The full anatomy of a phishing site,
one URL at a time.
ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.
Phishing detected
| URL | hxxps://registro-digital-ahop-2026[.]cr-web[.]workers[.]dev/firma-digital?id=banco-nacional | |
| Brand | banco-nacional | |
| Screenshot | https://cdn.zerophish.ai/1c935dd2-ff64-4282-bcdf-3b2bc676a9c7.jpg | |
| Scan ID | bd0d82da-f491-4d30-8177-9f39aa6db25e |
No detection signals on this scan — it predates the signal pipeline. Re-analyze to capture them.
No brand impersonation signals available.
No technical metadata captured for this scan.
The URL provided (https://registro-digital-ahop-2026.cr-web.workers.dev/firma-digital?id=banco-nacional) suggests a suspicious domain as it does not seem to belong to the brand, banco-nacional. The HTML content of the site reveals a sign-in form, which is a common phishing technique used to trick users into providing their sensitive information - they may falsely believe they are login into their bank account. Also, elements on the page such as ‘Iniciar sesión en su entidad financiera (Login to your financial entity)’, ‘Usuario (User)’, and ‘Contraseña (Password)’ suggest a phishing attempt. Therefore, it’s safe to assume that this is likely a phishing site.