Phishing Analysis
Detailed analysis of captured phishing page
73
Risk Score
High Risk
Threat Level: ALTO
• Impersonating: WeTransfer
- • Threat: Phishing attempt mimicking WeTransfer file download
- • Target: WeTransfer users
- • Method: Fake download button leading to potential malware
- • Exfil: Unknown, but likely malicious file download
- • Indicators: Domain mismatch, unrelated domain content, phishing-like interface
- • Risk: HIGH - Potential malware infection or credential theft
⚠ Risk Factors
- Brand impersonation of WeTransfer on non-official domain
- Contains 1 form(s) with JavaScript submission
- Credential harvesting indicators detected
- Personal info theft indicators detected
Visual Capture
Detection Info
https://lvgseguranca.com.br/wp-content/we/83773922.html
Detected Brand
WeTransfer
Country
International
Confidence
100%
HTTP Status
200
Report ID
3ba14326-507…
Analyzed
2026-01-07 00:57
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T179724C5A9E2C5C1D830926A7E3DE09CC613DD397DB5901C494FAE8C888D7A64DCCAC9D |
|
CONTENT
ssdeep
|
192:SLwJ7tvTKuuvhAZ44vW398QNJdJdrUWi5cPQ1+LKNon/KNwJORY1xVVCsQufEUo9:Sc/TKusK49SQnp7i5cNLKeARYvWc0 |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e0e00f0fea8f0fe8 |
|
VISUAL
aHash
|
01c0f8f0e0000000 |
|
VISUAL
dHash
|
6b90929096788000 |
|
VISUAL
wHash
|
f1f0f8fef0600000 |
|
VISUAL
colorHash
|
00000000e00 |
|
VISUAL
cropResistant
|
4d14672716680c8e,6b90929096788000 |
Code Analysis
Risk Score
73/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 Personal Info
🔬 Threat Analysis Report
• Threat: Phishing attempt mimicking WeTransfer file download
• Target: WeTransfer users
• Method: Fake download button leading to potential malware
• Exfil: Unknown, but likely malicious file download
• Indicators: Domain mismatch, unrelated domain content, phishing-like interface
• Risk: HIGH - Potential malware infection or credential theft
🔒 Obfuscation Detected
- atob
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
No screenshot
WeTransfer
https://lvgseguranca.com.br/wp-includes/z836763/1983/9488787...
Jan 06, 2026
No screenshot
WeTransfer
https://lvgseguranca.com.br/wp-includes/z836763/1983/9488787...
Jan 02, 2026
WeTransfer
http://www.guape.com.br/wp-portal/2938672.html
Jan 02, 2026
WeTransfer
http://www.guape.com.br/wp-portal/2938672.html
Jan 02, 2026
No screenshot
WeTransfer
http://www.guape.com.br/wp-portal/2938672.html
Jan 01, 2026
Scan History for lvgseguranca.com.br
Found 10 other scans for this domain
-
https://lvgseguranca.com.br/wp-includes/5678fsghaj...
https://lvgseguranca.com.br/wp-includes/z836763/19...
https://lvgseguranca.com.br/wp-includes/z836763/19...
http://lvgseguranca.com.br/wp-content/we/83773922....
https://lvgseguranca.com.br/wp-content/we/83773922...
https://lvgseguranca.com.br/wp-includes/z836763/32...
https://lvgseguranca.com.br/wp-includes/z836763/19...
https://lvgseguranca.com.br/wp-includes/z836763/32...
http://lvgseguranca.com.br/wp-content/we/83773922....
https://www.lvgseguranca.com.br/wp-icons/we/276373...