zerophish / console
Register Sign in
URL THREAT INTELLIGENCE · v0.5.0 · OPERATIONAL

The full anatomy of a phishing site,
one URL at a time.

ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.

scan
100 scans / day · free · typical scan 2–4 s ·
try
Result scan b467ec00
Scan another →
CACHED Showing previous scan from 14 d ago. Click Reanalyze to run a fresh scan.
SUSPICIOUS · LOW CONFIDENCE

Suspicious — review required

brand Unknown scan id b467ec00 duration 14.32s signals 0 failing / 12
Risk score 0.12
12 / 100 · Medium risk
Tags
URL anatomy klelnanzeigen-deutch.7e5fn8.cfd
https :// klelnanzeigen-deutch . 7e5fn8 . cfd /receive/order/3Z9qL3jun8- ? r=0x15&__cf_chl_rt_tk=.O5r4j.5hnX0VhX.iwjje.kiLjBG8TzvQaPfjb8cFEY-1779992130-1.0.1.1-ZEUyerhRQMeb6GLWNZW95dZg1ZMTNXMPiJ.Mn3lJwuo
flagged registered domain path protocol / query
Indicators of compromise 5 · click any row to copy
URL hxxps://klelnanzeigen-deutch[.]7e5fn8[.]cfd/receive/order/3Z9qL3jun8-?r=0x15&__cf_chl_rt_tk=[.]O5r4j[.]5hnX0VhX[.]iwjje[.]kiLjBG8TzvQaPfjb8cFEY-1779992130-1[.]0[.]1[.]1-ZEUyerhRQMeb6GLWNZW95dZg1ZMTNXMPiJ[.]Mn3lJwuo
Host klelnanzeigen-deutch[.]7e5fn8[.]cfd
Registered domain 7e5fn8[.]cfd
Screenshot https://cdn.zerophish.ai/44385920-2e89-436f-9f65-34eca47b9c8e.jpg
Scan ID b467ec00-acb1-492c-b1c5-47c35cda2282
Detection signals 0 fail · 0 warn · 7 pass
Brand typo-squat detected
No similar legitimate brand within edit-distance 2
critical
Domain age
Awaiting analysis
high
Threat intel blocklists
Awaiting analysis
critical
Credential collection form
No credential collection form on visible content
high
Visual similarity to known brand
Brand presentation matches the registered owner
high
Favicon impersonation
Favicon matches the registered owner
medium
SSL certificate
Served over HTTPS · valid TLS certificate
low
DNS reputation
Awaiting analysis
medium
showing 8 of 12 ·
Captured page from scan
Captured page
screenshot · captured at scan live page render
Brand impersonation visual + DOM analysis

No brand impersonation signals available.

Technical profile resolved at scan time
Host klelnanzeigen-deutch.7e5fn8.cfd
Registered domain 7e5fn8.cfd
Scheme https
Content length 71239 B
HTTP 200 · text/html
Analyst summary AI-generated
Initial scan heuristic + LLM

The page does not present a login or credential-collection form. Instead, it shows an anti-bot interstitial: “Just a moment…” and “Performing security verification,” stating Cloudflare protection while it “verifies you are not a bot.”

The domain in the URL/heading is highly suspicious-looking (e.g., klelnanzeigen-deutch.7e5fn8.cfd), but the HTML content itself does not mimic PayPal or another brand, nor does it contain urgent payment/credential prompts. Given the lack of direct phishing UI (no forms, no fake warnings requesting passwords), the evidence for active credential theft is weak.

Conclusion is conservative: this appears more like a blocked/verification page (possibly from a malicious or spoofed domain) rather than a credential-harvesting phishing page itself.