Is alexgalho.com.br a scam?

Our automated security review flags alexgalho.com.br as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.

Is alexgalho.com.br safe to use?

No — alexgalho.com.br scored 1/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.

Does alexgalho.com.br have a valid SSL certificate?

Yes. alexgalho.com.br presents a valid TLSv1.3 certificate issued by Let's Encrypt · R12, expiring in 39 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.

How old is the alexgalho.com.br domain?

alexgalho.com.br is 1.8 years old, registered on 8/21/2024 through GODADDY. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.

Has alexgalho.com.br been flagged by antivirus engines?

6 out of 92 antivirus engines in our malware network flagged alexgalho.com.br as malicious or suspicious (2 outright malicious). Even one detection is a meaningful signal.

Is alexgalho.com.br on any phishing or malware blacklists?

No. alexgalho.com.br is not currently listed on the major browser blocklist feeds that modern browsers use.

Where is alexgalho.com.br hosted?

alexgalho.com.br resolves to an IP operated by Unified Layer in BR (usage type: Data Center/Web Hosting/Transit). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.

How often is the alexgalho.com.br report updated?

This is a permanent record of the scan run on June 17, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around alexgalho.com.br have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.

Security Review

Is alexgalho.com.br legit or a scam?

Our verdict:Dangerous· 1/100

SafeSuspiciousDangerous

Fake DocuSign phishing portal using typo-domain clone to harvest login credentials and personal data.

Top reasons

Direct clone of DocuSign login portal with intentional typos ('D0CUSIGN', 'Authencity') to evade detection.Fake browser-security verification flow designed to trick users into entering credentials.No legitimate business registration, contact information, or operational purpose tied to the domain.

alexgalho.com.brScanned 16h ago

Post Facebook

Trust score

DANGEROUS

Heuristics 0·MT 8

Category tags

phishingcredential-harvesting#Phishing#Clone Site#Data Harvester95% MT confidence

Technical red flags (1)

6 of 92 engines flagged

Warning signals (1)

Scam-network signals (35/100)

Positive signals (4)

Not on major blacklists Domain is 1.8 years old Encrypted connection Clean server reputation

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence

6/92

Engines flagged this URL

Domain Age

1.8 years old

Registered Aug 21, 2024

MT Intelligence

Dangerous

Critical likelihood · 95% confidence

DANGEROUS

Brand impersonation — not the real site

2 of 92 antivirus engines flag this page. This page is styled as a brand but is not the brand's real site. Go to the official site directly, and treat any download, login, or payment request here as unsafe.

Website Preview

LIVE RENDER

alexgalho.com.br

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site.

MT Intelligence

Advanced threat intelligence

MT Security Analyst

Critical scam likelihoodengineMT · Guardiantrust8/100

MT AgentLive web researchVisual inspectionNetwork correlation

Confidence

The page is a direct clone of DocuSign's login interface, displaying 'D0CUSIGN REDIRECT' as the title and prompting users to sign in with their email for fake 'document verification' and 'browser security' checks. The typo in the title ('D0' instead of 'DO') and misspelling ('Authencity' instead of 'Authenticity') are deliberate obfuscation tactics common in phishing attacks. Our antivirus network flagged it as phishing (AlphaSOC) and malicious (Webroot), and multiple engines marked it as spam. The domain is 665 days old but shows no legitimate business registration, contact information, or operational purpose — it exists solely to redirect victims to a credential-harvesting form. DocuSign phishing is one of the most prevalent attack vectors globally, and this page follows the exact pattern: lookalike domain, fake portal, fake security messaging, and no legitimate business presence.

Full dossier

Analysis complete

Page Content

The page displays a fake DocuSign Secure Portal login screen with the title 'D0CUSIGN REDIRECT'. It prompts users to 'Sign in as your email' and shows a fake verification flow with messages like 'Your Document is being Verified', 'Checking Browser Security', 'Encrypting Document', and 'Validating Document Signatures'. These are social-engineering tactics designed to make users believe their credentials are needed for a legitimate security process.

Infrastructure

Hosted on IP 162.241.3.19 with valid SSL (Let's Encrypt, 39 days to expiry). The IP has zero abuse reports and a clean reputation score, which is typical for compromised or rented hosting. No external domains are loaded except i.postimg.cc (image hosting). The domain uses standard HTTPS, giving it a veneer of legitimacy.

Domain History

Registered 665 days ago via GoDaddy under the Brazilian .br TLD. The domain name 'alexgalho' matches a real Brazilian technology executive (Alex Galho, CIO/CTO at Vivest), but the .com.br variant has no legitimate business registration, owner details, or public company information. This is a classic domain-squatting / impersonation tactic to exploit name recognition.

