zerophish / console
Register Sign in
URL THREAT INTELLIGENCE · v0.5.0 · OPERATIONAL

The full anatomy of a phishing site,
one URL at a time.

ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.

scan
100 scans / day · free · typical scan 2–4 s ·
try
Result scan df060956
Scan another →
CACHED Showing previous scan from 16 d ago. Click Reanalyze to run a fresh scan.
SAFE · LOW CONFIDENCE

No phishing signals detected

brand Unknown scan id df060956 duration 11.63s signals 0 failing / 12
Risk score 0.15
15 / 100 · Low risk
Tags
URL anatomy cmd-autenticacao.com
https :// cmd-autenticacao . com /
flagged registered domain path protocol / query
Indicators of compromise 4 · click any row to copy
URL hxxps://cmd-autenticacao[.]com/
Host cmd-autenticacao[.]com
Screenshot https://cdn.zerophish.ai/931e0f3e-acc7-4820-b56a-4726c5ef471e.jpg
Scan ID df060956-d342-4da6-b210-798ba706dbf2
Detection signals 0 fail · 0 warn · 7 pass
Brand typo-squat detected
No similar legitimate brand within edit-distance 2
critical
Domain age
Awaiting analysis
high
Threat intel blocklists
Awaiting analysis
critical
Credential collection form
No credential collection form on visible content
high
Visual similarity to known brand
Brand presentation matches the registered owner
high
Favicon impersonation
Favicon matches the registered owner
medium
SSL certificate
Served over HTTPS · valid TLS certificate
low
DNS reputation
Awaiting analysis
medium
showing 8 of 12 ·
Captured page from scan
Captured page
screenshot · captured at scan live page render
Brand impersonation visual + DOM analysis

No brand impersonation signals available.

Technical profile resolved at scan time
Host cmd-autenticacao.com
Registered domain cmd-autenticacao.com
Scheme https
Content length 44167 B
HTTP 200 · text/html
Analyst summary AI-generated
Initial scan heuristic + LLM

The page is not a login or credential-collection form. It is a Cloudflare-branded block page stating: “Suspected Phishing” and “This website has been reported for potential phishing,” with a disabled “Ignore & Proceed” button, plus a “Learn More” link to Cloudflare documentation.

Because the content is a security interstitial rather than a spoofed brand checkout/login, there are no visible signals of harvesting credentials (no password/OTP fields) and no mismatched branding to a specific third-party. The main suspicious factor is the hosting on a non-matching/unknown domain (cmd-autenticacao.com), but the provided HTML indicates Cloudflare is intercepting.

Overall, treat it as a likely blocked/safety page and label as not phishing based on the evidence shown; however, confidence remains low since the snippet does not show what may exist behind the block or what the legitimate target should be.