1wNGEiOjEsIm1wNHQiOjAsIm10Ijo1LCJ0eiI6LTEyMCwidWEiOiJNb3ppbGxhLzUuMCAoaVBob25lOyBDUFUgaVBob25lIE9TIDE4XzcgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzI2LjUgTW9iaWxlLzE1RTE0OCBTYWZhcmkvNjA0LjEiLCJwIjoiaVBob25lIiwicnRjIjoxLCJzIjoxLCJ2IjowfSwiYSI6eyJjMSI6MCwidyI6MCwiY3ciOjAsImFlIjowLCJ0cyI6MSwic2kiOjB9LCJ3ZyI6eyJ2IjoiQXBwbGUgSW5jLiIsInIiOiJBcHBsZSBHUFUiLCJlIjowfSwicyI6eyJwciI6MywidyI6NDMwLCJoIjo5MzIsIml3Ijo0MzAsImloIjo3NzUsIm93Ijo0MzAsIm9oIjo5MzIsImF3Ijo0MzAsImFoIjo5MzIsImNkIjoyNCwicGQiOjI0fSwibiI6eyJlIjoxfSwiaCI6eyJoYyI6NCwia2wiOiIwIn0sIm0iOnsiYSI6MSwiZyI6MSwibSI6MX0sInQiOnsiZSI6MSwicCI6NSwicGUiOjF9LCJzdCI6eyJsIjoxLCJzIjoxLCJpIjoxfSwibnciOm51bGwsImYiOjAsIm13IjoxfQ==&__originalReferer=https%3A%2F%2Fgmc-infotainment-system-reset[.]pages[.]dev%2F
Host	mobimera[.]com
Screenshot	https://cdn.zerophish.ai/59ede4c2-e37f-44e4-8c12-f17e0b397446.jpg
Scan ID	9d450054-e8d9-416b-9b87-c3d064acd906

Related detections 1 other scan on this registered domain

15 d ago

SUSPICIOUS

mobimera.com

safe

Detection signals 0 fail · 0 warn · 7 pass

Brand typo-squat detected

No similar legitimate brand within edit-distance 2

critical

Domain age

Awaiting analysis

high

Threat intel blocklists

Awaiting analysis

critical

Credential collection form

No credential collection form on visible content

high

Visual similarity to known brand

Brand presentation matches the registered owner

high

Favicon impersonation

Favicon matches the registered owner

medium

SSL certificate

Served over HTTPS · valid TLS certificate

low

DNS reputation

Awaiting analysis

medium

showing 8 of 12 ·

Captured page from scan

screenshot · captured at scan live page render

Brand impersonation visual + DOM analysis

No brand impersonation signals available.

Technical profile resolved at scan time

Host	mobimera.com
Registered domain	mobimera.com
Scheme	https
Content length	42581 B
HTTP	200 · text/html

Analyst summary AI-generated

Initial scan heuristic + LLM

The page is a generic marketing landing (“Digital Safety Hub”) with an “Learn More” button and no visible credential or payment collection. The URL is a tracking/click redirect on mobimera.com, but the provided HTML does not show any login form, urgent account warnings, or brand impersonation cues. Because there’s no concrete credential-harvesting content in the supplied HTML/OCR and no identifiable target brand, the phishing evidence is weak; overall it leans likely legitimate (or at least not clearly phishing) with low confidence due to limited context.

The full anatomy of a phishing site, one URL at a time.

No phishing signals detected

The full anatomy of a phishing site,
one URL at a time.