Web Reputation

Our antivirus network detected phishing (AlphaSOC) and malicious classification (Webroot). Multiple engines flagged it as spam (alphaMountain.ai, CyRadar, Fortinet, SOCRadar). Browser blocklists remain clean, likely because the domain is not yet widely distributed. A sandbox analysis reference (any.run, PC_010806_2026-04-14) confirms the domain appears in malware-analysis contexts. No scam reports, complaints, or positive reviews were found in public databases, which is expected for a newly-active phishing domain.

Risk Factors

Direct clone of DocuSign login portal with intentional typos ('D0CUSIGN', 'Authencity') to evade detection.
Fake browser-security verification flow designed to trick users into entering credentials.
No legitimate business registration, contact information, or operational purpose tied to the domain.
Flagged as phishing by AlphaSOC and malicious by Webroot; additional spam detections from CyRadar, Fortinet, and SOCRadar.
Domain name impersonates a real Brazilian technology executive (Alex Galho) to exploit name recognition and trust.
DocuSign phishing is one of the most prevalent credential-harvesting attack vectors globally.

Positive Signals

Valid SSL certificate (Let's Encrypt) with 39 days remaining — standard for phishing sites to appear legitimate.
Hosting IP has zero abuse reports, suggesting the attacker is using a legitimate or freshly-rented hosting provider.

AI Recommendation

Do not enter any credentials, email, or personal information on this page. If you received a link to this site in an email or message claiming to be from DocuSign, report it to DocuSign's security team immediately. Always access DocuSign directly by typing docusign.com into your browser, never by clicking links in emails or messages.

Next-gen fraud intelligence

Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for alexgalho.com.br, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age

1.8 yrs

Registered Aug 2024

Business registration

No public record found

Could not match the site to a registered company — common for small sites.

Clone check

Clones docusign.com

The page impersonates a well-known brand's site.

Typosquat check

No look-alike match

The domain doesn't resemble any well-known brand's spelling.

Web mentions

1 scam report

Key findings

7 headline facts from open-web research

Domain alexgalho.com.br is 665 days old and registered under Brazilian .br TLD.
The live page title is "D0CUSIGN REDIRECT" and displays a fake DocuSign Secure Portal asking users to sign in with email for document verification and browser security check.
No mentions of the domain in scam databases, complaint sites (Reclame Aqui), Reddit, or news articles were located.
The domain name matches a real Brazilian technology executive (Alex Galho, CIO/CTO at Vivest, cybersecurity author/speaker) who has a legitimate site at alexgalho.com and LinkedIn presence.
No business registration, company owner, or contact details publicly tied to alexgalho.com.br.
DocuSign phishing is extremely common; attackers frequently use lookalike domains and fake portals to steal credentials.
A sandbox report on any.run references the domain in a malware analysis context (PC_010806_2026-04-14), but no further details available.

Scam reports (1)

Direct quotes from public scam databases, forums, and news.

Page content (scanned)open
"D0CUSIGN REDIRECT - DocuSign Secure Portal. Sign in as your email. Your Document is being Verified and to ensure Authencity and Browser safety,. Checking Browser Security."

Impersonation / typosquat

Clone of docusign.com

Page title and content directly impersonate DocuSign login/verification portal with typos ('D0CUSIGN', 'Authencity') and browser security check, common in phishing redirects.

Research summary

Narrative write-up from our AI analyst, grounded on the facts above

Our research confirmed this domain is a DocuSign phishing clone. The page directly impersonates DocuSign's secure login portal with typos and fake browser-security verification messaging — a textbook credential-harvesting attack. The domain name 'alexgalho' matches a real Brazilian technology executive (Alex Galho, CIO/CTO at Vivest, cybersecurity author and speaker), but the .com.br variant has no legitimate business registration, company owner details, or public records. DocuSign phishing is extremely common; attackers frequently use lookalike domains and fake portals to steal credentials. A sandbox analysis reference (any.run) confirms the domain appears in malware-analysis contexts. No scam reports, complaints, or positive reviews were found in public databases, which is typical for newly-active phishing infrastructure.

Scam Network Intelligence

Cross-site correlation

This site shares signals with a broader cluster

Moderate correlation

Many scams don't operate alone. We correlate third-party scripts, hosting infrastructure, brand-impersonation signals, and the AI evidence package to detect when a site is part of a broader scam network.

