SafeMode - Analysis: llcweb3ledger.com

Captura Visual

Información de Detección

https://llcweb3ledger.com/

Detected Brand

Ledger

Country

International

Confianza

100%

HTTP Status

200

Report ID

9e5d522f-32f…

Analyzed

2026-02-05 15:42

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T10523D825B946D82B52EF89D9A473676470FA830AC51345C9FAB8C3F613EEC6CDA33111
CONTENT ssdeep	384:0cpblzfY0/Y0DsebKgdTdTdSROQp6SJ37RxJ2WYsJO5xVZjqTSeFgroUa87pf9:3lzIeb+f37h2vsIx/jmRUf7pF

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	b44aa54a2dfa9395
VISUAL aHash	01e06fc60404ee07
VISUAL dHash	0f848c2e0cadae2e
VISUAL wHash	81e0efc7046cee0f
VISUAL colorHash	30000e00040
VISUAL cropResistant	80feb2baaeb88e86,0f848c2e0cadae2e

Análisis de Código

Risk Score 100/100

Nivel de Amenaza ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info

🔥 Firebase Backend

🔬 Threat Analysis Report

• Amenaza: Phishing por suplantación
• Objetivo: Usuarios de Ledger
• Método: Suplantación de dominio para robar credenciales o criptomonedas.
• Exfil: Potencialmente endpoints de Firebase.
• Indicadores: Coincidencia de dominio, similitud visual.
• Riesgo: Alto

🔐 Credential Harvesting Forms

🔒 Obfuscation Detected

atob
eval
fromCharCode
unescape
document.write
hex_escape
unicode_escape
base64_strings

🎯 Kit Endpoints

/login

📡 API Calls Detected

GET
https://api.cloudinary.com/v1_1/dnu3gqnqh/auto/upload

📤 Form Action Targets

//translate.googleapis.com/translate_voting?client=te

☁️ Cloud Backend

Firebase: llc-web3-ledger.firebaseapp.com

📊 Desglose de Puntuación de Riesgo

Total Risk Score

90/100

Contributing Factors

Domain Spoofing

The domain name closely resembles a legitimate brand (Ledger) but is not the official domain.

Content Mimicry

The website's design and content closely resemble the legitimate Ledger website.

JavaScript Obfuscation

Detected obfuscation techniques (atob, eval, fromCharCode), suggesting malicious code.

Firebase Endpoints

The presence of Firebase endpoints raises concerns regarding potential data exfiltration or tracking.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza

Banking Credential Harvester

Objetivo

Ledger users (International)

Método de Ataque

Brand impersonation + credential harvesting forms + obfuscated JavaScript

Canal de Exfiltración

Firebase Database + HTTP POST to backend

Evaluación de Riesgo

CRITICAL - Automated credential harvesting with Firebase Database + HTTP POST to backend

⚠️ Indicators of Compromise

Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
160 obfuscation techniques

🏢 Análisis de Suplantación de Marca

Impersonated Brand

Ledger

Official Website

https://www.ledger.com/

Fake Service

Ledger Wallet Access / Asset Management

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The attackers are likely attempting to trick users into entering their Ledger wallet credentials or seed phrases on a fake login page that mimics the official Ledger site.

Secondary Method: Malware Injection

The obfuscated JavaScript could contain malicious code designed to steal sensitive information such as private keys, inject keyloggers, or redirect users to other phishing sites.

Target Blockchain

Ethereum, Bitcoin, etc. (Ledger is multi-chain)