zerophish / console
Register Sign in
URL THREAT INTELLIGENCE · v0.5.0 · OPERATIONAL

The full anatomy of a phishing site,
one URL at a time.

ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.

scan
100 scans / day · free · typical scan 2–4 s ·
try
Result scan cf3da9e4
Scan another →
CACHED Showing previous scan from 5 h ago. Click Reanalyze to run a fresh scan.
PHISHING · HIGH CONFIDENCE

Phishing detected

brand Unknown scan id cf3da9e4 duration 18.04s signals 0 failing / 12
Risk score 0.95
95 / 100 · High risk
Tags
URL anatomy vendageral-rockinrio.com
https :// vendageral-rockinrio . com /
flagged registered domain path protocol / query
Indicators of compromise 4 · click any row to copy
URL hxxps://vendageral-rockinrio[.]com/
Host vendageral-rockinrio[.]com
Screenshot https://cdn.zerophish.ai/307af6ef-159a-489e-8e29-a27a399e439c.jpg
Scan ID cf3da9e4-0064-4f2b-bd67-c7a812d4655e
Detection signals 0 fail · 0 warn · 7 pass
Brand typo-squat detected
No similar legitimate brand within edit-distance 2
critical
Domain age
Awaiting analysis
high
Threat intel blocklists
Awaiting analysis
critical
Credential collection form
No credential collection form on visible content
high
Visual similarity to known brand
Brand presentation matches the registered owner
high
Favicon impersonation
Favicon matches the registered owner
medium
SSL certificate
Served over HTTPS · valid TLS certificate
low
DNS reputation
Awaiting analysis
medium
showing 8 of 12 ·
Captured page from scan
Captured page
screenshot · captured at scan live page render
Brand impersonation visual + DOM analysis

No brand impersonation signals available.

Technical profile resolved at scan time
Host vendageral-rockinrio.com
Registered domain vendageral-rockinrio.com
Scheme https
Content length 44168 B
HTTP 200 · text/html
JARM 0d39b39b30d30d37d20320327d20122de7c02fe862e334985aa656e5df0651
Redirect hops 1
Analyst summary AI-generated
Initial scan heuristic + LLM

Verdict: Phishing

This page is not presenting a legitimate login or checkout for a real brand. Instead, it shows a Cloudflare “Suspected Phishing” interstitial, warning that the requested site has been flagged for potential credential theft.

Suspicious elements found

  • Explicit anti-phishing / block page: The HTML contains Cloudflare’s warning UI:
    • Suspected Phishing
    • This website has been reported for potential phishing.
    • “Phishing is when a site attempts to steal sensitive information by falsely presenting as a safe source.”
  • Bypass mechanism present: There is a form pointing to “/cdn-cgi/phish-bypass” with an “Ignore & Proceed” button (disabled in the provided HTML). The presence of a phishing-bypass flow is a strong indicator that the site is under active phishing suspicion.
  • No legitimate brand content: The page does not show any recognizable product branding or identity claim (e.g., PayPal, Bank, Amazon) in the HTML/OCR—only the Cloudflare warning and generic explanatory text.

Brand identity & URL check

  • Identified brand: None. The only brand-like element visible is the “Cloudflare” warning/footer.
  • URL relevance: The requested URL is vendageral-rockinrio.com, a non-official domain with a Cloudflare phishing warning overlay. There is no evidence it corresponds to a legitimate, verified “Rock in Rio” property or any major brand’s real registered domain.

Conclusion

Given Cloudflare’s explicit “Suspected Phishing” report, the dedicated phishing-bypass route, and the lack of legitimate brand/transaction UI, the safest classification is phishing. No credential-collection form is shown on this interstitial itself, but the surrounding site behavior is what triggered the block.