Suspicion score

0/100

ClearLowModerateHighCritical

Evidence (1)

Evidence confirms this site is a clone of docusign.com.

Linked signals (1)

Clone of docusign.com

Antivirus Engines

Detection matrix · live

6 engines flagged this URL

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. Each detection is listed below by engine name — even a single hit is a meaningful signal.

2Malicious4Suspicious54Harmless92Engines

of 92

AlphaSOC

Malicious· phishing

Webroot

Malicious· malicious

alphaMountain.ai

Suspicious· spam

CyRadar

Suspicious· spam

Fortinet

Suspicious· spam

SOCRadar

Suspicious· suspicious

6 antivirus engines flagged this URL. Even a single detection is a meaningful signal — treat this site with extra caution and avoid entering credentials, payment info, or downloading any files.

Security Scans

Blacklist Check

Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found

No clear contact details on the page

Emails on site's domainNone

Phone numbersNone

Postal addressNot listed

Linked social profiles0

Signal Summary

Several contact red flags

No contact email found anywhere on the page.
No phone number listed on the page.
No postal address visible on the page.

Domain & Encryption

Domain History

Age1.8 years old

RegistrarGODADDY

RegisteredAug 21, 2024

ExpiresAug 21, 2026

Owner privacyVisible

Encryption Certificate

StatusValid

ProtocolTLSv1.3

IssuerLet's Encrypt · R12

ExpiresJul 27, 2026 (39d)

Self-signedNo

Hosting & Technology

HostingUnified Layer

Server locationBR

Web serverApache

Server Reputation

Abuse Intelligence

Confidence score0%

Reports on file0

ISPUnified Layer

Usage typeData Center/Web Hosting/Transit

Scam-Type Likelihood

1 scam-type patterns detected

Scam-Type Likelihood

1 of 13 categories showed signals

We check every URL against 13 distinct scam categories so the verdict tells you not just how risky the page is, but what kind of risk it carries. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.

Top match: Brand Impersonation

Brand Impersonation

Moderate likelihood

30/100

AI analyst tagged this as a brand / clone-site impersonation.
Clustered with known brand-impersonation infrastructure.

Scam-Type Likelihood

1 of 13 categories showed signals

Top match: Brand Impersonation

Brand Impersonation

Moderate likelihood

30/100

AI analyst tagged this as a brand / clone-site impersonation.
Clustered with known brand-impersonation infrastructure.

Brand impersonation detected

This page is styled as a known brand but is not the brand's real site.

Do not interact with alexgalho.com.br
Do not enter credentials, deposit money, download files, or install browser extensions from this site.
Go to the brand's real site directly
Type the brand name into a search engine or open it from your bookmarks — don't use links from emails, SMS, ads, or social posts, which are the delivery vectors for impersonation.
Never download or sign in here
Even if the page "just" offers a download or a giveaway, impersonation pages frequently deliver malware or set up follow-up phishing. Assume anything accepted from this site is hostile.
Report the impersonation to the brand
Most major brands have a dedicated abuse or anti-phishing reporting channel — reporting helps them take the site down and protects other users.
Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing

Not listedCheck ↗

VirusTotal

ListedCheck ↗

AbuseIPDB

Not listedCheck ↗

Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

i.postimg.cc

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

Our automated security review flags alexgalho.com.br as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.
No — alexgalho.com.br scored 1/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.
Yes. alexgalho.com.br presents a valid TLSv1.3 certificate issued by Let's Encrypt · R12, expiring in 39 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
alexgalho.com.br is 1.8 years old, registered on 8/21/2024 through GODADDY. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
6 out of 92 antivirus engines in our malware network flagged alexgalho.com.br as malicious or suspicious (2 outright malicious). Even one detection is a meaningful signal.
No. alexgalho.com.br is not currently listed on the major browser blocklist feeds that modern browsers use.
alexgalho.com.br resolves to an IP operated by Unified Layer in BR (usage type: Data Center/Web Hosting/Transit). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
This is a permanent record of the scan run on June 17, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around alexgalho.com.br have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.

Final Verdict

Trust / 100

Final Verdict·alexgalho.com.br

DANGEROUS

This is a fake DocuSign login portal designed to steal credentials. The page impersonates DocuSign's secure sign-in with intentional typos ('D0CUSIGN') and a fake browser-security verification flow — a classic phishing redirect pattern.

AV engines

MT passes

Net signals

Scan another URL

Security review completemalwaretips.com/url-scan

Recently scanned

Other Dangerous reports

ledger-home.pages.dev

thesofaairdrop.pages.dev

Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…

Loading comments…

This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.