zerophish / console
Register Sign in
URL THREAT INTELLIGENCE · v0.5.0 · OPERATIONAL

The full anatomy of a phishing site,
one URL at a time.

ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.

scan
100 scans / day · free · typical scan 2–4 s ·
try
Result scan c7f56c55
Scan another →
CACHED Showing previous scan from 16 d ago. Click Reanalyze to run a fresh scan.
PHISHING · MEDIUM CONFIDENCE

Phishing detected

brand banco-nacional scan id c7f56c55 duration 12.4s signals 0 failing / 12
Risk score 0.90
90 / 100 · High risk
Tags
URL anatomy zerophishex.fly.dev
https :// zerophishex . fly . dev /scans/bd0d82da-f491-4d30-8177-9f39aa6db25e
flagged registered domain path protocol / query
Indicators of compromise 6 · click any row to copy
URL hxxps://zerophishex[.]fly[.]dev/scans/bd0d82da-f491-4d30-8177-9f39aa6db25e
Host zerophishex[.]fly[.]dev
Registered domain fly[.]dev
Brand banco-nacional
Screenshot https://cdn.zerophish.ai/30d4c5a7-6642-45f3-9e0c-7d1622fad371.jpg
Scan ID c7f56c55-f3d8-4ece-994b-632e19be2ee7
Related detections 1 other scan on this registered domain
16 d ago
 PHISHING zerophishex.fly.dev view →
Detection signals 0 fail · 0 warn · 7 pass
Brand typo-squat detected
No similar legitimate brand within edit-distance 2
critical
Domain age
Awaiting analysis
high
Threat intel blocklists
Awaiting analysis
critical
Credential collection form
No credential collection form on visible content
high
Visual similarity to known brand
Brand presentation matches the registered owner
high
Favicon impersonation
Favicon matches the registered owner
medium
SSL certificate
Served over HTTPS · valid TLS certificate
low
DNS reputation
Awaiting analysis
medium
showing 8 of 12 ·
Captured page from scan
Captured page
screenshot · captured at scan live page render
Brand impersonation visual + DOM analysis
b
banco-nacional
15%
Technical profile resolved at scan time
Host zerophishex.fly.dev
Registered domain fly.dev
Scheme https
Content length 62428 B
HTTP 200 · text/html
Analyst summary AI-generated
Initial scan heuristic + LLM

The page is presented as “banco-nacional” (shown in the scan verdict as brand banco-nacional), but the provided URL is on an unrelated domain: https://zerophishex.fly.dev/… (and the OCR also references other non–brand domains such as registro-digital-…/workers.dev). The scan result itself flags phishing with “PHISHING · MEDIUM CONFIDENCE” and a “Risk score 0.90”. No evidence of a live credential form is present in the provided simplified HTML (it appears to be a ZeroPhish scan console), so credential harvesting UI is not directly observable here; however, the OCR claims a sign-in form on the scanned content, which is a common phishing pattern. Overall, the mismatch between brand and hosting domain plus the scan verdict leads to a phishing conclusion.