Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
Información de Detección
https://hellp-ledgerrliv-app.webflow.io/
Detected Brand
Ledger
Country
International
Confidence
100%
HTTP Status
200
Report ID
2bee915f-786…
Analyzed
2026-03-06 09:18
Hashes de Contenido (Similitud HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1DDC19413F35C2167079702FCFB6BA0E8C24B849CA29A9A04A1BC721E53D55CDD37E9D8 |
|
CONTENT
ssdeep
|
96:hQXpPG/R1/7SKc4t0wAdSnQ2+FYr5u7vQMuw4Sghzyb4/MRreZCm:hCpPG51js4t0wAfTFSaJe+bJeIm |
Hashes Visuales (Similitud de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c16bd4906bd1947e |
|
VISUAL
aHash
|
7c000000007e7e7e |
|
VISUAL
dHash
|
d8c0c0c0d0d0dcc4 |
|
VISUAL
wHash
|
7e0000607e7e7e7e |
|
VISUAL
colorHash
|
3a000e00000 |
|
VISUAL
cropResistant
|
a280c1899dccc0a2,c03030d098383080,a2808ba3a3a7a781,d8c0c0c0d0d0dcc4 |
Análisis de Código
Risk Score
68/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 Banking
🔬 Threat Analysis Report
• Amenaza: Phishing
• Objetivo: Usuarios de Ledger
• Método: Suplantación de identidad a través de Webflow.io
• Exfil: Desconocido, probablemente robo de credenciales o descarga de malware
• Indicadores: Alojamiento gratuito, logo de Ledger, Suplantación de identidad
• Riesgo: ALTO
🔒 Obfuscation Detected
- fromCharCode
📊 Desglose de Puntuación de Riesgo
Total Risk Score
90/100
Contributing Factors
Free Hosting + Brand Logo
Combination of free hosting (Webflow.io) and a Ledger logo strongly indicates phishing.
Impersonation
The website attempts to mimic the official Ledger site.
Obfuscation
Obfuscation detected in javascript.
🔬 Análisis Integral de Amenazas
Tipo de Amenaza
Banking Credential Harvester
Objetivo
Ledger users (International)
Método de Ataque
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Canal de Exfiltración
Form submission (backend endpoint not detected - likely JavaScript-based)
Evaluación de Riesgo
HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
⚠️ Indicators of Compromise
- Kit types: Credential Harvester, Banking
- 2 obfuscation techniques
🏢 Análisis de Suplantación de Marca
Impersonated Brand
Ledger
Official Website
https://www.ledger.com/
Fake Service
Ledger Live Web
⚔️ Metodología de Ataque
Primary Method: Credential Harvesting
The attacker likely aims to steal Ledger user credentials. The site may redirect to a login page or display a form mimicking the real Ledger interface. User enters credentials, which are harvested by the attacker.
Secondary Method: Malware distribution
The site could redirect to a malware download or execute malicious Javascript that attempts to install malware.
🌐 Indicadores de Compromiso de Infraestructura
Domain Information
Domain
hellp-ledgerrliv-app.webflow.io
Registered
None
Registrar
None
Status
None
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Scan History for hellp-ledgerrliv-app.webflow.io
Found 2 other scans for this domain
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.