EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Captura Visual

Screenshot of login-ledgger-load-io-gateway.vercel.app

Información de Detección

https://login-ledgger-load-io-gateway.vercel.app/ledger%20form/index.html
Detected Brand
Ledger
Country
International
Confidence
100%
HTTP Status
200
Report ID
d328b929-c28…
Analyzed
2026-03-19 05:15

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T188313074926098264182538A3FF1674AB3828346EB161E4436FA87AD1EF9E5ACC1A4A5
CONTENT ssdeep
24:hRfCLBADenvFZoZJjiMfpRhfl7Xo3VfVXuOvWhwa:TgBIenvEZViMfdftCtXeh1

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
aad7f0a846e303f2
VISUAL aHash
b69e2c3c1101c301
VISUAL dHash
54346869235b9717
VISUAL wHash
befe3c3d1123c301
VISUAL colorHash
30000e00000
VISUAL cropResistant
fbb7ec9974ecd0a0,a2809acccc8c80aa,54346869235b9717

Análisis de Código

Risk Score 85/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Amenaza: Phishing
• Objetivo: Usuarios de Ledger
• Método: Suplantación de identidad a través de un sitio web parecido.
• Exfil: Probablemente roba credenciales y/o intenta instalar malware.
• Indicadores: Alojamiento gratuito, logotipo de la marca, JavaScript ofuscado, envío de formularios.
• Riesgo: Alto

🔒 Obfuscation Detected

  • fromCharCode
  • unescape
  • hex_escape
  • unicode_escape
  • base64_strings

📡 API Calls Detected

  • GET
  • POST

📊 Desglose de Puntuación de Riesgo

Total Risk Score
90/100

Contributing Factors

Free Hosting
The site uses a free hosting service commonly abused by phishers.
Brand Impersonation
The site displays the Ledger brand logo and attempts to replicate the look and feel of the official Ledger site.
Obfuscated Javascript
JavaScript obfuscation is a common tactic used to hide malicious code.
Form Submission
Presence of a form suggests intent to collect data.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza
Banking Credential Harvester
Objetivo
Ledger users (International)
Método de Ataque
Brand impersonation + obfuscated JavaScript
Canal de Exfiltración
Form submission (backend endpoint not detected - likely JavaScript-based)
Evaluación de Riesgo
CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
  • 15 obfuscation techniques

🏢 Análisis de Suplantación de Marca

Impersonated Brand
Ledger
Official Website
https://www.ledger.com/
Fake Service
Ledger Live

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The attacker aims to steal user credentials by creating a website that mimics the legitimate Ledger website. This allows them to collect login details for the actual Ledger service.

Secondary Method: Malware distribution

The site might attempt to redirect the user to a malicious download that installs malware to steal crypto.

🌐 Indicadores de Compromiso de Infraestructura

Domain Information

Domain
login-ledgger-load-io-gateway.vercel.app
Registered
Unknown
Registrar
Unknown
Status
Active

🤖 AI-Extracted Threat Intelligence

Scan History for login-ledgger-load-io-gateway.vercel.app

Found 3 other scans for this domain

😰
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.