The full anatomy of a phishing site,
one URL at a time.
ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.
Phishing detected
| URL | hxxp://Paypal[.]com[.]secure-site[.]com | |
| Brand | Paypal | |
| Screenshot | https://cdn.zerophish.ai/efaaa677-f9d0-4f58-b8dd-c29cfda5c6b0.jpg | |
| Scan ID | eb40d92d-9a8f-4691-9712-63992adcee50 |
No detection signals on this scan — it predates the signal pipeline. Re-analyze to capture them.
No brand impersonation signals available.
No technical metadata captured for this scan.
The URL ‘http://Paypal.com.secure-site.com’ appears suspicious since it includes ‘Paypal.com’ as a subdomain to ‘secure-site.com’, which is a common phishing technique used to trick users into believing they are visiting a legitimate site. The HTML includes elements that resemble a legitimate GoDaddy domain parking page, but the page appears to be imitating ‘Paypal.com’ which is a mismatch. This discrepancy is a common sign that the site could be a phishing site. The domain is also not registered as a PayPal domain, but it might still trick users into believing it is the legitimate PayPal website. Due to these reasons, a high phishing score of 0.9 is given.