Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
https://hellp-ledgerrliv-app.webflow.io/
Detected Brand
Ledger
Country
International
Confidence
100%
HTTP Status
200
Report ID
2bee915f-786…
Analyzed
2026-03-06 09:18
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1DDC19413F35C2167079702FCFB6BA0E8C24B849CA29A9A04A1BC721E53D55CDD37E9D8 |
|
CONTENT
ssdeep
|
96:hQXpPG/R1/7SKc4t0wAdSnQ2+FYr5u7vQMuw4Sghzyb4/MRreZCm:hCpPG51js4t0wAfTFSaJe+bJeIm |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c16bd4906bd1947e |
|
VISUAL
aHash
|
7c000000007e7e7e |
|
VISUAL
dHash
|
d8c0c0c0d0d0dcc4 |
|
VISUAL
wHash
|
7e0000607e7e7e7e |
|
VISUAL
colorHash
|
3a000e00000 |
|
VISUAL
cropResistant
|
a280c1899dccc0a2,c03030d098383080,a2808ba3a3a7a781,d8c0c0c0d0d0dcc4 |
Code Analysis
Risk Score
68/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 Banking
🔬 Threat Analysis Report
• Threat: Phishing
• Target: Ledger users
• Method: Impersonation via Webflow.io
• Exfil: Unknown, likely credential harvesting or malware download
• Indicators: Free hosting, Ledger logo, Impersonation
• Risk: HIGH
🔒 Obfuscation Detected
- fromCharCode
📊 Risk Score Breakdown
Total Risk Score
90/100
Contributing Factors
Free Hosting + Brand Logo
Combination of free hosting (Webflow.io) and a Ledger logo strongly indicates phishing.
Impersonation
The website attempts to mimic the official Ledger site.
Obfuscation
Obfuscation detected in javascript.
🔬 Comprehensive Threat Analysis
Threat Type
Banking Credential Harvester
Target
Ledger users (International)
Attack Method
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
⚠️ Indicators of Compromise
- Kit types: Credential Harvester, Banking
- 2 obfuscation techniques
🏢 Brand Impersonation Analysis
Impersonated Brand
Ledger
Official Website
https://www.ledger.com/
Fake Service
Ledger Live Web
⚔️ Attack Methodology
Primary Method: Credential Harvesting
The attacker likely aims to steal Ledger user credentials. The site may redirect to a login page or display a form mimicking the real Ledger interface. User enters credentials, which are harvested by the attacker.
Secondary Method: Malware distribution
The site could redirect to a malware download or execute malicious Javascript that attempts to install malware.
🌐 Infrastructure Indicators of Compromise
Domain Information
Domain
hellp-ledgerrliv-app.webflow.io
Registered
None
Registrar
None
Status
None
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Scan History for hellp-ledgerrliv-app.webflow.io
Found 2 other scans for this domain
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.