GrizzlyGrizzly

Zero-hour phishing detection

Blocklists tell you what's already known. Grizzly scans the page itself and returns a decisive verdict — the moment a phishing site goes live. Built for developers, security integrators, and email gateways.

Scan a URL

Free with sign-up. Integrate via API once you're ready.

One scan, two ways to see it.

Web UI

API

{
  "url": "https://hostingoo.sviluppo.host/ss/",
  "classification": "phish",
  "target_brand": "Apple",
  "page_intention": "credential_collection",
  "reasons": [
    "DNS nameservers do not match Apple's",
    "TLS certificate has no organization information",
    "Domain is not operated by Apple",
    "TLS certificate was issued very recently"
  ]
}
// trimmed for display

What you can build

Email security gateways
Score links in inbound mail before they reach a user's inbox.
SOC & threat intel
Triage suspicious URLs at scale and enrich alerts with a verdict and reasons.
Link scanners
Check user-submitted links in chat, comments, or UGC before rendering them.
Account protection
Flag phishing in password-reset and verification flows that target your brand.

How it works

Real-time classification
Pages are evaluated the moment they load or the moment you submit a URL — no crawl queue, no waiting for a feed to update.
Brand-aware detection
Grizzly identifies who a page claims to be and what it's trying to collect — even when the brand appears nowhere in the URL, and even for brands no blocklist ever catalogued.
One engine, every surface
The same classification engine powers the API, the web app, and the browser extension.
Available in theChrome Web Store

Also available as a Chrome extension

Grizzly for Chrome catches deceptive login pages and suspicious Gmail links in real time. Free and anonymous.

Start free

The free tier includes 10 scans per day — intended for evaluation and personal use. For higher-volume integrations, get in touch.

Scan a URL

Free with sign-up. Integrate via API once you're ready.