Phishing Analysis

🔬 Threat Analysis Report

This is a highly probable phishing attempt impersonating Ledger. The suspicious domain name containing 'recovery' strongly suggests the site is attempting to steal cryptocurrency wallet recovery phrases or other sensitive information. Users should avoid entering any information on this website.

🔍 Suspicious Code Patterns

• The links to 'Terms of Service' and 'Privacy Policy' are internal anchors ('#/files/index.html#'), suggesting they don't lead to actual documents and are likely placeholders to make the site look legitimate.
• Domain name: ledger.recovery.5930217.com - Doesn't match the official Ledger domain.
• The domain includes 'recovery,' often a lure in phishing attacks for seed phrases.
• The presence of oddly named CSS files ('UMX9jlahOh2Y.css', '2.css') suggests an attempt to obscure the structure and purpose of the site.
• The domain 'ledger.recovery.5930217.com' is highly suspicious as it does not belong to the official Ledger domain. The official domain is 'ledger.com'.
• Poor quality of privacy policy and terms of service links
• Generic 'Get started' button without clear action.
• The page immediately redirects to 'select.html' upon clicking 'Get started'. This is suspicious behavior, potentially leading to credential harvesting on the next page.
• The URL contains the word 'recovery' which is a common theme in phishing attempts related to crypto and seed phrases.