zerophish / console
Register Sign in
URL THREAT INTELLIGENCE · v0.5.0 · OPERATIONAL

The full anatomy of a phishing site,
one URL at a time.

ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.

scan
100 scans / day · free · typical scan 2–4 s ·
try
Result scan f2511232
Scan another →
CACHED Showing previous scan from 427 d ago. Click Reanalyze to run a fresh scan.
PHISHING · MEDIUM CONFIDENCE

Phishing detected

brand Coinbase scan id f2511232 duration signals 0 failing / 0
Risk score 0.90
90 / 100 · —
Tags
URL anatomy
https :// .
flagged registered domain path protocol / query
Indicators of compromise 4 · click any row to copy
URL hxxps://download[.]c0inbase-vn[.]com
Brand Coinbase
Screenshot https://cdn.zerophish.ai/52c9456f-b801-4893-96f4-d98a05989fb5.jpg
Scan ID f2511232-a42e-45f3-bd35-34bcef01df35
Detection signals 0 fail · 0 warn · 0 pass

No detection signals on this scan — it predates the signal pipeline. Re-analyze to capture them.

Captured page from scan
Captured page
screenshot · captured at scan live page render
Brand impersonation visual + DOM analysis

No brand impersonation signals available.

Technical profile resolved at scan time

No technical metadata captured for this scan.

Analyst summary AI-generated
Initial scan heuristic + LLM

The URL registered at ‘https://download.c0inbase-vn.com’ does not appear to be associated with the ‘Coinbase’ brand, and uses a common phishing technique of replacing letters with number or other characters (‘0’ in place of ‘o’). The HTML and OCR-extracted text do not display any direct signature social engineering techniques, but the mismatch between the brand and the URL suggests this may be a phishing site attempting to impersonate ‘Coinbase’.