zerophish / console
Register Sign in
URL THREAT INTELLIGENCE · v0.5.0 · OPERATIONAL

The full anatomy of a phishing site,
one URL at a time.

ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.

scan
100 scans / day · free · typical scan 2–4 s ·
try
Result scan 10d265d3
Scan another →
CACHED Showing previous scan from 13 d ago. Click Reanalyze to run a fresh scan.
SAFE · HIGH CONFIDENCE

No phishing signals detected

brand Viva Sorte+ scan id 10d265d3 duration 18.03s signals 1 failing / 12
Risk score 0.22
22 / 100 · Low risk
Tags
URL anatomy resgatarvivasorte.com
https :// resgatarvivasorte . com /
flagged registered domain path protocol / query
Indicators of compromise 5 · click any row to copy
URL hxxps://resgatarvivasorte[.]com/
Host resgatarvivasorte[.]com
Brand Viva Sorte+
Screenshot https://cdn.zerophish.ai/f9326a63-28ef-4e6d-87b6-9b1706191610.jpg
Scan ID 10d265d3-0ca8-4724-9a5f-aaabef0b470d
Detection signals 1 fail · 0 warn · 6 pass
Brand typo-squat detected
No similar legitimate brand within edit-distance 2
critical
Domain age
Awaiting analysis
high
Threat intel blocklists
Awaiting analysis
critical
×
Credential collection form
Credential collection form detected on the page
high
Visual similarity to known brand
Brand presentation matches the registered owner
high
Favicon impersonation
Favicon matches the registered owner
medium
SSL certificate
Served over HTTPS · valid TLS certificate
low
DNS reputation
Awaiting analysis
medium
showing 8 of 12 ·
Captured page from scan
Captured page
screenshot · captured at scan live page render
Brand impersonation visual + DOM analysis
V
Viva Sorte+
35%
Technical profile resolved at scan time
Host resgatarvivasorte.com
Registered domain resgatarvivasorte.com
Scheme https
Content length 54024 B
HTTP 200 · text/html
JARM 0d39b39b30d30d30320320320320127c6ef00d2ce6e8ccd6c7d8fc7b092b31
Redirect hops 1
Analyst summary AI-generated
Initial scan heuristic + LLM

Verdict: likely legitimate (not enough phishing indicators)

The page presents itself as “Viva Sorte+ — Login” and says “Identifique-se usando seu CPF”. It shows a single input/CTA flow labeled CPF“Continuar”, plus footer disclosures about a capitalização product issued by “VIA CAPITALIZAÇÃO S/A.” and mentions Susep and the beneficiary institute.

Suspicious elements checked

  • Credential/PII collection form present: The form explicitly requests CPF (label “CPF” and the “loginForm” container). This is sensitive personal data collection, but there is no password field in the provided HTML.
  • Security/Google warning text: The page includes “Este site é protegido pelo Google reCAPTCHA…”. This is commonly present on legitimate sites and, by itself, is not proof of phishing.
  • Brand/URL relationship: The URL is resgatarvivasorte.com and the branding is Viva Sorte+. The domain appears to be aligned with the brand name (no clear mismatch like PayPal on a random domain). No evidence of an unrelated major brand impersonation is shown.
  • No visible urgency/scare tactics: The HTML/OCR do not contain classic phishing prompts like “account suspended”, “unauthorized login”, “final notice”, or “immediate payment required”.
  • No suspicious redirect patterns shown: The provided HTML is static and does not show links like “verify now” to third-party domains or obfuscated redirect URLs.

Why phishing is marked low

While it does collect CPF, the surrounding content contains substantial, specific regulatory/product disclosures consistent with a legitimate service page, and the branding matches the domain context. With the evidence provided, there are no strong phishing hallmarks (credential harvesting for passwords, fake security lockouts, mismatched brand/URL, or urgent account threats).

Confidence

Evidence suggests legitimacy, but because the page does collect CPF and the HTML is simplified, a definitive determination would require checking the backend form action/requests and domain registration history. Hence, phishing risk is low-to-moderate rather than zero.