The full anatomy of a phishing site,
one URL at a time.
ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.
Suspicious — review required
| URL | hxxps://brt[.]zaagnk[.]cc/track-it | |
| Host | brt[.]zaagnk[.]cc | |
| Registered domain | zaagnk[.]cc | |
| Brand | BRT | |
| Screenshot | https://cdn.zerophish.ai/1bb40e9b-fbb8-4884-8f18-6b45b31e73a7.jpg | |
| Scan ID | f9ab8bef-2e60-4c73-8af7-5d4158f9e86b |
| Host | brt.zaagnk.cc |
| Registered domain | zaagnk.cc |
| Scheme | https |
| Content length | 131168 B |
| HTTP | 200 · text/html |
| JARM | 7939b39b37937930320320320320128c19258acd09ccdea8faad630541ff7e |
| Redirect hops | 1 |
The page presents itself as a BRT (BRT Corriere Espresso) shipment tracking screen, showing “Traccia la tua spedizione” and a tracking number (7255637641), along with a failed-delivery notice and a prompt to “Conferma dati di consegna.” The URL is on a suspicious third-party domain (brt.zaagnk.cc/track-it), not on BRT’s real domain (e.g., brt.it), which is a strong indicator of possible abuse.
Social-engineering signals found: a delivery-failure/urgency prompt (“Tentativo di consegna fallito… aggiorna i dati di recapito entro il: 31/05/2026”) and a safety warning (“Avviso di sicurezza: BRT non richiederà mai i tuoi dati bancari… via e-mail o SMS”), which is commonly used on both legitimate and phishing clones. However, the provided HTML/OCR does not show a password or credential collection form, and the content largely resembles a generic carrier notification flow.
Overall, the mismatch between brand presentation (BRT) and hosting domain raises concern, but evidence of credential harvesting is insufficient from the supplied content; treat as potentially phishing with conservative confidence.