zerophish / console
Register Sign in
URL THREAT INTELLIGENCE · v0.5.0 · OPERATIONAL

The full anatomy of a phishing site,
one URL at a time.

ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.

scan
100 scans / day · free · typical scan 2–4 s ·
try
Result scan cd90fcad
Scan another →
CACHED Showing previous scan from 12 d ago. Click Reanalyze to run a fresh scan.
SAFE · HIGH CONFIDENCE

No phishing signals detected

brand PayPal scan id cd90fcad duration 21.35s signals 1 failing / 12
Risk score 0.02
2 / 100 · Low risk
Tags
URL anatomy www.paypal.com
https :// www . paypal . com /
flagged registered domain path protocol / query
Indicators of compromise 6 · click any row to copy
URL hxxps://www[.]paypal[.]com/
Host www[.]paypal[.]com
Registered domain paypal[.]com
Brand PayPal
Screenshot https://cdn.zerophish.ai/03ac835d-c8a7-492a-8ee4-8ad3820884fc.jpg
Scan ID cd90fcad-ca80-40ad-8adc-24b99286e4b2
Related detections 1 other scan on this registered domain
378 d ago
 PHISHING Paypal.com.secure-site.com view →
Detection signals 1 fail · 0 warn · 6 pass
Brand typo-squat detected
Registered brand domain
critical
Domain age
Awaiting analysis
high
Threat intel blocklists
Awaiting analysis
critical
Credential collection form
No credential collection form on visible content
high
×
Visual similarity to known brand
100% structural similarity to PayPal
high
Favicon impersonation
Favicon matches the registered owner
medium
SSL certificate
Served over HTTPS · valid TLS certificate
low
DNS reputation
Awaiting analysis
medium
showing 8 of 12 ·
Captured page from scan
Captured page
screenshot · captured at scan live page render
Brand impersonation visual + DOM analysis
P
PayPal
paypal.com
100%
Technical profile resolved at scan time
Host www.paypal.com
Registered domain paypal.com
Scheme https
Content length 461537 B
HTTP 200 · text/html
JARM 7937937937937936029629626026024238c59ffd2d713659b02625529af55c
Redirect hops 2
Analyst summary AI-generated
Initial scan heuristic + LLM

Page presentation

The page presents itself as the official PayPal US homepage (title: “Pay, Send and Save Money with PayPal | PayPal US”) and includes typical marketing sections like “Pay, send, and save smarter,” “Send,” “Split/Pool,” and “Pay in 4.”

Suspicious-element review (phishing signals)

  • Credential collection form: Not observed in the provided HTML/OCR. The content appears to be promotional/informational; no password fields or login/checkout form elements are shown.
  • Fake security/urgency warnings: No phrases like “account locked,” “suspicious activity,” “immediate action required,” or similar red-flag alerts appear in the provided text.
  • Mismatched branding / deceptive domain signals: The URL is https://www.paypal.com/ and the page branding explicitly matches PayPal throughout. There are no signs of a lookalike domain, URL mismatch, or odd subdomain patterns.
  • Suspicious redirects: No redirect behavior is indicated by the simplified HTML provided.

Brand/URL relationship

The identified brand is PayPal, and the page is served from paypal.com (the real primary domain). This alignment strongly argues against phishing.

Verdict

Given the correct first-party domain, consistent PayPal branding, and absence of any credential-harvesting UI or urgency-based social engineering in the provided material, this page is best classified as legitimate.