The full anatomy of a phishing site,
one URL at a time.
ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.
Phishing detected
| URL | hxxps://upgrade-your-netflix-plan-free@6c6977024594df[.]lhr[.]life | |
| Brand | Netflix | |
| Screenshot | https://cdn.zerophish.ai/aba4f586-7504-486a-b191-f17dea90595d.jpg | |
| Scan ID | aad7a4da-eb07-4153-aa21-ccbde66cfc76 |
No detection signals on this scan — it predates the signal pipeline. Re-analyze to capture them.
No brand impersonation signals available.
No technical metadata captured for this scan.
The website is identified as a potential phishing site. Firstly, the URL includes a suspicious portion ‘upgrade-your-netflix-plan-free’ before an ‘@’ symbol, which is a common phishing technique to confuse users about the actual domain. The HTML content mimics the Netflix login page, indicating that it tries to trick the user into providing their login details. The OCR-extracted text also shows that it’s designed to look like a legitimate Netflix page, copying typical Netflix features such as sign-in procedures, help links, and information about reCAPTCHA security. But the mentioned call number ‘000-800-040-1843’ does not match Netflix’s official support number, increasing the suspicion.