BenchmarksStack Ranking
H33-VaultH33-ShareH33-ShieldH33-HealthH33-KeyH33-GatewayH33-128H33-CKKSH33-256H33-FHE-IQFHE OverviewZK LookupsBiometricsH33-3-KeyH33-MPCPQC ArchitecturePQ VideoH33-AI ComplianceH33-FraudShieldH33-MedVaultH33-VaultKeyH33-QuantumVaultH33-ZK-ProvenH33-ZK-PhishH33-DeviceProofH33-BotShieldBlind Mode Demo
APIsPricingDocsWhite PaperTokenBlogAboutSecurity Demo
Log InTalk to UsGet API Key
Verify It Yourself
ANTI-PHISHING

Every Link Checked. Every Email Verified. Every Page Proven.

H33-ZK-Phish uses zero-knowledge proofs to verify the authenticity of every link, email, and page you interact with — before you click. Not after.

6
Proof streams
<50µs
Per verification
0
Data exposed
0
User friction
Start Free Watch Demo Read the Docs
THE PROBLEM

Spam filters catch 95%. The other 5% is the problem.

The phishing emails that get through are the ones engineered to get through. They use valid certificates, real domains with one character changed, and pixel-perfect page clones.

Today

Spam filters catch 95% of phishing emails. The other 5% — the targeted, well-crafted ones — get through. They use valid certificates, real domains with one character changed, and pixel-perfect page clones. Your employees click. Your data is gone.

With ZK-Phish

Every link is verified before it opens. Every email is authenticated beyond DKIM/SPF. Every login page is compared against its real structure. The 5% that gets through spam filters gets caught by math.

VERIFICATION ARCHITECTURE

6 Zero-Knowledge Proof Streams

Every check runs all 6 streams simultaneously. SHA3-256 commitments verify every claim. Zero-knowledge — nothing about the user or their data is revealed.

STREAM 1
Domain DNA
Detects lookalike domains, homoglyphs (rn→m, 0→O), suspicious TLDs, and freshly registered domains. Levenshtein distance + Cyrillic homoglyph map + WHOIS age analysis.
STREAM 2
Certificate Binding
Verifies the TLS certificate was issued to the CLAIMED entity, not just any entity. Checks issuer against 20 known CAs, validates SAN matching, detects self-signed certs.
STREAM 3
Page Structure
Hashes the DOM skeleton of login pages and compares against known-good commitments. Detects cloned pages even when they look pixel-perfect. Catches hidden iframes, external form actions, and suspicious JavaScript.
STREAM 4
Link Destination
Compares displayed URL text against actual href destination. Follows redirect chains up to 5 hops. Detects URL shorteners, javascript: URLs, data: URLs, and @ sign attacks.
STREAM 5
Email Origin
Verifies DKIM signature alignment with From domain. Checks SPF and DMARC results. Analyzes Received header chain for suspicious relays. Validates From/Return-Path alignment.
STREAM 6
QR Payload
Decodes QR codes and verifies the payload matches the claimed destination. Detects evil twin WiFi configurations, malicious vCard URLs, and phishing links embedded in QR codes.
HOW IT WORKS

Three steps. Microseconds.

ZK-Phish intercepts, proves, and delivers a verdict — all before the page loads.

Step 01 — Intercept
Capture Every Interaction
ZK-Phish sits between your users and the content. Every link click, every email open, every page load passes through verification. No browser extension required — works at the DNS, proxy, or API layer.
Step 02 — Prove
6 Simultaneous Proof Streams
6 proof streams run simultaneously in microseconds. SHA3-256 commitments verify every claim. Zero-knowledge — nothing about the user or their data is revealed. The math does the work, not heuristics.
Step 03 — Verdict
Score 0–100
Legitimate (80+), Suspicious (50–80), Phish (below 50). One critical failure — like a homoglyph domain with a 2-day-old WHOIS record — collapses the score to zero. No ambiguity.
COVERAGE

10 Phishing Techniques It Catches

From simple typosquats to sophisticated multi-redirect chains. Every technique that bypasses spam filters — caught by proof.

01
Homoglyph Domains
chas3.com
02
Lookalike Subdomains
chase.secure.login.evil.com
03
Valid Cert on Fake Domain
Let's Encrypt + phish.io
04
Cloned Login Pages
pixel-perfect DOM clone
05
Link Text/Href Mismatch
<a href="evil">bank.com</a>
06
URL Shortener Hiding
bit.ly/3xR... → phish
07
DKIM Domain Mismatch
From: bank.com via evil.com
08
Spoofed Return Path
Return-Path ≠ From
09
Evil Twin QR Codes
WiFi / vCard phish
10
JavaScript/Data URI Attacks
javascript:void(...)
PERFORMANCE

Microsecond Verification

Every stream completes before the browser finishes the TLS handshake. Cache hits from DashMap resolve in 80 nanoseconds.

12µs
Domain DNA
8µs
Cert Binding
15µs
Page Structure
5µs
Link Dest.
10µs
Email Origin
<50µs
Total / Check
0.08µs
Cache Hit
PRICING

Simple, Usage-Based Pricing

Start free. Scale as your team grows. Every tier includes SHA3-256 zero-knowledge commitments.

Tier Volume Price Includes
Free 1,000 checks/mo $0 URL + link verification
Pro 50,000 checks/mo $49/mo All 6 proof streams + email
Business 500,000 checks/mo $299/mo + page structure + QR + priority
Enterprise Unlimited Custom + on-prem + custom commitments + SLA
Per-check pricing at scale: $0.001 per verification

Pair With ZK-Proven

H33-ZK-Proven protects the connection. H33-ZK-Phish protects the content. Together, they verify both the pipe AND what flows through it. Man-in-the-middle attacks are stopped at the channel level. Phishing attacks are stopped at the content level. Nothing gets through.

Bundle both products for volume pricing
Learn about ZK-Proven →
INTEGRATION

One API Call. Instant Verdict.

Verify any URL, email, or page with a single request. Results in microseconds.

verify-url.js
const result = await h33.phish.verifyUrl({
  url: 'https://chas3-secure.com/login',
  claimed_entity: 'chase.com'
});

// result.verdict = "PHISH"
// result.score = 0.08
// result.reasons = [
// "homoglyph_detected",
// "cert_entity_mismatch",
// "domain_age_2d"
// ]

Stop Phishing Before the Click.

1,000 free checks. No credit card.

Start Free Talk to Us
Free tier includes URL + link verification. Upgrade for all 6 proof streams.