EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

Screenshot of login-ledgger-load-io-frame.vercel.app

Detection Info

https://login-ledgger-load-io-frame.vercel.app/
Detected Brand
Ledger
Country
International
Confidence
100%
HTTP Status
200
Report ID
9c2db2d3-df1…
Analyzed
2026-03-18 08:55

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T15732C270A4C6373F829602D5DBA06F5AB3D34242D52A060A96F1924FDEC7FC0DC4EA6D
CONTENT ssdeep
96:T3Ch6qh17Wiuv/GW/ww/GXfYGCCmG1IUndQGkt6/uaT6yd6yY+SdAubfeK2FVeta:TCPuNi0FR+SdAubWK2wtrr83Fx9

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
91956c6d99d1ea92
VISUAL aHash
fb026e7e0e000001
VISUAL dHash
661e98d858005031
VISUAL wHash
ff0efefe2e000019
VISUAL colorHash
30401008080
VISUAL cropResistant
0000000000000204,64d4848082828180,661e98d858005031

Code Analysis

Risk Score 85/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Phishing
• Target: Ledger users
• Method: Impersonation via fake website
• Exfil: Unknown (likely credentials)
• Indicators: Free hosting, brand logo
• Risk: High

🔒 Obfuscation Detected

  • fromCharCode
  • unescape
  • document.write
  • hex_escape
  • unicode_escape
  • base64_strings

📡 API Calls Detected

  • GET
  • POST

📊 Risk Score Breakdown

Total Risk Score
90/100

Contributing Factors

Free Hosting + Brand Logo
The combination of free hosting and the Ledger logo is a very strong indicator of phishing.
Domain Mismatch
The domain is not the official domain.

🔬 Comprehensive Threat Analysis

Threat Type
Banking Credential Harvester
Target
Ledger users (International)
Attack Method
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
  • 16 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand
Ledger
Official Website
https://www.ledger.com/
Fake Service
Ledger hardware wallet services

⚔️ Attack Methodology

Primary Method: Credential Harvesting

The attacker likely aims to create a fake login page that mirrors the official Ledger website. Users are tricked into entering their credentials, which are then harvested by the attacker.

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain
login-ledgger-load-io-frame.vercel.app
Registered
None
Registrar
None
Status
None

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Ledger
https://battery-support-ledger-livelogin-e7.vercel.app/
May 08, 2026
 Screenshot
Ledger
http://www.ledger-login-nanox-helpdesk-cdn-us.vercel.app/
May 08, 2026
 Screenshot
Ledger
https://www.help-liveledger-login-wallet-extens-zeta.vercel....
May 08, 2026
 Screenshot
Ledger
https://battery-support-ledger-livelogin-e7-mu.vercel.app/
May 08, 2026
 Screenshot
Ledger
http://login-ledgger-load-io-queue.vercel.app
May 08, 2026

Scan History for login-ledgger-load-io-frame.vercel.app

Found 7 other scans for this domain

😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.