The full anatomy of a phishing site,
one URL at a time.
ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.
No phishing signals detected
| URL | hxxps://nemonicon[.]com | |
| Host | nemonicon[.]com | |
| Brand | Nemonicon | |
| Screenshot | https://cdn.zerophish.ai/845b4a6e-f280-47ab-9afa-86c59e74d019.jpg | |
| Scan ID | a20febb2-f3ac-4301-ad26-931b964385c5 |
| Host | nemonicon.com |
| Registered domain | nemonicon.com |
| Scheme | https |
| Content length | 107302 B |
| HTTP | 200 · text/html |
| JARM | 7939b39b37937938c29629628c260286f3d82c0d5f5c56c1c29a72a8aa219f |
| Redirect hops | 2 |
The page at https://nemonicon.com presents itself as the corporate website for “Nemonicon GmbH” offering Swiss IT services for “Cloud, Security und KI,” including sections like “Unsere Leistungen,” “Microsoft Partner,” and contact/location information.
Suspicious phishing signals are not prominent: there are no visible urgent security warnings, account-takeover messaging, or login/password harvesting flows. The primary form-related element appears to be a legitimate contact request (“Jetzt Beratung anfragen” / “Nachricht senden” with fields “Name, E-Mail, Unternehmen, Nachricht”), which is a normal lead-capture pattern rather than credential collection.
The URL domain matches the displayed brand name (Nemonicon), and the content branding is internally consistent. Because the provided HTML/OCR does not clearly show any password/credential field, phishing is unlikely; however, confidence is set to low because only a simplified snippet is provided and the form behavior (e.g., action/fields) isn’t fully verifiable from the text alone.