URL THREAT INTELLIGENCE · v0.5.0 · OPERATIONAL

The full anatomy of a phishing site,
one URL at a time.

ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.

100 scans / day · free · typical scan 2–4 s ·

try

PHISHING · MEDIUM CONFIDENCE

Phishing detected

brand Serasa scan id f415106e duration — signals 0 failing / 0

Risk score 0.85

85 / 100 · —

Was this verdict correct?

Tags

URL anatomy

https :// .

flagged registered domain path protocol / query

Indicators of compromise 3 · click any row to copy

Defang hxxps://example[.]com

URL	hxxps://feirao2024[.]online/
Brand	Serasa
Scan ID	f415106e-21bb-44a7-bf54-7a98265d08c3

Detection signals 0 fail · 0 warn · 0 pass

No detection signals on this scan — it predates the signal pipeline. Re-analyze to capture them.

Captured page from scan

no screenshot

screenshot · captured at scan live page render

Brand impersonation visual + DOM analysis

No brand impersonation signals available.

Technical profile resolved at scan time

No technical metadata captured for this scan.

Analyst summary AI-generated

Initial scan heuristic + LLM

The webpage seems to be an imitation of a Serasa login page while being hosted on a domain not associated to the Serasa brand. The web page also prompts the users to input their CPF (a Brazilian social security number), which is a common phishing strategy. Furthermore, the URL seems unrelated to Serasa, increasing suspicion.

The full anatomy of a phishing site, one URL at a time.

Phishing detected

The full anatomy of a phishing site,
one URL at a time.