Phishing Analysis
Detailed analysis of captured phishing page
73
Risk Score
High Risk
Threat Level: ALTO
• Impersonating: WeTransfer
- • Threat: WeTransfer download link phishing
- • Target: WeTransfer users
- • Method: Presents a download prompt for potentially malicious files.
- • Exfil: Possibly harvests IP addresses, could deliver malware
- • Indicators: Domain name mismatch, potential file download (Purchase Order.xls and Company Profile.pdf)
- • Risk: HIGH - Could deliver malware or steal personal information
⚠ Risk Factors
- Brand impersonation of WeTransfer on non-official domain
- Contains 1 form(s) with JavaScript submission
- Credential harvesting indicators detected
- Personal info theft indicators detected
Visual Capture
Detection Info
http://www.guape.com.br/wp-portal/2938672.html
Detected Brand
WeTransfer
Country
International
Confidence
100%
HTTP Status
200
Report ID
f896bcf9-240…
Analyzed
2026-01-02 03:21
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T179724C5A9E2C5C1D830926A7E3DE09CC613DD397DB5901C494FAE8C888D7A64DCCAC9D |
|
CONTENT
ssdeep
|
192:SLwJ7tvTKuuvhAZ44vW398QNJdJdrUWi5cPQ1+LKNon/KNwJORY1xVVCsQufEUo9:Sc/TKusK49SQnp7i5cNLKeARYvWc0 |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e0e00f0fea8f0fe8 |
|
VISUAL
aHash
|
01c0f8f0e0000000 |
|
VISUAL
dHash
|
6b90929096788000 |
|
VISUAL
wHash
|
f1f0f8fef0600000 |
|
VISUAL
colorHash
|
00000000e00 |
|
VISUAL
cropResistant
|
4d14672716680c8e,6b90929096788000 |
Code Analysis
Risk Score
73/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 Personal Info
🔬 Threat Analysis Report
• Threat: WeTransfer download link phishing
• Target: WeTransfer users
• Method: Presents a download prompt for potentially malicious files.
• Exfil: Possibly harvests IP addresses, could deliver malware
• Indicators: Domain name mismatch, potential file download (Purchase Order.xls and Company Profile.pdf)
• Risk: HIGH - Could deliver malware or steal personal information
🔒 Obfuscation Detected
- atob
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
WeTransfer
https://lvgseguranca.com.br/wp-content/we/83773922.html
Jan 07, 2026
No screenshot
WeTransfer
https://lvgseguranca.com.br/wp-includes/z836763/1983/9488787...
Jan 06, 2026
No screenshot
WeTransfer
https://lvgseguranca.com.br/wp-includes/z836763/1983/9488787...
Jan 02, 2026
WeTransfer
http://www.guape.com.br/wp-portal/2938672.html
Jan 02, 2026
No screenshot
WeTransfer
http://www.guape.com.br/wp-portal/2938672.html
Jan 01, 2026
Scan History for www.guape.com.br
Found 2 other scans for this domain